Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit?


  • This topic is locked This topic is locked
42 replies to this topic

#1 MayGyver

MayGyver

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 18 April 2010 - 12:25 PM

Whenever I try to get on chrome, none of the pages load; I am left with just a blank page. Also, I have noticed that my computer is running more slowly and I seem to get more errors about random processes getting errors. Help please!

Here is my log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:51 PM, on 4/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSSystem32brsvc01a.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32brss01a.exe
C:PROGRA~1COMMON~1AOLACSacsd.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:program filescommon filesmcafeemnamcnasvc.exe
c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
F:Program Files BSony Vegas 6Media ManagerMSSQL$SONY_MEDIAMGRBinnsqlservr.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSwanmpsvc.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSExplorer.EXE
C:WINDOWSBCMSMMSG.exe
C:WINDOWSsystem32dlatfswctrl.exe
C:WINDOWSSystem32DSentry.exe
C:Program FilesDellMedia ExperiencePCMService.exe
C:Program FilesScansoftPaperPortpptd40nt.exe
C:Program FilesBrotherBrmfcmonBrMfcWnd.exe
C:Program FilesANIANIWZCS2 ServiceWZCSLDR2.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesBrotherControlCenter3brccMCtl.exe
C:Program FilesScansoftPaperPortSmartUISmartUI.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesLogitechMouseWaresystemem_exec.exe
C:Program FilesBrotherBrmfcmonBrMfcmon.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesMozilla Firefoxfirefox.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.osu.edu/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpnyt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:PROGRA~1Yahoo!CompanionInstallscpnyt.dll
O2 - BHO: Skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - F:Program Files BBitcomettoolsBitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - F:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Ask.com Toolbar BHO - {d4027c7f-154a-4066-a1ad-4243d8127440} - C:Program FilesAsk.comGenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 - BHO: SingleInstance Class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:PROGRA~1Yahoo!CompanionInstallscpnYTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:Program FilesSiteAdvisor6172SiteAdv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program FilesAsk.comGenericAskToolbar.dll
O4 - HKLM..Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 - HKLM..Run: [DVDSentry] C:WINDOWSSystem32DSentry.exe
O4 - HKLM..Run: [PCMService] "C:Program FilesDellMedia ExperiencePCMService.exe"
O4 - HKLM..Run: [SSBkgdUpdate] "C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot
O4 - HKLM..Run: [PaperPort PTD] C:Program FilesScansoftPaperPortpptd40nt.exe
O4 - HKLM..Run: [IndexSearch] C:Program FilesScansoftPaperPortIndexSearch.exe
O4 - HKLM..Run: [BrMfcWnd] C:Program FilesBrotherBrmfcmonBrMfcWnd.exe /AUTORUN
O4 - HKLM..Run: [SetDefPrt] C:Program FilesBrotherBrmfl06aBrStDvPt.exe
O4 - HKLM..Run: [ControlCenter3] C:Program FilesBrotherControlCenter3brctrcen.exe /autorun
O4 - HKLM..Run: [ANIWZCS2Service] C:Program FilesANIANIWZCS2 ServiceWZCSLDR2.exe
O4 - HKLM..Run: [SiteAdvisor] C:Program FilesSiteAdvisor6172SiteAdv.exe
O4 - HKLM..Run: [dscactivate] "C:Program FilesDell Support Centergs_agentcustomdsca.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "F:Program Files BAdobeReaderReader_sl.exe"
O4 - HKLM..Run: [UserFaultCheck] %systemroot%system32dumprep 0 -u
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [StartCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [ATICustomerCare] "C:Program FilesATIATICustomerCareATICustomerCare.exe"
O4 - HKLM..Run: [MSConfig] C:WINDOWSpchealthhelpctrBinariesMSCONFIG.EXE /auto
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [mcagent_exe] "C:Program FilesMcAfee.comAgentmcagent.exe" /runkey
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Aim] "C:Program FilesAIMaim.exe" /d locale=en-US
O4 - HKUSS-1-5-18..Run: [Diagnostic Manager] C:WINDOWSTEMP1888932608.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [Diagnostic Manager] C:WINDOWSTEMP1888932608.exe (User 'Default user')
O4 - Global Startup: SmartUI.lnk = C:Program FilesScansoftPaperPortSmartUISmartUI.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://F:Program Files BBitcometBitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://F:Program Files BBitcometBitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://F:Program Files BBitcometBitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~4OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067a26b-1337-4436-8afe-ee169c2da79f} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067a26b-1337-4436-8afe-ee169c2da79f} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://F:Program Files BBitcomettoolsBitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - F:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - F:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9425.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9425.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9425.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9425.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9425.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9425.dll
O11 - Options group: [java_sun] Java (Sun)
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs: kuluyapu.dll c:windowssystem32pemoduza.dll suwefosa.dll lavirijo.dll c:windowssystem32kapebubu.dll
O20 - Winlogon Notify: !saswinlogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL
O21 - SSODL: duzavemop - {f4ceb799-34c8-490e-b4ce-e9e25321671f} - c:windowssystem32pemoduza.dll (file missing)
O21 - SSODL: tahokekev - {f3a566f4-59b0-463d-b261-3e8e3e5ed175} - c:windowssystem32kapebubu.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {f4ceb799-34c8-490e-b4ce-e9e25321671f} - c:windowssystem32pemoduza.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {f3a566f4-59b0-463d-b261-3e8e3e5ed175} - c:windowssystem32kapebubu.dll (file missing)
O23 - Service: Adobe Update Service (adbupd) - Unknown owner - C:Program Filessvchost.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:Program FilesANIANIWZCS2 ServiceANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:PROGRA~1COMMON~1AOLACSacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSSYSTEM32ati2sgag.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:WINDOWS
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:WINDOWSSystem32brsvc01a.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: getPlus® Helper - Unknown owner - C:Program FilesNOSbingetPlus_HelperSvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:program filescommon filesmcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:Program FilesIntelNCSSyncNetSvc.exe
O23 - Service: Viewpoint Manager Service (viewpoint manager service) - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:WINDOWSwanmpsvc.exe

