Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit.win32.tdss.d


  • This topic is locked This topic is locked
15 replies to this topic

#1 hideousvirus

hideousvirus

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 13 April 2010 - 08:17 PM

Hi,

I became suspicious when my computer crashed three times during normal use yesterday and my fears were confirmed when google links started getting hijacked. I have KIS 2010 which tells me it has detected "virus Rootkit.Win32.TDSS.d" in "System Memory." If I try to disinfect with KIS I get two windows pop-ups saying "access denied" to various dlls and KIS reports "cannot be disinfected; skipped by user."

I have tried running TDSSKiller (with and without renaming it) and it tells me
"Driver "atapi" infected by TDSS rootkit!
File "C:\Windows\system32\drivers\atapi.sys" infected by TDSS rootkit ... will be cured on net reboot"

after pressing Y to reboot (and rebooting) the rootkit remains.

I previously tried running goored which placed nothing in the "GooredFix Backups" folder except "reboot.txt"

I have another error where I cannot open any programs after a little while. I receive the message (in a pop-up dialogue box) "C:\.... is not a valid Win32 application."


DDS (Ver_10-03-17.01) - NTFSx86
Run by Iguana at 18:46:06.72 on Tue 04/13/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_15
Windows Windows Vistaâ„¢ Extreme Edition R2 6.0.6002.2.1252.1.1033.18.3066.1723 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\ICW\bin\cygrunsrv.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Program Files\ICW\bin\sshd.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Hotkey\PowerBiosServer.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hotkey\HotKey.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Startup Faster\sfAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Flock\flock.exe
C:\Users\Iguana\Desktop\virus\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = about:blank
mWindow Title = Windows Internet Explorer provided by Comcast
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: SYSTRAN Toolbar: {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [StartupFaster] "c:\program files\startup faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
StartupFolder: c:\users\iguana\appdata\roaming\microsoft\windows\start menu\programs\startup\MagicDisc.lnk.disabled
StartupFolder: c:\users\iguana\appdata\roaming\micros~1\windows\startm~1\programs\startup\startu~1\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\iguana\appdata\roaming\microsoft\windows\start menu\programs\startup\startupfaster\MagicDisc.lnk.disabled
StartupFolder: c:\users\iguana\appdata\roaming\microsoft\windows\start menu\programs\startup\startupfaster\StartupFaster.ini
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{cc15a5fc-b6d3-4a2d-8a26-d8f2702a3c00}\IcoUltraMon.ico
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\startupfaster\StartupFaster.ini
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startu~1\ultramon.lnk - c:\windows\installer\{cc15a5fc-b6d3-4a2d-8a26-d8f2702a3c00}\IcoUltraMon.ico
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\startupfaster\UltraMon.lnk.disabled
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: SYSTRAN Lookup - c:\program files\systran\6\\GUIres.dll/lookup.js
IE: SYSTRAN Translate - c:\program files\systran\6\\GUIres.dll/translate.js
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
STS: AveVistaBackgroundFolder Class: {73526e5a-fd53-4be7-b5e2-d3c89d7413dc} - c:\windows\system32\branding\folderbg\VistaFolderBackground.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\progra~1\stardock\object~1\desksc~1\deskscapes.dll
STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - c:\progra~1\stardock\object~1\desksc~1\DesktopControlPanel.dll
STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - c:\progra~1\stardock\object~1\desksc~1\DreamControl.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli psqlpwd
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\iguana\appdata\roaming\mozilla\firefox\profiles\23krmvs4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - plugin: c:\users\iguana\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\iguana\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\iguana\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-5-15 21008]
R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\drivers\nm3.sys [2009-4-14 33624]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-5-25 303376]
R2 OpenSSHServer;Openssh SSHD;c:\program files\icw\bin\cygrunsrv.exe [2009-5-13 68096]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-3-13 65536]
R2 PowerBiosServer;PowerBiosServer;c:\program files\hotkey\PowerBiosServer.exe [2009-6-30 36864]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-6 1153368]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-9-14 10496]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
R3 DsAudioDevice_310;DsAudioDevice_310;c:\windows\system32\drivers\DsAudioDevice_310.sys [2009-9-7 16640]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-6-30 84240]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2009-6-30 240128]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-11-11 30192]
S3 IAMT03;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMT03.sys [2008-11-26 40848]
S3 IAMTV;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTV.sys [2008-11-26 38288]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-4-4 38272]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2007-4-4 38272]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-4-4 21376]
S4 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [2008-11-26 93056]
S4 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\drivers\hcw99rc.sys [2008-11-26 10368]
S4 hptmv;hptmv;c:\windows\system32\drivers\hptmv.sys [2008-11-26 71968]
S4 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [2008-11-26 47496]
S4 ioatdma;Intel® QuickData Technology Device;c:\windows\system32\drivers\ioatdma.sys [2008-11-26 36480]
S4 iSSetup;Intel® PRO/1000 iSCSI Setup Driver;c:\windows\system32\drivers\iSSetup.sys [2008-11-26 75672]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2008-11-26 104320]
S4 m5288;m5288;c:\windows\system32\drivers\m5288.sys [2008-11-26 211072]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2008-11-26 52480]
S4 MODRC;WinFast TV Dongle With Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2008-11-26 13056]
S4 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-11-26 137728]
S4 NBv834x;Killer NIC Gaming Adapter Service;c:\windows\system32\drivers\NBv834x.sys [2008-11-26 104992]
S4 rr172x;rr172x;c:\windows\system32\drivers\rr172x.sys [2008-11-26 90400]
S4 rr2522;rr2522;c:\windows\system32\drivers\rr2522.sys [2008-11-26 112160]
S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2008-11-26 110128]
S4 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [2008-11-26 68912]
S4 SI3124;SiI-3124 SATALink Controller;c:\windows\system32\drivers\SI3124.sys [2008-11-26 76208]
S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\system32\drivers\Si3124r5.sys [2008-11-26 207152]
S4 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2008-11-26 210736]
S4 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2008-11-26 20632]
S4 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2008-11-26 56984]
S4 WinTVCIUSB;Hauppauge WinTV-CI USB (11xxx);c:\windows\system32\drivers\hcw11.sys [2008-11-26 91136]

=============== Created Last 30 ================

2010-04-13 21:33:19 176 ----a-w- c:\users\iguana\defogger_reenable
2010-04-07 02:46:43 0 d-----w- c:\program files\Firaxis Games
2010-04-04 02:01:03 0 d-----w- c:\windows\.jagex_cache_32
2010-03-27 07:23:43 0 d-----w- c:\users\iguana\appdata\roaming\IrfanView
2010-03-23 19:15:04 0 d-----w- c:\program files\QS
2010-03-18 17:05:37 0 d-----w- c:\program files\EditPadPro
2010-03-18 04:12:55 0 d-----w- c:\program files\SystemRequirementsLab
2010-03-18 04:11:10 0 d-----w- C:\NVIDIA

==================== Find3M ====================

2010-04-13 23:43:16 183782 ----a-w- c:\programdata\nvModes.dat
2010-04-13 23:19:06 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-14 06:17:00 1770 ----a-w- c:\users\iguana\appdata\roaming\Profile0.dat
2010-03-12 16:26:36 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-07 08:22:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-05 07:54:07 86016 ----a-w- c:\windows\inf\infpub.dat
2010-02-05 07:54:07 239616 ----a-w- c:\windows\inf\infstrng.dat
2010-02-05 07:54:07 143360 ----a-w- c:\windows\inf\infstor.dat
2009-08-02 05:36:58 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:41:56 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-26 15:01:29 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-26 15:00:24 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-26 15:00:24 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-26 15:00:24 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2008-11-26 06:14:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:48:36.85 ===============



Also, I blue screen every time I run gmer. When I ran gmer in safe mode once, it worked for about 35 minutes before blue screening, too.

Attached Files


Edited by hideousvirus, 13 April 2010 - 08:35 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:35 PM

Posted 13 April 2010 - 09:20 PM

Hello hideousvirus,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

1.
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy

2.
We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

3.
Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

4.
Download and Run RKill
    Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

5.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Things to include in your next reply:
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 hideousvirus

hideousvirus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 13 April 2010 - 11:24 PM

Hello fireman4it, thanks for handling my case.

1. Spybot S&D Resident, SDHelper, and Teatimer were already all unchecked. I checked and unchecked them all again.

2. Okay, real-time protection disabled.

4. I paused KIS and ran rkill.pif
Processes terminated by Rkill or while it was running:


C:\Users\Iguana\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\DllHost.exe
C:\Users\Iguana\Desktop\virus\rkill.pif
(all of my antivirus tools are in the folder desktop\virus)

5. KIS still disabled, I am about to run combofix.
-Not prompted to install MWRC
-Said "no" to updating combofix
Ran combofix, but computer froze after printing out the log.txt
Ran it again in safe mode and I have the log.txt attached.
Neither time did combofix restart my computer; I am still getting link redirects--I have not tested the other symptoms.


Can I replace my atapi.sys with a clean version? Where would I find a safe one? I don't have my Windows recovery/install disk with me; I do have a linux partition which can access my windows filesystem and I can also get BartPE.

Attached Files

  • Attached File  log.txt   26.74KB   10 downloads

Edited by hideousvirus, 14 April 2010 - 12:52 PM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:35 PM

Posted 14 April 2010 - 05:44 PM

Hello,

Lets use a little tool we have to find other copies of atapi.sys so we can replace that infected one.
Don't try and replace this file urself.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :file
    atapi.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 hideousvirus

hideousvirus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 14 April 2010 - 07:03 PM

I've actually already attempted (this morning) a replacement from my linux partition (after backing up the old atapi.sys). I used a copy of atapi.sys from another computer also running vista and the computer booted normally, but the rootkit remains. I only replaced two of the five atapi.sys I had found; the one in windows/system32/drivers and one in windows/erndt/cache. When I was doing this earlier I found three other copies in windows/system32/driverstore/...

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:35 PM

Posted 14 April 2010 - 08:30 PM

Please post the log I requested, so I can further assist you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 hideousvirus

hideousvirus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 14 April 2010 - 08:48 PM

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:47 on 14/04/2010 by Iguana (Administrator - Elevation successful)

========== file ==========

atapi.sys - Unable to find/read file.

-=End Of File=-

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:35 PM

Posted 14 April 2010 - 09:07 PM

Hello,

Ok lets try this tool to find a suitable replacement for the infected file


    1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 hideousvirus

hideousvirus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 15 April 2010 - 01:07 AM

triple post

Edited by hideousvirus, 15 April 2010 - 01:12 AM.


#10 hideousvirus

hideousvirus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 15 April 2010 - 01:10 AM

triple post

Edited by hideousvirus, 15 April 2010 - 01:12 AM.


#11 hideousvirus

hideousvirus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 15 April 2010 - 01:10 AM

OTL logfile created on: 4/14/2010 23:14:17 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Iguana\Desktop\virus
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.20 Gb Total Space | 6.97 Gb Free Space | 2.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADIK0
Current User Name: Iguana
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/14 23:13:49 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Iguana\Desktop\virus\OTL.exe
PRC - [2010/04/02 19:13:34 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/11 20:52:32 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/10/01 18:15:58 | 000,372,750 | ---- | M] () -- C:\Program Files\ICW\Bin\sshd.exe
PRC - [2009/05/13 19:22:32 | 000,068,096 | ---- | M] () -- C:\Program Files\ICW\Bin\cygrunsrv.exe
PRC - [2009/04/22 12:59:28 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/26 23:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/03/26 23:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/03/26 23:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/03/13 05:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/03/13 05:48:48 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/29 03:38:26 | 000,731,648 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMon.exe
PRC - [2008/09/29 02:02:38 | 000,307,200 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe
PRC - [2008/09/07 19:36:06 | 000,494,304 | ---- | M] (URSoft,Inc) -- C:\Program Files\Startup Faster\SFAgent.exe
PRC - [2008/07/25 15:56:44 | 001,351,680 | ---- | M] () -- C:\Program Files\Hotkey\Hotkey.exe
PRC - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Hotkey\PowerBiosServer.exe
PRC - [2008/07/04 02:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008/05/01 23:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/30 19:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 19:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/06/11 17:01:24 | 000,086,016 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/02/22 15:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (SafeList) ==========

MOD - [2010/04/14 23:13:49 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Iguana\Desktop\virus\OTL.exe
MOD - [2009/06/30 13:55:43 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll
MOD - [2009/04/11 01:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009/03/29 23:42:16 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcr80.dll
MOD - [2009/03/29 23:42:16 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcp80.dll
MOD - [2008/09/29 00:35:20 | 000,057,856 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll
MOD - [2008/05/01 23:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008/04/05 05:04:04 | 000,090,112 | ---- | M] (Andreas Verhoeven) -- C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2007/08/21 17:30:40 | 000,087,488 | ---- | M] (Stardock) -- C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PnkBstrA)
SRV - [2009/11/11 20:52:32 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223)
SRV - [2009/10/08 10:03:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/25 05:26:40 | 000,303,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009/05/13 19:22:32 | 000,068,096 | ---- | M] () [Auto | Running] -- C:\Program Files\ICW\Bin\cygrunsrv.exe -- (OpenSSHServer)
SRV - [2009/03/26 23:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/03/26 23:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/03/26 23:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/03/13 05:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/01 11:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2008/04/30 19:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 19:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/20 21:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/06/11 17:01:24 | 000,086,016 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/02/22 15:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028

FF - HKLM\software\mozilla\Flock 2.5.2\extensions\\Components: C:\Program Files\Flock\components [2009/10/19 02:15:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.2\extensions\\Plugins: C:\Program Files\Flock\plugins [2009/10/19 02:13:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 19:13:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 19:13:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/07/26 09:58:43 | 000,000,000 | ---D | M]