--
End of file - 13170 bytes

Throughout the day there seems to be some error with "svchost" which crashes and then I am unable to do anything without force-restarting.

Edited by Budapest, 20 April 2010 - 05:04 PM.
Posts merged ~BP


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:59 AM

Posted 23 April 2010 - 11:29 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 MayGyver

MayGyver
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 23 April 2010 - 03:16 PM

Alright, in short, my problem became recognized when I tried to open google Chrome and it would not load any pages. Whenever I tried to load a page it just gave a blank white screen with nothing on it at all. The only way I can get on Chrome now is to use " --no-sandbox" at the end of the target file option under properties for Chrome. In the past few days, I will also get pop ups saying that there is an error with svchost and sometimes win32 and then I have to force restart my computer because nothing will load at all, not even the restart menu.

Here is my DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Alex May at 16:06:02.04 on Fri 04/23/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.550 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
F:\Program Files B\Sony Vegas 6\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Documents and Settings\Alex May\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.osu.edu/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - f:\program files b\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6172\SiteAdv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [SiteAdvisor] c:\program files\siteadvisor\6172\SiteAdv.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Adobe Reader Speed Launcher] "f:\program files b\adobe\reader\Reader_sl.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRun: [Diagnostic Manager] c:\windows\temp\1888932608.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartui.lnk - c:\program files\scansoft\paperport\smartui\SmartUI.exe
IE: &D&ownload &with BitComet - f:\program files b\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - f:\program files b\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - f:\program files b\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://f:\program files b\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067a26b-1337-4436-8afe-ee169c2da79f} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77bf5300-1474-4ec7-9980-d32b190e9b07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll
LSP: xfire_lsp_9425.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !saswinlogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: kuluyapu.dll c:\windows\system32\pemoduza.dll suwefosa.dll lavirijo.dll c:\windows\system32\kapebubu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: duzavemop - {f4ceb799-34c8-490e-b4ce-e9e25321671f} - c:\windows\system32\pemoduza.dll
SSODL: tahokekev - {f3a566f4-59b0-463d-b261-3e8e3e5ed175} - c:\windows\system32\kapebubu.dll
STS: kupuhivus: {f4ceb799-34c8-490e-b4ce-e9e25321671f} - c:\windows\system32\pemoduza.dll
STS: tokatiluy: {f3a566f4-59b0-463d-b261-3e8e3e5ed175} - c:\windows\system32\kapebubu.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli vemopado.dll tufamovo.dll lepiporo.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alexma~1\applic~1\mozilla\firefox\profiles\tlop0npp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.osu.edu/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\alex may\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\alex may\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\mozill~1\plugins\np_gp.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: f:\program files b\adobe\reader\browser\nppdf32.dll
FF - plugin: f:\program files b\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: f:\program files b\divx\divx web player\npdivx32.dll
FF - HiddenExtension: XUL Cache: {B7013AC7-05E4-4EA0-85F1-3B9D6B880123} - c:\documents and settings\alex may\local settings\application data\{b7013ac7-05e4-4ea0-85f1-3b9d6b880123}\
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{0ED54BD4-376E-47B1-9D2A-1B88C263AF87}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 sasdifsv;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 74480]
R2 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2007-3-3 256096]
R2 viewpoint manager service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-4 24652]
S1 e1141f2e;e1141f2e;c:\windows\system32\drivers\e1141f2e.sys [2009-4-21 0]
S2 adbupd;Adobe Update Service;c:\program files\svchost.exe --> c:\program files\svchost.exe [?]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 450400]
S3 Aloolp2dluis;Aloolp2dluis; [x]
S3 manycam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-3 643664]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-3-3 71496]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-3-3 34184]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-3-3 171400]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-3-3 32008]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-3-3 37480]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