[2009/10/19 02:15:03 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Extensions
[2009/10/19 02:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010/04/14 01:20:14 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions
[2009/12/08 00:19:08 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/06/30 15:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/07/04 09:37:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/17 14:12:31 | 000,000,000 | ---D | M] (Integrated Gmail) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2009/09/29 14:46:16 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2009/11/06 11:50:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/07 22:03:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/12 15:03:51 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/01/21 01:07:19 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/04/12 00:37:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/01 11:31:37 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/04/13 13:43:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}-trash
[2010/01/30 20:01:43 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\bettergcal@ginatrapani.org
[2010/03/04 07:17:32 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\chromifox@altmusictv.com
[2010/02/23 09:47:30 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\foxyproxy@eric.h.jung
[2010/01/30 20:01:43 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\GoogCal@bitdrip.com
[2009/11/03 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\nosquint@urandom.ca
[2010/01/07 22:03:50 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\piclens@cooliris.com
[2010/03/20 23:08:00 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\SkipScreen@SkipScreen
[2010/01/18 21:33:01 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\5wcyijpa.Default User\extensions
[2009/07/12 04:11:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\5wcyijpa.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/13 04:03:09 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\5wcyijpa.Default User\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/09/17 14:03:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\5wcyijpa.Default User\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/22 11:54:26 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\5wcyijpa.Default User\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/04/14 01:20:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/08 21:19:11 | 000,000,000 | ---D | M] () -- C:\Program Files\Mozilla Firefox\extensions\{87653ca5-8650-40b7-9d14-8b0b225aded2}
[2009/07/26 10:00:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2010/01/06 19:42:13 | 000,371,844 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12819 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [StartupFaster] C:\Program Files\Startup Faster\startuploader.exe (URSoft,Inc)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Iguana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk.disabled ()
O4 - Startup: C:\Users\Iguana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartupFaster [2010/01/06 21:37:44 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: SYSTRAN Lookup - C:\Program Files\SYSTRAN\6\GUIres.dll ()
O8 - Extra context menu item: SYSTRAN Translate - C:\Program Files\SYSTRAN\6\GUIres.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O22 - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll (Andreas Verhoeven)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Iguana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Iguana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:32:53 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/14 00:52:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/14 00:51:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/14 00:32:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/14 00:32:49 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/04/13 23:26:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/13 23:26:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/13 23:26:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/13 23:26:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/13 23:25:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/13 16:32:51 | 000,000,000 | ---D | C] -- C:\Users\Iguana\Desktop\virus
[2010/04/13 00:07:06 | 000,000,000 | ---D | C] -- C:\Users\Iguana\Desktop\GooredFix Backups
[2010/04/07 00:10:55 | 000,000,000 | ---D | C] -- C:\Users\Iguana\Documents\My Games
[2010/04/07 00:10:55 | 000,000,000 | ---D | C] -- C:\Users\Iguana\AppData\Local\My Games
[2010/04/06 21:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Firaxis Games
[2010/04/03 21:01:03 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/14 23:18:10 | 008,126,464 | -HS- | M] () -- C:\Users\Iguana\NTUSER.DAT
[2010/04/14 23:13:23 | 000,183,806 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/04/14 23:13:23 | 000,183,806 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/04/14 23:13:11 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-304153227-2973906055-2797921509-1000UA.job
[2010/04/14 23:13:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/14 20:48:42 | 000,712,586 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/14 20:48:42 | 000,610,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/14 20:48:42 | 000,107,430 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/14 20:44:18 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/14 20:44:18 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/14 20:44:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/14 14:42:42 | 002,998,835 | -H-- | M] () -- C:\Users\Iguana\AppData\Local\IconCache.db
[2010/04/14 14:39:09 | 000,002,399 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2010/04/14 13:06:47 | 000,524,288 | -HS- | M] () -- C:\Users\Iguana\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/04/14 13:06:47 | 000,065,536 | -HS- | M] () -- C:\Users\Iguana\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/04/14 12:43:41 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-304153227-2973906055-2797921509-1000Core.job
[2010/04/14 00:49:25 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/13 18:32:40 | 000,001,356 | ---- | M] () -- C:\Users\Iguana\AppData\Local\d3d9caps.dat
[2010/04/13 18:15:50 | 000,143,360 | ---- | M] () -- C:\Users\Iguana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/13 16:33:35 | 000,000,176 | ---- | M] () -- C:\Users\Iguana\defogger_reenable
[2010/04/13 00:08:36 | 000,001,128 | -HS- | M] () -- C:\Users\Iguana\AppData\Local\8xRhp4r1
[2010/04/13 00:08:36 | 000,001,128 | -HS- | M] () -- C:\ProgramData\8xRhp4r1
[2010/04/07 11:07:40 | 000,001,152 | ---- | M] () -- C:\Users\Iguana\Desktop\Civ4BeyondSword.exe - Shortcut.lnk
[2010/04/06 23:04:26 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4 - Warlords.lnk
[2010/04/06 22:56:26 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4.lnk
[2010/04/01 11:30:17 | 000,104,556 | ---- | M] () -- C:\Users\Iguana\Desktop\buydotcom Mamba Invoice.pdf
[2010/04/01 11:28:07 | 000,242,034 | ---- | M] () -- C:\Users\Iguana\Desktop\buydotcom Mamba Invoice.xps
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/13 23:26:53 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/13 23:26:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/13 23:26:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/13 23:26:53 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/13 23:26:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/13 16:33:19 | 000,000,176 | ---- | C] () -- C:\Users\Iguana\defogger_reenable
[2010/04/13 00:08:36 | 000,001,128 | -HS- | C] () -- C:\Users\Iguana\AppData\Local\8xRhp4r1
[2010/04/13 00:08:36 | 000,001,128 | -HS- | C] () -- C:\ProgramData\8xRhp4r1
[2010/04/07 11:07:40 | 000,001,152 | ---- | C] () -- C:\Users\Iguana\Desktop\Civ4BeyondSword.exe - Shortcut.lnk
[2010/04/06 22:26:59 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4 - Warlords.lnk
[2010/04/06 21:47:48 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4.lnk
[2010/04/01 11:30:17 | 000,104,556 | ---- | C] () -- C:\Users\Iguana\Desktop\buydotcom Mamba Invoice.pdf
[2010/04/01 11:28:03 | 000,242,034 | ---- | C] () -- C:\Users\Iguana\Desktop\buydotcom Mamba Invoice.xps
[2010/02/24 00:08:08 | 000,000,218 | ---- | C] () -- C:\Users\Iguana\.recently-used.xbel
[2010/02/22 18:07:17 | 000,000,040 | ---- | C] () -- C:\Windows\System32\Sx5363.ini
[2010/02/04 20:37:38 | 000,000,036 | ---- | C] () -- C:\Users\Iguana\.org.eclipse.epp.usagedata.recording.userId
[2010/02/04 07:15:52 | 000,000,600 | ---- | C] () -- C:\Users\Iguana\AppData\Local\PUTTY.RND
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/10/08 21:08:14 | 000,000,094 | ---- | C] () -- C:\Users\Iguana\AppData\Local\fusioncache.dat
[2009/10/08 20:59:07 | 000,878,080 | ---- | C] () -- C:\Windows\System32\iconv.dll
[2009/10/08 20:59:07 | 000,721,920 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2009/10/08 20:59:07 | 000,150,016 | ---- | C] () -- C:\Windows\System32\libxslt.dll
[2009/10/08 20:59:07 | 000,051,200 | ---- | C] () -- C:\Windows\System32\libexslt.dll
[2009/10/05 00:00:12 | 000,004,985 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009/09/10 01:31:19 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009/09/07 18:15:43 | 557,817,187 | ---- | C] () -- C:\Users\Iguana\ph.!ut
[2009/08/07 00:26:53 | 000,000,776 | ---- | C] () -- C:\Users\Iguana\AppData\Roaming\AtomicAlarmClock.ini
[2009/08/07 00:26:53 | 000,000,532 | ---- | C] () -- C:\Users\Iguana\AppData\Roaming\alarms.ini
[2009/08/01 23:33:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/29 12:00:47 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/07/29 12:00:45 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/07/23 23:10:31 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/07/23 23:10:31 | 000,022,328 | ---- | C] () -- C:\Users\Iguana\AppData\Roaming\PnkBstrK.sys
[2009/07/10 19:43:20 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/04 03:15:23 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/07/03 23:37:56 | 000,001,770 | ---- | C] () -- C:\Users\Iguana\AppData\Roaming\Profile0.dat
[2009/07/03 19:26:03 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll
[2009/06/30 14:42:43 | 000,000,612 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/30 14:36:29 | 000,143,360 | ---- | C] () -- C:\Users\Iguana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/30 14:28:40 | 000,183,806 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/30 14:28:38 | 000,183,806 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/30 14:11:10 | 000,000,188 | R--- | C] () -- C:\Windows\OEM.ini
[2009/06/30 14:11:09 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/06/30 14:05:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/06/30 13:59:55 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/06/30 13:59:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/06/30 13:59:54 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/06/30 13:59:54 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/06/30 13:59:53 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/06/30 13:59:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/06/30 13:59:52 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/06/30 13:55:34 | 000,001,356 | ---- | C] () -- C:\Users\Iguana\AppData\Local\d3d9caps.dat
[2009/06/30 13:55:33 | 008,126,464 | -HS- | C] () -- C:\Users\Iguana\NTUSER.DAT
[2009/06/30 13:55:33 | 000,524,288 | -HS- | C] () -- C:\Users\Iguana\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2009/06/30 13:55:33 | 000,524,288 | -HS- | C] () -- C:\Users\Iguana\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2009/06/30 13:55:33 | 000,262,144 | -H-- | C] () -- C:\Users\Iguana\ntuser.dat.LOG2
[2009/06/30 13:55:33 | 000,262,144 | -H-- | C] () -- C:\Users\Iguana\ntuser.dat.LOG1
[2009/06/30 13:55:33 | 000,065,536 | -HS- | C] () -- C:\Users\Iguana\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2009/06/30 13:55:33 | 000,000,020 | -HS- | C] () -- C:\Users\Iguana\ntuser.ini
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/11/26 05:11:37 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CmUCRRm.Dll
[2008/01/20 21:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/07/19 12:50:12 | 000,104,520 | ---- | C] () -- C:\Windows\System32\OSD.dll
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\Windows\System32\FTDIUN2K.INI
[2002/03/01 14:43:34 | 000,028,008 | ---- | C] () -- C:\Windows\System32\SUSUSB.SYS
[2001/12/03 16:50:58 | 000,147,456 | R--- | C] () -- C:\Windows\System32\LTTLS13N.DLL
[2001/12/03 16:50:20 | 000,708,608 | R--- | C] () -- C:\Windows\System32\LTCRY13N.DLL
[2000/07/07 06:49:30 | 000,069,120 | R--- | C] () -- C:\Windows\System32\LTDLL.DLL
[2000/04/12 16:28:12 | 000,118,784 | R--- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2000/04/12 16:24:10 | 000,338,944 | R--- | C] () -- C:\Windows\System32\LFFPX7.DLL

========== LOP Check ==========

[2009/11/12 20:56:55 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\.kde
[2010/04/13 17:08:03 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\.purple
[2009/12/31 15:58:05 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Ableton
[2009/09/04 14:16:44 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\cYo
[2009/12/09 03:12:49 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\DAEMON Tools
[2009/12/09 03:36:12 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\DAEMON Tools Lite
[2009/07/03 19:28:25 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\DAEMON Tools Pro
[2009/10/19 02:15:00 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Flock
[2010/03/29 23:48:05 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\gtk-2.0
[2010/03/27 02:23:43 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\IrfanView
[2009/11/20 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\JAM Software
[2009/12/11 08:53:06 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\JGsoft
[2009/11/12 20:45:47 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\KDE
[2009/07/23 06:29:34 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Leadertech
[2009/09/15 16:09:58 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\MPEG Streamclip
[2010/02/07 22:59:35 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\MyPhoneExplorer
[2009/07/31 18:22:53 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\NetMedia Providers
[2009/11/19 14:25:50 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Notepad++
[2009/09/19 20:28:11 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\ooVoo Details
[2009/10/19 00:46:10 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Opera
[2009/07/01 04:13:48 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Protector Suite
[2009/07/31 18:22:53 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Publish Providers
[2009/07/31 18:22:52 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Sony
[2010/03/17 23:12:58 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\SystemRequirementsLab
[2009/10/08 21:08:34 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\SYSTRAN
[2009/07/29 13:48:22 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Ubisoft
[2009/09/13 05:05:11 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Uniblue
[2009/09/13 06:07:09 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\URSoft
[2010/04/12 17:09:16 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\uTorrent
[2009/11/07 02:16:38 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Vista Start Menu
[2010/03/18 12:09:44 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\XnView
[2010/04/14 13:06:23 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 01:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/09/29 16:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/29 16:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007/09/29 16:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2008/04/21 02:51:16 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\Windows\System32\drivers\viamraid.sys
[2008/04/21 02:51:16 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_119153b1\viamraid.sys

< MD5 for: VIPRT.SYS >
[2008/04/15 09:08:30 | 000,056,984 | ---- | M] (VIA Technologies, Inc.) MD5=9F9EE4DDDF11B9D6C47D0339703D200C -- C:\Windows\System32\drivers\ViPrt.sys
[2008/04/15 09:08:30 | 000,056,984 | ---- | M] (VIA Technologies, Inc.) MD5=9F9EE4DDDF11B9D6C47D0339703D200C -- C:\Windows\System32\DriverStore\FileRepository\viprt.inf_b77203c7\ViPrt.sys