=============== Created Last 30 ================

2010-04-23 04:45:22 272640 ----a-w- c:\windows\system32\o.dat
2010-04-17 01:18:20 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-29 14:27:37 28 ----a-w- c:\windows\Alex May.acl
2010-03-29 14:01:26 0 d-----w- c:\program files\common files\Sagekey Software
2010-03-29 14:01:26 0 d-----w- c:\program files\Access 97 Runtime
2010-03-29 14:01:06 0 d-----w- c:\program files\TSPDAT

==================== Find3M ====================

2010-04-23 04:44:50 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-15 19:13:03 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-15 02:24:47 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-04-11 23:02:07 114738 ----a-w- c:\windows\War3Unin.dat
2010-03-20 13:34:45 0 ----a-w- c:\windows\system32\drivers\e1141f2e.sys

============= FINISH: 16:07:24.51 ===============


Attach.zip is attached as well. I am currently doing the second step.

Attached Files



#4 MayGyver

MayGyver
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 24 April 2010 - 02:25 AM

Here is the GMER Log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-24 03:13:10
Windows 5.1.2600 Service Pack 2
Running: q2lr2qff.exe; Driver: C:\DOCUME~1\ALEXMA~1\LOCALS~1\Temp\pxldqpod.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF73B5B3A]
SSDT sptd.sys ZwEnumerateKey [0xF73B5C7E]
SSDT sptd.sys ZwEnumerateValueKey [0xF73B5FF6]
SSDT sptd.sys ZwOpenKey [0xF73B5A18]
SSDT sptd.sys ZwQueryKey [0xF73B60C0]
SSDT sptd.sys ZwQueryValueKey [0xF73B5F58]
SSDT sptd.sys ZwSetValueKey [0xF73B6148]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD0829.SYS The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF648C000, 0x1C5D58, 0xE8000020]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 EC8CF4D0 16 Bytes [FB, 6D, 4A, C6, 09, 4F, BF, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 EC8CF4E1 31 Bytes [E0, 8C, EC, 4E, 93, B4, 2F, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0079000A
.text C:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007A000A
.text C:\WINDOWS\System32\svchost.exe[976] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0078000C
.text C:\WINDOWS\System32\svchost.exe[976] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 01EA000A
.text C:\WINDOWS\System32\svchost.exe[976] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 01E9000A
.text C:\WINDOWS\Explorer.EXE[2992] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A0000A
.text C:\WINDOWS\Explorer.EXE[2992] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A6000A
.text C:\WINDOWS\Explorer.EXE[2992] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009F000C

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F73BEDB2] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73D471E] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F73BF3B2] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F73BF2B6] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F73BF482] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73D4032] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F73BEF6E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F73D3C76] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F73BEE06] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73B1A32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73B1B6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73B1AF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73B26CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73B25A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73D4864] sptd.sys
IAT \WINDOWS\System32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F73C3F78] sptd.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F73D3C76] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73D3C82] sptd.sys
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73D4864] sptd.sys
IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F73B1020] sptd.sys
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F73B1020] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F99C78
Device \FileSystem\Fastfat \FatCdrom 8686DEB0
Device \FileSystem\Udfs \UdfsCdRom 86D980E8
Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk 86D980E8
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\USBSTOR \Device\00000071 86DB9800
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F9A310
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F9A310
Device \Driver\Cdrom \Device\CdRom0 86D991E8
Device \FileSystem\Rdbss \Device\FsWrap 86C6CBA8
Device \Driver\Ftdisk \Device\HarddiskVolume3 86F9A310
Device \Driver\Cdrom \Device\CdRom1 86D991E8
Device \Driver\atapi \Device\Ide\IdePort0 [F732D2F0] atapi.sys[unknown section] {MOV EAX, 0x86f99008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73c6442; RET }
Device \Driver\atapi \Device\Ide\IdePort1 [F732D2F0] atapi.sys[unknown section] {MOV EAX, 0x86f99008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73c6442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F732D2F0] atapi.sys[unknown section] {MOV EAX, 0x86f99008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73c6442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F732D2F0] atapi.sys[unknown section] {MOV EAX, 0x86f99008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73c6442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F732D2F0] atapi.sys[unknown section] {MOV EAX, 0x86f99008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73c6442; RET }
Device \Driver\Cdrom \Device\CdRom2 86D991E8
Device \Driver\Cdrom \Device\CdRom3 86D991E8
Device \Driver\Cdrom \Device\CdRom4 86D991E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86BC6EB0
Device \Driver\NetBT \Device\NetbiosSmb 86BC6EB0
Device \Driver\00000054 \Device\0000004f sptd.sys

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Disk \Device\Harddisk0\DR0 86F99EB0