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:5F7539FF
< End of report >


OTL Extras logfile created on: 4/14/2010 23:14:17 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Iguana\Desktop\virus
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.20 Gb Total Space | 6.97 Gb Free Space | 2.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADIK0
Current User Name: Iguana
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-304153227-2973906055-2797921509-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07438EED-3F42-472A-BBAA-CCEE4BA43A86}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{197C6353-51F7-4D22-8FA6-BD340A26A9F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{29BADE3E-3C2A-45E9-8460-2A7D7E5CE006}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{2A725BFA-8FF4-46EA-B160-14362B17ADB8}" = lport=139 | protocol=6 | dir=in | app=system |
"{2D72C3DA-2201-448A-835D-87623FD78D49}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{2E1F3E29-ABE0-49F5-9AD6-53315C327983}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2F17EADF-1A53-42D5-B6AE-B04D14F76EFC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{311B0F62-8542-48EF-A07C-B54370C086F0}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{3EAC6405-B05A-4432-AEE4-120DAA66F4CC}" = rport=138 | protocol=17 | dir=out | app=system |
"{43058E29-AAD1-4247-9DE0-DB04C4317B72}" = lport=10243 | protocol=6 | dir=in | app=system |
"{464045A8-9CC9-44EA-A472-85FD29BC791F}" = rport=445 | protocol=6 | dir=out | app=system |
"{48D9F794-A128-4E47-AD50-2565901D4A71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B6FFEA4-A9AB-4922-B332-E047166BFAE2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4E232654-E380-498F-B5A4-FFD9EB51F2F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53658DB0-49A6-494A-A02D-7C781AAC944F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5965C1D8-179C-47A5-9E75-D654A0D57AC7}" = rport=139 | protocol=6 | dir=out | app=system |
"{6370438F-87B5-49E0-9B89-B05CFD287F7E}" = lport=445 | protocol=6 | dir=in | app=system |
"{6533563B-874A-4D28-AFEF-73EF93EC76E0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68BCC360-86DE-4AB1-8FDE-AA8565D3B99D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{70511FA9-473D-4817-B55C-2CEC1F9DA34E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7EC8702A-C09C-4D00-9ABB-669E096D29F6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{846A9FB7-2497-4E88-92DE-0DB65C59C931}" = lport=138 | protocol=17 | dir=in | app=system |
"{855DF89C-5B60-4680-9F60-BA96AF9502EC}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{85EE910D-F09D-41F4-AA3F-96CEACEFEDCC}" = rport=137 | protocol=17 | dir=out | app=system |
"{91B0886D-9E79-4B56-ABCB-15E726CCC6F1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9DEDBCB8-A9DF-4DDB-A12A-F168B9B5F0F6}" = rport=2869 | protocol=6 | dir=out | app=system |
"{A3D3FC85-0149-49CF-8BEC-2FFB6DC53715}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A45A9606-4F9B-437E-96DB-D5ACC3E6CD02}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{A8C0E34E-2FCA-42AA-B030-A3D1FB1FB382}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AABDCC6F-D7D9-434C-A932-843CD4904020}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{AB645920-8AB6-4433-8B1D-D237D6C28F33}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B0C941C0-EF02-46FC-83D6-1C392EF083CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B1DA9033-A1DE-4FC2-9B3D-EC766E7A75E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B4941AC0-BE86-49BC-8CE4-0BAD0F224114}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B5E2D798-B3B0-4723-8F5D-28B3544C039D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B99AB513-E941-4FB3-942C-EB2AD9C246A1}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{C42559CB-1F1C-4360-9740-6A95FC08F853}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{C614FF7F-796B-42FE-BEE7-171E2A10A54D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C65F810A-85C8-478D-B6EC-13EEAE8AB8EA}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{CC31D745-A1E9-4F6B-9C64-C81115673292}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0C6B290-2CC6-41F8-B4D6-BCAE7F90B279}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D469163F-DC49-4202-83C4-99D30FA131AD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D5713766-A089-4D95-8299-5CCCA47F556B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB8A9C3A-DF5A-49FA-BCDB-766FCBFE2C34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ECF55A35-4FF3-4F9D-8738-730E66BEC5BA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F506C75B-D7D6-4001-A566-F80D5D003095}" = lport=137 | protocol=17 | dir=in | app=system |
"{F8A6344C-94E9-47CE-9A21-4496E928743D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BAADFA-B1E5-4C25-932A-2EB0D6A1F34B}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{0228F08E-B053-441A-B8CB-C184FEB4F892}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0512C012-E261-4FE5-9839-825ACDC54792}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0FC477A1-07D6-429A-AB31-1A7357C8A239}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{0FF4DD86-64CB-4DD6-87B4-0EBE1AB3B7F6}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{128B90A0-AC6E-46C7-9ECE-C315DAF9B383}" = protocol=6 | dir=in | app=c:\users\iguana\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{1413A23B-3B3E-4266-826D-188BDEE72AB4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{14EC21A1-11E4-4F46-A7F4-92AB1B31E592}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{19773754-17B1-414F-A9FC-3D00DE1E661A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1C6C3D32-99C5-42FE-8A95-E3DC16834123}" = protocol=17 | dir=in | app=c:\users\iguana\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{1FEABCD8-7072-4364-99C8-1AA0A627AF28}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{21D3D33C-F7CD-4495-95DC-275EAA042D6D}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{21E60E77-5D39-4DCF-B03C-F89054DD5B0E}" = protocol=6 | dir=in | app=c:\program files\sightspeed\sightspeed.exe |
"{244CD374-69C3-4595-BC47-EAA9FA79ED85}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{2763C7B3-8761-449B-BE6D-CB276BE61584}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2DB17F1F-EE33-4288-9BB9-7C99176DE0D0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{32FCCFCF-4C3A-462A-AEA1-C2AE1AEBEC2D}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{369375DF-1ABA-4653-B326-017A8C6C4625}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{392F71CF-2955-4767-898C-D0F988D6440A}" = protocol=17 | dir=in | app=c:\users\iguana\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{3BDDE608-809E-4CAE-829C-AA9D2BF784CB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3F7E9A53-3A63-4411-88ED-B197668B657B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{44461457-DCB9-448B-8F9E-4B74DED0C4FE}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{476732C3-1BF0-4D69-BF0D-C5468C8C0471}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{47BBC122-DF5D-45B7-AB98-CD9C1654BB9C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{48774FC8-9417-48D3-AE9C-09AB27E79175}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{5151E575-4BDF-4FDC-8CA0-6D0D2991A386}" = protocol=17 | dir=in | app=c:\users\iguana\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{57E9343C-97D1-46C9-A8E8-41FA58F37285}" = protocol=6 | dir=in | app=c:\users\iguana\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5F365A9D-68FC-42FC-B38C-12B8900DF0E3}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{618589A8-9476-4C09-8D16-E63EA7FBC34C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{690844FC-615D-4F8D-9D4B-65EBC47A0BA2}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{6994FD88-AEF0-4974-A617-13EE9C659E53}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6F6A5FFF-6992-4EA9-A335-E289E31C542E}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{721439EC-AC90-469A-8912-75DB06AC6074}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7413009C-1FB1-4422-8AF5-0A15F07C48C1}" = protocol=6 | dir=in | app=c:\users\iguana\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{78414A87-AA70-4C2E-A518-219617E513A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7880CC0C-F1E2-4226-8EA9-CBE27DF5EC4A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7A5D4D8E-2796-4190-AD78-2131B88EBC2E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7F9CDEE6-E602-4A20-9A33-2AD3E1799298}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{84FA0567-FD12-449C-B397-2DD969117255}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85682352-3199-427D-87F4-38323A74B782}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{89E75093-5729-4AC8-80F8-E5C0999AF75E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8E46B9BC-5556-4080-92FE-8E0E0379407E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93E845CE-F4EE-4C9B-8022-58831734BFF4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9503E2FA-85DB-4C1A-85D1-C5D160336384}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{98637CC0-AA83-46DC-880B-5DF4856FE782}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{A5F83F12-036A-4E26-8AB1-248BB06B199B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AA6B0149-4C90-4F33-9276-5D8426BE1327}" = protocol=6 | dir=in | app=c:\users\iguana\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{AF5F62E3-82DA-4482-AF38-E456A12E5823}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{AF700900-A041-4735-B28E-FB93D2C01EA8}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0DDEC1A-E51E-4CD4-88A0-3A4FDE2725AE}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B0E860EC-8903-4393-90FB-DA9729738462}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{B1944D3F-DD85-4E98-86EF-C6B021E5F43F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B4D4E81E-301B-4796-97C0-23265C9ABF7C}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B83239DB-1E5C-497D-B1EB-C927F7EE8C5A}" = dir=in | app=c:\program files\pharossystems\core\ctskmstr.exe |
"{BEEAA2A9-C6F2-4C96-8C1A-D96C373E8772}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C71D73F3-39A0-4109-B683-FCEEDBB9DD38}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CAB4ED05-83F7-486B-8596-BC85A07E0A9B}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{CCFC600A-7680-41A8-A2E9-52BA8516A5D3}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D3744333-9705-4A9C-B582-4D778CB5B424}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{D6F22617-3773-45E4-B120-B89B58A52791}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{DBBF9E7F-3EFB-448E-BF07-DE68E3261EDF}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{DD9E8787-D3EC-42DD-8B4E-61C355CB1246}" = protocol=17 | dir=in | app=c:\program files\sightspeed\sightspeed.exe |
"{DE31F098-3B60-4BE7-A15B-577569B7DBB6}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{DF869AD7-5D15-4870-800B-AD904EB49210}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DFC4122C-ACBF-485C-89E8-B001CB0CB4B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DFEEDC64-B37B-4B7C-AF0D-099DAB2BBE38}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{E162E4FC-053C-4E52-B000-8A72BE23826B}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{E3034346-F93B-4D36-92BE-4673E9F80BF9}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{E52306BA-688F-46A2-8349-6946D0809DB3}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{E8285C15-B264-4444-B33B-E224EEBE0499}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBB7ADE0-5BFE-43DE-9D5F-BA8C023082A1}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{ECA2CEB3-4B5C-4880-8B50-D23FDBCE5074}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F1837B7A-FC1A-4FAD-B2B5-95B3A709CDC3}" = protocol=6 | dir=out | app=system |
"{FF5F28B4-10A1-47B8-AB2A-BB3B9D71AAA0}" = protocol=17 | dir=in | app=c:\users\iguana\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{8F5E6958-C26A-4FFA-BBFA-FC49EC713F3F}C:\program files\age of empires 2 & the conquerors expansion - full game\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\age of empires 2 & the conquerors expansion - full game\age2_x1.exe |
"TCP Query User{A6F305AB-5F91-4047-BF01-C7E981332DAA}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{C7F7F283-CEE4-4D23-8962-075029BB3F59}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{043F821F-E3EB-4CD9-9674-597192F461B7}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{30668BBC-8C52-4D74-8795-5AB0797F910C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{C9821048-FD0C-4A5B-95EB-2B9EFF2DB358}C:\program files\age of empires 2 & the conquerors expansion - full game\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\age of empires 2 & the conquerors expansion - full game\age2_x1.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E8EF6C8-1DC7-4DEA-A776-4EDF78B9654B}" = Microsoft Network Monitor: Microsoft Parsers 3.3
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D57FB4E-6277-4A6D-8739-304C38051B89}" = Jitbit Macro Recorder LITE
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam
"{4C94F105-81D0-4AFC-8F0A-38949DC07F65}" = SYSTRAN
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{6C6ED584-9F75-4235-8718-1F35B59814E8}" = Mamba Firmware Updater 1.07
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7BE49DA7-EDA4-4C63-AA06-DCDF6858C3F3}" = Razer Mamba
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BAC9CCE-A0F6-4A05-A8B2-1FE2F4D3E44C}" = ASUS WL-330gE Wireless AP
"{8BAC9DAB-9118-4D13-8CF4-78812CC4755C}" = ACID Pro 7.0
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91249DB1-5E37-355D-94D6-F957031D8955}" = Google Talk Plugin
"{9195706A-CEB6-4B88-85CE-D3BEB19F11C4}" = Microsoft Network Monitor 3.3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A84EF2EA-FA7E-495C-9581-933496C9B9E9}}_is1" = ACE Online EP3-2 2.2.0.8 Full
"{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
"{AC76BA86-1033-F400-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 Lite
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B19CA5C6-FA4C-4029-B4D3-E02C7B84B3D0}" = Brain Training Deluxe Edition
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}" = UltraMon
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF0F8E63-36EC-4180-8DF2-0F3CE3D91966}" = Sudoku Deluxe
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2F24B99ECB29EFFFB75AD91C778384CA2D012C75" = Windows Driver Package - Razer (CYUSB) USB (04/09/2009 3.4.0.110)
"2Wire SetupWiz" = AT&T Yahoo! High Speed Internet Home Networking Installer
"7F312C4D92824B1AD4C9D92C81F1BA2E6FE12592" = Windows Driver Package - Freescale Semiconductor (WinUSB) USB (10/13/2007 6.00.2064)
"7-Zip" = 7-Zip 4.61 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Aleks 3.11" = Aleks 3.11
"ASIO4ALL" = ASIO4ALL
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Atomic Alarm Clock_is1" = Atomic Alarm Clock 5.61
"AvaCam_is1" = AvaCam v3.1.0
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"ComicRack" = ComicRack v0.9.111
"Continuum_is1" = Continuum 0.40
"Copssh" = Copssh (remove only)
"Daniusoft Media Converter Pro_is1" = Daniusoft Media Converter Pro(Build 2.3.4.0)
"DeskScapes" = DeskScapes
"DreamMaker" = DreamMaker
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.9.15
"FitDay_is1" = FitDay PC version 1.0
"Flock (2.5.2)" = Flock (2.5.2)
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Desktop" = Google Desktop
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"IconPackager" = IconPackager
"ICW Base" = ICW Base(remove only)
"InstallShield_{4C94F105-81D0-4AFC-8F0A-38949DC07F65}" = SYSTRAN
"InstallShield_{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.1 (Full)
"Live 6.0.1" = Live 6.0.1
"Live 8.0.10" = Live 8.0.10
"Live 8.1.1" = Live 8.1.1
"LogonStudio Vista" = LogonStudio Vista
"Magic ISO Maker v5.4 (build 0255)" = Magic ISO Maker v5.4 (build 0255)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MechWarrior Clan Pak" = Clan 'Mech Pak
"MechWarrior IS Pak" = Inner Sphere 'Mech Pak
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MPE" = MyPhoneExplorer
"Nero 9 Lite_is1" = Nero 9.0.9.4 Lite
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OEMInformation" = OEM Logo and Information
"OpenAL" = OpenAL
"PFPortChecker" = PFPortChecker 1.0.31
"Pharos" = Pharos
"Pidgin" = Pidgin
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"RegistryBooster 2" = RegistryBooster 2
"RocketDock_is1" = RocketDock 1.3.5
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"Security Task Manager" = Security Task Manager 1.7f
"SightSpeed" = SightSpeed
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Startup Faster!_is1" = Startup Faster!
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"Tor" = Tor 0.2.1.19
"TreeSize Professional_is1" = TreeSize Professional 5.3.1
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"Unlocker" = Unlocker 1.8.7
"Vidalia" = Vidalia 0.1.15
"Vista Start Menu_is1" = Vista Start Menu 3.31
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"XnView_is1" = XnView 1.97
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MintedPoker_91_0" = MintedPoker
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:35 PM

Posted 15 April 2010 - 07:19 AM

Hello,


We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :Otl
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

    :Files
    C:\WINDOWS\System32\drivers\atapi.sys|C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
    /replace

    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
    [REBOOT]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.


Things to include in your next reply:
OTL fix log

A new OTL scan log
No need to post Extra.txt this time

How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 hideousvirus

hideousvirus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 15 April 2010 - 02:41 PM

I am still receiving pop-ups and random freezes.

Also I just contracted "ave.exe" which is telling me I need to run some fake anti-spyware program and that i have all these infections etc. It's preventing all of my web browser from working properly.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.
C:\Program Files\PokerStars\PokerStarsUpdate.exe moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\drivers\atapi.sys|C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys not found.
Invalid replace specification:
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: ballin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes

User: cyg_server
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: hi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes

User: Iguana
->Temp folder emptied: 141137 bytes
->Temporary Internet Files folder emptied: 6734342 bytes
->Java cache emptied: 18373210 bytes
->FireFox cache emptied: 199749693 bytes
->Google Chrome cache emptied: 594288 bytes
->Flash cache emptied: 847687 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 216.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04152010_135231

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




OTL SCAN LOG
OTL logfile created on: 4/15/2010 14:00:50 - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Iguana\Desktop\virus
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.20 Gb Total Space | 7.10 Gb Free Space | 2.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADIK0
Current User Name: Iguana
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/14 23:13:49 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Iguana\Desktop\virus\OTL.exe
PRC - [2010/04/02 19:13:34 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/22 15:52:08 | 000,083,440 | ---- | M] (Google) -- C:\Users\Iguana\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2009/11/11 20:52:32 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/10/30 06:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/01 18:15:58 | 000,372,750 | ---- | M] () -- C:\Program Files\ICW\Bin\sshd.exe
PRC - [2009/05/13 19:22:32 | 000,068,096 | ---- | M] () -- C:\Program Files\ICW\Bin\cygrunsrv.exe
PRC - [2009/04/22 12:59:28 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/26 23:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/03/26 23:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/03/26 23:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/03/13 05:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/03/13 05:48:48 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/29 03:38:26 | 000,731,648 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMon.exe
PRC - [2008/09/29 02:02:38 | 000,307,200 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe
PRC - [2008/09/07 19:36:06 | 000,494,304 | ---- | M] (URSoft,Inc) -- C:\Program Files\Startup Faster\SFAgent.exe
PRC - [2008/07/25 15:56:44 | 001,351,680 | ---- | M] () -- C:\Program Files\Hotkey\Hotkey.exe
PRC - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Hotkey\PowerBiosServer.exe
PRC - [2008/07/04 02:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008/05/01 23:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/30 19:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 19:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/06/11 17:01:24 | 000,086,016 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/02/22 15:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (SafeList) ==========