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Disk \Device\Harddisk1\DR1 86F99EB0
Device \Driver\Disk \Device\Harddisk2\DR5 86F99EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+6 86F99EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86C8C558
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86C8C558
Device \Driver\USBSTOR \Device\0000006f 86DB9800
Device \FileSystem\Npfs \Device\NamedPipe 86DB7730
Device \Driver\Ftdisk \Device\FtControl 86F9A310
Device \FileSystem\Msfs \Device\Mailslot 86C65B80
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 86D82668
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 86D82668
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 86D82668
Device \Driver\dtscsi \Device\Scsi\dtscsi1 86D82668
Device \FileSystem\Fastfat \Fat 8686DEB0
Device \FileSystem\Cdfs \Cdfs 86BED6C0
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1142495930
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 831139437
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -591467345
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 F:\Program Files B\Daemon Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x91 0x2B 0x7B 0x6D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x41 0xDD 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x24 0x4D 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x35 0x9E 0x02 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDE 0x55 0xD6 0x62 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION A31F863C38FEFE32B4FB823AE50E55B6D25C92F208266F22335A1E89AEA1A1D80EA52174465519BA7665FA82FC5FFE55CB6DDA353B43186039C3A769A7D408923FF38ACD40F7973F59317B2F7E2990C8A5CFE68B0F5B28DDA88860821AA6F78E1888E50413428A2ABDDAABDF29D1756E5F1C0A9C3502820CC37CE5A0C4F56DF33D17B626AF0128F64A949C0A3EB4BB3BC120FB61DE413175142CB6616D198981170768988BF54ABB67C13F7704A117B5D5DB5928C112DE36E1D43839DAD7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407BA7FD869164D67945D575E7D6A3B98083FAC1D03597BA9A036C5B226292D46677D4A754E57CC93F4F3138871D9ED79BBBB382DC24062E828670C3C362AE9610336F03A54422689375FF270E156E5515666401E50F63BB0FA0FE23905AD65E4744ED3386D390ACD405D5CF1E4E6394FD6CBC69162704D4ECD325D0B086F8D2E3C643AB26DE128EFFDC5EA56CABA7CD4BA9A5EEDE803B014C776A4DA6A911E2250B804B2DAC58487D3925324986397C870A4ADDC85EB545985A9F5120B97AB2719302005F2D3F72A1660D72908D8C8135B62EFCD8B49F9F917BB1FE07B691C2AF2D11538A25AACF60FF2577604F29F22D1ED75F1861F3752804007B903542B1AB0CD7

---- EOF - GMER 1.0.15 ----


#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:59 AM

Posted 25 April 2010 - 03:15 AM

Hello, MayGyver
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 MayGyver

MayGyver
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 25 April 2010 - 06:03 PM

Here is the combofix log:

ComboFix 10-04-21.01 - Alex May 04/25/2010 17:27:22.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.607 [GMT -4:00]
Running from: c:\documents and settings\Alex May\Desktop\schrauber.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alex May\Local Settings\Application Data\{B7013AC7-05E4-4EA0-85F1-3B9D6B880123}
c:\documents and settings\Alex May\Local Settings\Application Data\{B7013AC7-05E4-4EA0-85F1-3B9D6B880123}\chrome.manifest
c:\documents and settings\Alex May\Local Settings\Application Data\{B7013AC7-05E4-4EA0-85F1-3B9D6B880123}\chrome\content\_cfg.js
c:\documents and settings\Alex May\Local Settings\Application Data\{B7013AC7-05E4-4EA0-85F1-3B9D6B880123}\chrome\content\c.js
c:\documents and settings\Alex May\Local Settings\Application Data\{B7013AC7-05E4-4EA0-85F1-3B9D6B880123}\chrome\content\overlay.xul
c:\documents and settings\Alex May\Local Settings\Application Data\{B7013AC7-05E4-4EA0-85F1-3B9D6B880123}\install.rdf
c:\documents and settings\LocalService\Desktop\Your PC Protector.lnk
c:\documents and settings\LocalService\Start Menu\Programs\Your PC Protector
c:\documents and settings\LocalService\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk
c:\documents and settings\NetworkService\Local Settings\Application Data\ave.exe
c:\program files\Mozilla Firefox\extensions\{0ED54BD4-376E-47B1-9D2A-1B88C263AF87}
c:\program files\Mozilla Firefox\extensions\{0ED54BD4-376E-47B1-9D2A-1B88C263AF87}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{0ED54BD4-376E-47B1-9D2A-1B88C263AF87}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{0ED54BD4-376E-47B1-9D2A-1B88C263AF87}\install.rdf
c:\windows\system32\logs
c:\windows\system32\logs\{13F3E797-36C3-4C3E-8835-DCFA720FDD63}.log
c:\windows\system32\Mswrkdmk.dll

Infected copy of c:\windows\system32\drivers\pciide.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_adbupd
-------\Service_adbupd


((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-25 21:44 . 2010-04-25 21:44 -------- d-----w- c:\windows\LastGood
2010-04-24 15:06 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-04-24 15:06 . 2004-08-04 07:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-04-24 15:06 . 2004-08-04 05:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-04-24 15:06 . 2004-08-04 05:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-04-23 04:45 . 2010-04-23 04:45 272640 ----a-w- c:\windows\system32\o.dat
2010-04-17 01:18 . 2010-04-17 01:18 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-17 01:17 . 2010-04-18 08:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-15 07:51 . 2010-04-15 07:51 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-03-29 14:01 . 1996-11-17 14:37 32256 ----a-w- c:\windows\system32\Selfreg.dll
2010-03-29 14:01 . 1996-11-17 14:37 20080 ----a-w- c:\windows\system32\Winsspi.dll
2010-03-29 14:01 . 1996-12-12 06:37 31744 ----a-w- c:\windows\system32\Hlp95en.dll
2010-03-29 14:01 . 1996-11-17 14:37 12288 ----a-w- c:\windows\system32\Hlinkprx.dll
2010-03-29 14:01 . 1996-12-12 22:23 195072 ----a-w- c:\windows\system32\Msodeusa.dll
2010-03-29 14:01 . 1996-12-12 19:07 6144 ----a-w- c:\windows\system32\W95fiber.dll
2010-03-29 14:01 . 2010-03-29 14:01 -------- d-----w- c:\program files\Access 97 Runtime
2010-03-29 14:01 . 2010-03-29 14:01 -------- d-----w- c:\program files\Common Files\Sagekey Software
2010-03-29 14:01 . 2005-06-20 14:31 110592 ----a-w- c:\windows\system32\SageKeyx.dll
2010-03-29 14:01 . 2007-02-10 03:04 339968 ----a-w- c:\windows\system32\sagekey6.dll
2010-03-29 14:01 . 2010-04-07 20:25 -------- d-----w- c:\program files\TSPDAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 21:19 . 2003-11-22 01:30 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-04-25 06:03 . 2009-02-02 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-23 20:05 . 2009-09-03 01:19 -------- d-----w- c:\documents and settings\Alex May\Application Data\skypePM
2010-04-23 20:05 . 2009-09-03 01:16 -------- d-----w- c:\documents and settings\Alex May\Application Data\Skype
2010-04-23 04:44 . 2007-03-18 21:34 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-15 19:13 . 2003-11-22 01:30 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-13 05:43 . 2009-05-14 00:31 -------- d-----w- c:\documents and settings\Alex May\Application Data\vlc
2010-04-11 23:02 . 2009-02-26 02:06 114738 ----a-w- c:\windows\War3Unin.dat
2010-04-06 03:57 . 2010-02-04 05:30 -------- d-----w- c:\documents and settings\Alex May\Application Data\Crack DAT PAT
2010-03-20 13:34 . 2009-04-21 04:25 0 ----a-w- c:\windows\system32\drivers\e1141f2e.sys
2010-03-16 14:55 . 2007-03-03 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-15 23:03 . 2007-03-03 21:15 -------- d-----w- c:\program files\McAfee
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4027c7f-154a-4066-a1ad-4243d8127440}]
2009-02-26 16:25 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2009-12-01 3951976]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Logitech Utility"="Logi_MwX.Exe" [2003-05-16 19968]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="f:\program files b\Adobe\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-02 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-04 198160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2009-09-25 04:54 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Alex May^Start Menu^Programs^Startup^Cool - Auto Update.lnk]
path=c:\documents and settings\Alex May\Start Menu\Programs\Startup\Cool - Auto Update.lnk
backup=c:\windows\pss\Cool - Auto Update.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alex May^Start Menu^Programs^Startup^TA_Start.lnk]
path=c:\documents and settings\Alex May\Start Menu\Programs\Startup\TA_Start.lnk
backup=c:\windows\pss\TA_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^last.fm helper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aim]
2009-12-01 17:38 3951976 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools]
2005-12-10 14:57 133016 ----a-w- f:\program files b\Daemon Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\google update]
2009-09-21 07:36 133104 ----atw- c:\documents and settings\Alex May\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper]
2009-04-02 20:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2010-02-11 16:36 1218008 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 23:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spybotsd teatimer]
2009-03-05 20:07 2260480 --sha-r- f:\program files b\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\superantispyware]
2010-02-11 06:44 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updatemanager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
"SiteAdvisor Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"yahooauservice"=2 (0x2)
"javaquickstarterservice"=2 (0x2)
"ipod service"=3 (0x3)
"gusvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe"=
"f:\\Program Files B\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Steam\\SteamApps\\short12stuff0615@excite.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files B\\World of Warcraft\\BackgroundDownloader.exe"=
"f:\\Program Files B\\Bitcomet\\BitComet.exe"=
"f:\\Program Files B\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe"=
"f:\\Program Files B\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"f:\\Program Files B\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\short12stuff0615@excite.com\\codename gordon\\cg.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\medieval ii total war demo\\medieval2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files B\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Alex May\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Alex May\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpsvc.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18944:TCP"= 18944:TCP:BitComet 18944 TCP
"18944:UDP"= 18944:UDP:BitComet 18944 UDP
"7000:TCP"= 7000:TCP:Blizzard Downloader: 7000
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"15508:TCP"= 15508:TCP:BitComet 15508 TCP
"15508:UDP"= 15508:UDP:BitComet 15508 UDP