MOD - [2010/04/14 23:13:49 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Iguana\Desktop\virus\OTL.exe
MOD - [2009/06/30 13:55:43 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll
MOD - [2009/05/25 05:21:48 | 000,012,304 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll
MOD - [2009/04/11 01:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009/03/29 23:42:16 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcr80.dll
MOD - [2009/03/29 23:42:16 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcp80.dll
MOD - [2008/09/29 00:35:20 | 000,057,856 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll
MOD - [2008/05/01 23:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008/04/05 05:04:04 | 000,090,112 | ---- | M] (Andreas Verhoeven) -- C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2007/08/21 17:30:40 | 000,087,488 | ---- | M] (Stardock) -- C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PnkBstrA)
SRV - [2009/11/11 20:52:32 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223)
SRV - [2009/10/08 10:03:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/25 05:26:40 | 000,303,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009/05/13 19:22:32 | 000,068,096 | ---- | M] () [Auto | Running] -- C:\Program Files\ICW\Bin\cygrunsrv.exe -- (OpenSSHServer)
SRV - [2009/03/26 23:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/03/26 23:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/03/26 23:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/03/13 05:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/01 11:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2008/04/30 19:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 19:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/20 21:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/06/11 17:01:24 | 000,086,016 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/02/22 15:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028

FF - HKLM\software\mozilla\Flock 2.5.2\extensions\\Components: C:\Program Files\Flock\components [2009/10/19 02:15:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.2\extensions\\Plugins: C:\Program Files\Flock\plugins [2009/10/19 02:13:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 19:13:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 19:13:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/07/26 09:58:43 | 000,000,000 | ---D | M]

[2009/10/19 02:15:03 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Extensions
[2009/10/19 02:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010/04/14 01:20:14 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions
[2009/12/08 00:19:08 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/06/30 15:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/07/04 09:37:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/17 14:12:31 | 000,000,000 | ---D | M] (Integrated Gmail) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2009/09/29 14:46:16 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2009/11/06 11:50:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/07 22:03:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/12 15:03:51 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/01/21 01:07:19 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/04/12 00:37:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/01 11:31:37 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/04/13 13:43:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}-trash
[2010/01/30 20:01:43 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\bettergcal@ginatrapani.org
[2010/03/04 07:17:32 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\chromifox@altmusictv.com
[2010/02/23 09:47:30 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\foxyproxy@eric.h.jung
[2010/01/30 20:01:43 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\GoogCal@bitdrip.com
[2009/11/03 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\nosquint@urandom.ca
[2010/01/07 22:03:50 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\piclens@cooliris.com
[2010/03/20 23:08:00 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\23krmvs4.default\extensions\SkipScreen@SkipScreen
[2010/01/18 21:33:01 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\5wcyijpa.Default User\extensions
[2009/07/12 04:11:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\5wcyijpa.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/13 04:03:09 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\5wcyijpa.Default User\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/09/17 14:03:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\5wcyijpa.Default User\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/22 11:54:26 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Iguana\AppData\Roaming\Mozilla\Firefox\Profiles\5wcyijpa.Default User\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/04/14 01:20:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/08 21:19:11 | 000,000,000 | ---D | M] () -- C:\Program Files\Mozilla Firefox\extensions\{87653ca5-8650-40b7-9d14-8b0b225aded2}
[2009/07/26 10:00:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2010/04/15 13:52:33 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [StartupFaster] C:\Program Files\Startup Faster\startuploader.exe (URSoft,Inc)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Iguana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk.disabled ()
O4 - Startup: C:\Users\Iguana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartupFaster [2010/01/06 21:37:44 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: SYSTRAN Lookup - C:\Program Files\SYSTRAN\6\GUIres.dll ()
O8 - Extra context menu item: SYSTRAN Translate - C:\Program Files\SYSTRAN\6\GUIres.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O22 - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll (Andreas Verhoeven)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Iguana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Iguana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:32:53 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/15 13:52:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/14 00:52:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/14 00:51:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/14 00:32:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/14 00:32:49 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/04/13 23:26:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/13 23:26:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/13 23:26:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/13 23:26:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/13 23:25:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/13 16:32:51 | 000,000,000 | ---D | C] -- C:\Users\Iguana\Desktop\virus
[2010/04/13 00:07:06 | 000,000,000 | ---D | C] -- C:\Users\Iguana\Desktop\GooredFix Backups
[2010/04/07 00:10:55 | 000,000,000 | ---D | C] -- C:\Users\Iguana\Documents\My Games
[2010/04/07 00:10:55 | 000,000,000 | ---D | C] -- C:\Users\Iguana\AppData\Local\My Games
[2010/04/06 21:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Firaxis Games
[2010/04/03 21:01:03 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32

========== Files - Modified Within 14 Days ==========

[2010/04/15 14:02:05 | 000,712,586 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/15 14:02:05 | 000,610,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/15 14:02:05 | 000,107,430 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/15 14:01:03 | 008,126,464 | -HS- | M] () -- C:\Users\Iguana\NTUSER.DAT
[2010/04/15 13:56:37 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/04/15 13:55:57 | 000,183,806 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/04/15 13:55:57 | 000,183,806 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/04/15 13:55:49 | 000,002,399 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2010/04/15 13:55:21 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/15 13:55:21 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/15 13:55:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/15 13:55:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/15 13:53:58 | 000,524,288 | -HS- | M] () -- C:\Users\Iguana\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/04/15 13:53:58 | 000,065,536 | -HS- | M] () -- C:\Users\Iguana\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/04/15 13:52:33 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/04/15 13:48:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-304153227-2973906055-2797921509-1000UA.job
[2010/04/14 14:42:42 | 002,998,835 | -H-- | M] () -- C:\Users\Iguana\AppData\Local\IconCache.db
[2010/04/14 12:43:41 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-304153227-2973906055-2797921509-1000Core.job
[2010/04/14 00:49:25 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/13 18:32:40 | 000,001,356 | ---- | M] () -- C:\Users\Iguana\AppData\Local\d3d9caps.dat
[2010/04/13 18:15:50 | 000,143,360 | ---- | M] () -- C:\Users\Iguana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/13 16:33:35 | 000,000,176 | ---- | M] () -- C:\Users\Iguana\defogger_reenable
[2010/04/13 00:08:36 | 000,001,128 | -HS- | M] () -- C:\Users\Iguana\AppData\Local\8xRhp4r1
[2010/04/13 00:08:36 | 000,001,128 | -HS- | M] () -- C:\ProgramData\8xRhp4r1
[2010/04/07 11:07:40 | 000,001,152 | ---- | M] () -- C:\Users\Iguana\Desktop\Civ4BeyondSword.exe - Shortcut.lnk
[2010/04/06 23:04:26 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4 - Warlords.lnk
[2010/04/06 22:56:26 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4.lnk