R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 74480]
R2 viewpoint manager service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/4/2009 2:13 PM 24652]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\SYSTEM32\DRIVERS\A3AB.sys [3/22/2005 7:17 PM 450400]
S1 e1141f2e;e1141f2e;c:\windows\SYSTEM32\DRIVERS\e1141f2e.sys [4/21/2009 12:25 AM 0]
S3 Aloolp2dluis;Aloolp2dluis; [x]
S3 manycam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [4/28/2006 4:49 PM 642560]
.
Contents of the 'Scheduled Tasks' folder

2010-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-02 23:44]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3678623677-686160755-3649480313-1009Core.job
- c:\documents and settings\Alex May\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-21 07:36]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3678623677-686160755-3649480313-1009UA.job
- c:\documents and settings\Alex May\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-21 07:36]

2010-04-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-03-03 16:22]

2010-04-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-03-03 16:22]

2010-04-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-26 16:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.osu.edu/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &D&ownload &with BitComet - f:\program files b\Bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - f:\program files b\Bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - f:\program files b\Bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: xfire_lsp_9425.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Alex May\Application Data\Mozilla\Firefox\Profiles\tlop0npp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.osu.edu/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\Alex May\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Alex May\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: f:\program files b\Adobe\Reader\browser\nppdf32.dll
FF - plugin: f:\program files b\Divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: f:\program files b\Divx\DivX Web Player\npdivx32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SiteAdvisor - c:\program files\SiteAdvisor\6172\SiteAdv.exe
SharedTaskScheduler-{f4ceb799-34c8-490e-b4ce-e9e25321671f} - c:\windows\system32\pemoduza.dll
SharedTaskScheduler-{f3a566f4-59b0-463d-b261-3e8e3e5ed175} - c:\windows\system32\kapebubu.dll
SSODL-duzavemop-{f4ceb799-34c8-490e-b4ce-e9e25321671f} - c:\windows\system32\pemoduza.dll
SSODL-tahokekev-{f3a566f4-59b0-463d-b261-3e8e3e5ed175} - c:\windows\system32\kapebubu.dll
SafeBoot-klmdb.sys
MSConfigStartUp-aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-BMe3aa03fe - c:\windows\system32\mpxmmbam.dll
MSConfigStartUp-e0993062 - c:\windows\system32\nsnnpvbl.dll
AddRemove-aim_6 - c:\program files\AIM6\uninst.exe
AddRemove-Medieval Total War - c:\program files\Total War\Medieval - Total War\Uninst.isu
AddRemove-mirc - f:\program files b\mIRC\mirc.exe
AddRemove-SimParkv1.0 - c:\maxis\SimPark\DeIsL1.isu
AddRemove-snood_is1 - f:\program files b\Snood\Snood\unins000.exe
AddRemove-yahoo! companion - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-yahoo! toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - c:\program files\NOS\bin\getPlus_HelperSvc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-25 17:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x872F1AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74fefc3
\Driver\ACPI -> ACPI.sys @ 0xf7471cb8
\Driver\atapi -> atapi.sys @ 0xf74297b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
NDIS: D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.cool.gif -> SendCompleteHandler -> NDIS.sys @ 0xf7321bc3
PacketIndicateHandler -> NDIS.sys @ 0xf732db21
SendHandler -> NDIS.sys @ 0xf7321d33
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3678623677-686160755-3649480313-1009\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="A31F863C38FEFE32B4FB823AE50E55B6D25C92F208266F22335A1E89AEA1A1D80EA52174465519BA7665FA82FC5FFE55CB6DDA353B43186039C3A769A7D408923FF38ACD40F7973F59317B2F7E2990C8A5CFE68B0F5B28DDA88860821AA6F78E1888E50413428A2ABDDAABDF29D1756E5F1C0A9C3502820CC37CE5A0C4F56DF33D17B626AF0128F64A949C0A3EB4BB3BC120FB61DE413175142CB6616D198981170768988BF54ABB67C13F7704A117B5D5DB5928C112DE36E1D43839DAD7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407BA7FD869164D67945D575E7D6A3B98083FAC1D03597BA9A036C5B226292D46677D4A754E57CC93F4F3138871D9ED79BBBB382DC24062E828670C3C362AE9610336F03A54422689375FF270E156E5515666401E50F63BB0FA0FE23905AD65E4744ED3386D390ACD405D5CF1E4E6394FD6CBC69162704D4ECD325D0B086F8D2E3C643AB26DE128EFFDC5EA56CABA7CD4BA9A5EEDE803B014C776A4DA6A911E2250B804B2DAC58487D3925324986397C870A4ADDC85EB545985A9F5120B97AB2719302005F2D3F72A1660D72908D8C8135B62EFCD8B49F9F917BB1FE07B691C2AF2D11538A25AACF60FF2577604F29F22D1ED75F1861F3752804007B903542B1AB0CD7B228F11A40D7E2EBDE0AC7181679E06213F33D475C639EDA4541B8866EA94F2815911103190931E0D03D8F7A7D9020EE9700435723D2E22042CF31A32935B37673B31D57AAB77EE5CB80F8B1EF02D0C5A039CEF40A0BE5CC500EE81C3112EB282E731C27E0BC173D6A28C95C52CC92C92B9D798C4DEBE409ED2A31B266231A23E42841D0A5E8121B727C1E6530CEF3CC61AC3A6B9EBF616566B5A27390B776715F3D00EC3DAB81254EE53B04F1731AFBCEE21762DBD22C9C8D593CA2E130B0898E77323A1385D049168990997D68E1ED0C565C400CEF26AE760828E8D05E82AEF4F7B4C6F34D9D8EAC1A0E9DB5800C0F0F1B938699E0AAC361F0CDDB0F1819C521DAC61CC100B96EC722A3322ACF0F6A209FCD4712E02684C69CA0AC66CBA518E0BFD1A2F8EC3E6BA33A926416B40C5FAE33F09F606651957D88DC5D20DEB5A86931B945CF84A180A0249E9672DBFD0A523C6222B2FB4DE96CC562C2B6FE373ACF76352719D589CA61D6389160F386562268DD41539E4FE5F6A5DB77B32E2F60DBCEA38DD4A1B096D8D89711FB3E3F1059540378CB65CDE19968C48C1799EE743A8F80F6556B697D19900F4AEC0710873DA40C6C03EF78C407E01A4D06DBF6A02C989859E18BF27D74FBFCA40DE84602BA22361B3EA8836658F8E73CF3962470DED4A2DF7EEBF389C01F48DA33C34D43860B34A3A5AD0312DFCBB41B98D196BBE"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(584)
c:\windows\system32\xfire_lsp_9425.dll

- - - - - - - > 'explorer.exe'(3376)
c:\windows\system32\xfire_lsp_9425.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\brss01a.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
f:\program files b\Sony Vegas 6\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\windows\wanmpsvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\BCMSMMSG.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-04-25 18:09:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-25 22:09
ComboFix2.txt 2009-05-01 19:00
ComboFix3.txt 2009-04-30 21:31
ComboFix4.txt 2009-04-23 00:59

Pre-Run: 2,721,619,968 bytes free
Post-Run: 3,447,660,544 bytes free

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,7,8,9
- - End Of File - - 0540DF01CA3552B921D9EB6DA601DED9


#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:59 AM

Posted 27 April 2010 - 02:29 PM

Hi,


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
File::
c:\windows\system32\o.dat
c:\windows\SYSTEM32\DRIVERS\e1141f2e.sys
Driver::
e1141f2e
Aloolp2dluis


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 MayGyver

MayGyver
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 28 April 2010 - 12:21 AM

ComboFix 10-04-21.01 - Admin 04/28/2010 0:41.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.683 [GMT -4:00]
Running from: c:\documents and settings\Admin\Desktop\schrauber.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\SYSTEM32\DRIVERS\e1141f2e.sys"
"c:\windows\system32\o.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SYSTEM32\DRIVERS\e1141f2e.sys
c:\windows\system32\o.dat

Infected copy of c:\windows\system32\drivers\pciide.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALOOLP2DLUIS
-------\Service_Aloolp2dluis
-------\Service_e1141f2e


((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-28 )))))))))))))))))))))))))))))))
.