========== Files Created - No Company Name ==========

[2010/04/13 23:26:53 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/13 23:26:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/13 23:26:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/13 23:26:53 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/13 23:26:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/13 16:33:19 | 000,000,176 | ---- | C] () -- C:\Users\Iguana\defogger_reenable
[2010/04/13 00:08:36 | 000,001,128 | -HS- | C] () -- C:\Users\Iguana\AppData\Local\8xRhp4r1
[2010/04/13 00:08:36 | 000,001,128 | -HS- | C] () -- C:\ProgramData\8xRhp4r1
[2010/04/07 11:07:40 | 000,001,152 | ---- | C] () -- C:\Users\Iguana\Desktop\Civ4BeyondSword.exe - Shortcut.lnk
[2010/04/06 22:26:59 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4 - Warlords.lnk
[2010/04/06 21:47:48 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4.lnk
[2010/02/24 00:08:08 | 000,000,218 | ---- | C] () -- C:\Users\Iguana\.recently-used.xbel
[2010/02/22 18:07:17 | 000,000,040 | ---- | C] () -- C:\Windows\System32\Sx5363.ini
[2010/02/04 20:37:38 | 000,000,036 | ---- | C] () -- C:\Users\Iguana\.org.eclipse.epp.usagedata.recording.userId
[2010/02/04 07:15:52 | 000,000,600 | ---- | C] () -- C:\Users\Iguana\AppData\Local\PUTTY.RND
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/10/08 21:08:14 | 000,000,094 | ---- | C] () -- C:\Users\Iguana\AppData\Local\fusioncache.dat
[2009/10/08 20:59:07 | 000,878,080 | ---- | C] () -- C:\Windows\System32\iconv.dll
[2009/10/08 20:59:07 | 000,721,920 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2009/10/08 20:59:07 | 000,150,016 | ---- | C] () -- C:\Windows\System32\libxslt.dll
[2009/10/08 20:59:07 | 000,051,200 | ---- | C] () -- C:\Windows\System32\libexslt.dll
[2009/10/05 00:00:12 | 000,004,985 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009/09/10 01:31:19 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009/09/07 18:15:43 | 557,817,187 | ---- | C] () -- C:\Users\Iguana\ph.!ut
[2009/08/07 00:26:53 | 000,000,776 | ---- | C] () -- C:\Users\Iguana\AppData\Roaming\AtomicAlarmClock.ini
[2009/08/07 00:26:53 | 000,000,532 | ---- | C] () -- C:\Users\Iguana\AppData\Roaming\alarms.ini
[2009/08/01 23:33:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/29 12:00:47 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/07/29 12:00:45 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/07/23 23:10:31 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/07/23 23:10:31 | 000,022,328 | ---- | C] () -- C:\Users\Iguana\AppData\Roaming\PnkBstrK.sys
[2009/07/10 19:43:20 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/04 03:15:23 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/07/03 23:37:56 | 000,001,770 | ---- | C] () -- C:\Users\Iguana\AppData\Roaming\Profile0.dat
[2009/07/03 19:26:03 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll
[2009/06/30 14:42:43 | 000,000,612 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/30 14:36:29 | 000,143,360 | ---- | C] () -- C:\Users\Iguana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/30 14:28:40 | 000,183,806 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/30 14:28:38 | 000,183,806 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/30 14:11:10 | 000,000,188 | R--- | C] () -- C:\Windows\OEM.ini
[2009/06/30 14:11:09 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/06/30 14:05:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/06/30 13:59:55 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/06/30 13:59:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/06/30 13:59:54 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/06/30 13:59:54 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/06/30 13:59:53 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/06/30 13:59:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/06/30 13:59:52 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/06/30 13:55:34 | 000,001,356 | ---- | C] () -- C:\Users\Iguana\AppData\Local\d3d9caps.dat
[2009/06/30 13:55:33 | 008,126,464 | -HS- | C] () -- C:\Users\Iguana\NTUSER.DAT
[2009/06/30 13:55:33 | 000,524,288 | -HS- | C] () -- C:\Users\Iguana\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2009/06/30 13:55:33 | 000,524,288 | -HS- | C] () -- C:\Users\Iguana\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2009/06/30 13:55:33 | 000,262,144 | -H-- | C] () -- C:\Users\Iguana\ntuser.dat.LOG2
[2009/06/30 13:55:33 | 000,262,144 | -H-- | C] () -- C:\Users\Iguana\ntuser.dat.LOG1
[2009/06/30 13:55:33 | 000,065,536 | -HS- | C] () -- C:\Users\Iguana\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2009/06/30 13:55:33 | 000,000,020 | -HS- | C] () -- C:\Users\Iguana\ntuser.ini
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/11/26 05:11:37 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CmUCRRm.Dll
[2008/01/20 21:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/07/19 12:50:12 | 000,104,520 | ---- | C] () -- C:\Windows\System32\OSD.dll
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\Windows\System32\FTDIUN2K.INI
[2002/03/01 14:43:34 | 000,028,008 | ---- | C] () -- C:\Windows\System32\SUSUSB.SYS
[2001/12/03 16:50:58 | 000,147,456 | R--- | C] () -- C:\Windows\System32\LTTLS13N.DLL
[2001/12/03 16:50:20 | 000,708,608 | R--- | C] () -- C:\Windows\System32\LTCRY13N.DLL
[2000/07/07 06:49:30 | 000,069,120 | R--- | C] () -- C:\Windows\System32\LTDLL.DLL
[2000/04/12 16:28:12 | 000,118,784 | R--- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2000/04/12 16:24:10 | 000,338,944 | R--- | C] () -- C:\Windows\System32\LFFPX7.DLL

========== LOP Check ==========

[2009/11/12 20:56:55 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\.kde
[2010/04/13 17:08:03 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\.purple
[2009/12/31 15:58:05 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Ableton
[2009/09/04 14:16:44 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\cYo
[2009/12/09 03:12:49 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\DAEMON Tools
[2009/12/09 03:36:12 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\DAEMON Tools Lite
[2009/07/03 19:28:25 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\DAEMON Tools Pro
[2009/10/19 02:15:00 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Flock
[2010/03/29 23:48:05 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\gtk-2.0
[2010/03/27 02:23:43 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\IrfanView
[2009/11/20 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\JAM Software
[2009/12/11 08:53:06 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\JGsoft
[2009/11/12 20:45:47 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\KDE
[2009/07/23 06:29:34 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Leadertech
[2009/09/15 16:09:58 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\MPEG Streamclip
[2010/02/07 22:59:35 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\MyPhoneExplorer
[2009/07/31 18:22:53 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\NetMedia Providers
[2009/11/19 14:25:50 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Notepad++
[2009/09/19 20:28:11 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\ooVoo Details
[2009/10/19 00:46:10 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Opera
[2009/07/01 04:13:48 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Protector Suite
[2009/07/31 18:22:53 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Publish Providers
[2009/07/31 18:22:52 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Sony
[2010/03/17 23:12:58 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\SystemRequirementsLab
[2009/10/08 21:08:34 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\SYSTRAN
[2009/07/29 13:48:22 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Ubisoft
[2009/09/13 05:05:11 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Uniblue
[2009/09/13 06:07:09 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\URSoft
[2010/04/12 17:09:16 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\uTorrent
[2009/11/07 02:16:38 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\Vista Start Menu
[2010/03/18 12:09:44 | 000,000,000 | ---D | M] -- C:\Users\Iguana\AppData\Roaming\XnView
[2010/04/15 13:53:35 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 01:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/09/29 16:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/29 16:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007/09/29 16:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2008/04/21 02:51:16 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\Windows\System32\drivers\viamraid.sys
[2008/04/21 02:51:16 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_119153b1\viamraid.sys

< MD5 for: VIPRT.SYS >
[2008/04/15 09:08:30 | 000,056,984 | ---- | M] (VIA Technologies, Inc.) MD5=9F9EE4DDDF11B9D6C47D0339703D200C -- C:\Windows\System32\drivers\ViPrt.sys
[2008/04/15 09:08:30 | 000,056,984 | ---- | M] (VIA Technologies, Inc.) MD5=9F9EE4DDDF11B9D6C47D0339703D200C -- C:\Windows\System32\DriverStore\FileRepository\viprt.inf_b77203c7\ViPrt.sys

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:5F7539FF
< End of report >

Edited by hideousvirus, 15 April 2010 - 05:25 PM.


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:35 PM

Posted 15 April 2010 - 05:48 PM

Hello,

1.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

CODE
FCopy::
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys | C:\Windows\System32\drivers\atapi.sys


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

2.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt

Save both reports to your desktop post the contents of the DDS.txt log. Save the other report incase I need to look at it later.

If your still having redirect issues please do the following also. If no redirects then disregard.
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • Make sure Sections is checked.
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Things to include in your next reply:
Combofix.txt
DDS.txt
Gmer log (if your still having redirects)

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 hideousvirus

hideousvirus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 15 April 2010 - 10:13 PM

Thank you for your time. I will solve this on my own or reformat my computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users