2010-04-28 05:01 . 2010-04-28 05:01 -------- d-----w- c:\windows\LastGood
2010-04-27 04:32 . 2010-04-27 04:32 -------- d-----w- c:\program files\AIM7
2010-04-24 15:06 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-04-24 15:06 . 2004-08-04 07:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-04-24 15:06 . 2004-08-04 05:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-04-24 15:06 . 2004-08-04 05:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-04-17 01:18 . 2010-04-17 01:18 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-17 01:17 . 2010-04-18 08:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-15 07:51 . 2010-04-15 07:51 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-03-29 14:01 . 1996-11-17 14:37 32256 ----a-w- c:\windows\system32\Selfreg.dll
2010-03-29 14:01 . 1996-11-17 14:37 20080 ----a-w- c:\windows\system32\Winsspi.dll
2010-03-29 14:01 . 1996-12-12 06:37 31744 ----a-w- c:\windows\system32\Hlp95en.dll
2010-03-29 14:01 . 1996-11-17 14:37 12288 ----a-w- c:\windows\system32\Hlinkprx.dll
2010-03-29 14:01 . 1996-12-12 22:23 195072 ----a-w- c:\windows\system32\Msodeusa.dll
2010-03-29 14:01 . 1996-12-12 19:07 6144 ----a-w- c:\windows\system32\W95fiber.dll
2010-03-29 14:01 . 2010-03-29 14:01 -------- d-----w- c:\program files\Access 97 Runtime
2010-03-29 14:01 . 2010-03-29 14:01 -------- d-----w- c:\program files\Common Files\Sagekey Software
2010-03-29 14:01 . 2005-06-20 14:31 110592 ----a-w- c:\windows\system32\SageKeyx.dll
2010-03-29 14:01 . 2007-02-10 03:04 339968 ----a-w- c:\windows\system32\sagekey6.dll
2010-03-29 14:01 . 2010-04-07 20:25 -------- d-----w- c:\program files\TSPDAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 04:35 . 2003-11-22 01:30 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-04-27 08:05 . 2009-02-02 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-23 20:05 . 2009-09-03 01:19 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
2010-04-23 20:05 . 2009-09-03 01:16 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2010-04-23 04:44 . 2007-03-18 21:34 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-15 19:13 . 2003-11-22 01:30 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-13 05:43 . 2009-05-14 00:31 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2010-04-11 23:02 . 2009-02-26 02:06 114738 ----a-w- c:\windows\War3Unin.dat
2010-04-06 03:57 . 2010-02-04 05:30 -------- d-----w- c:\documents and settings\Admin\Application Data\Crack DAT PAT
2010-03-16 14:55 . 2007-03-03 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-15 23:03 . 2007-03-03 21:15 -------- d-----w- c:\program files\McAfee
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4027c7f-154a-4066-a1ad-4243d8127440}]
2009-02-26 16:25 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM7\aim.exe" [2010-03-08 3972440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Logitech Utility"="Logi_MwX.Exe" [2003-05-16 19968]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="f:\program files b\Adobe\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-02 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-04 198160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2006-9-17 1646592]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2009-09-25 04:54 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Cool - Auto Update.lnk]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\Cool - Auto Update.lnk
backup=c:\windows\pss\Cool - Auto Update.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^TA_Start.lnk]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\TA_Start.lnk
backup=c:\windows\pss\TA_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^last.fm helper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aim]
2009-12-01 17:38 3951976 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools]
2005-12-10 14:57 133016 ----a-w- f:\program files b\Daemon Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\google update]
2009-09-21 07:36 133104 ----atw- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper]
2009-04-02 20:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2010-02-11 16:36 1218008 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 23:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spybotsd teatimer]
2009-03-05 20:07 2260480 --sha-r- f:\program files b\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\superantispyware]
2010-02-11 06:44 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updatemanager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
"SiteAdvisor Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"yahooauservice"=2 (0x2)
"javaquickstarterservice"=2 (0x2)
"ipod service"=3 (0x3)
"gusvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe"=
"f:\\Program Files B\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Steam\\SteamApps\\short12stuff0615@excite.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files B\\World of Warcraft\\BackgroundDownloader.exe"=
"f:\\Program Files B\\Bitcomet\\BitComet.exe"=
"f:\\Program Files B\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe"=
"f:\\Program Files B\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"f:\\Program Files B\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\short12stuff0615@excite.com\\codename gordon\\cg.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\medieval ii total war demo\\medieval2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files B\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpsvc.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18944:TCP"= 18944:TCP:BitComet 18944 TCP
"18944:UDP"= 18944:UDP:BitComet 18944 UDP
"7000:TCP"= 7000:TCP:Blizzard Downloader: 7000
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"15508:TCP"= 15508:TCP:BitComet 15508 TCP
"15508:UDP"= 15508:UDP:BitComet 15508 UDP

R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 74480]
R2 viewpoint manager service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/4/2009 2:13 PM 24652]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\SYSTEM32\DRIVERS\A3AB.sys [3/22/2005 7:17 PM 450400]
S3 manycam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [4/28/2006 4:49 PM 642560]
.
Contents of the 'Scheduled Tasks' folder

2010-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-02 23:44]

2010-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3678623677-686160755-3649480313-1009Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-21 07:36]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3678623677-686160755-3649480313-1009UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-21 07:36]

2010-04-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-03-03 16:22]

2010-04-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-03-03 16:22]

2010-04-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-26 16:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.osu.edu/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &D&ownload &with BitComet - f:\program files b\Bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - f:\program files b\Bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - f:\program files b\Bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: xfire_lsp_9425.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\tlop0npp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.osu.edu/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: f:\program files b\Adobe\Reader\browser\nppdf32.dll
FF - plugin: f:\program files b\Divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: f:\program files b\Divx\DivX Web Player\npdivx32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 00:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x872F1AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74fefc3
\Driver\ACPI -> ACPI.sys @ 0xf7471cb8
\Driver\atapi -> atapi.sys @ 0xf74297b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
NDIS: D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.cool.gif -> SendCompleteHandler -> NDIS.sys @ 0xf7321bc3
PacketIndicateHandler -> NDIS.sys @ 0xf732db21
SendHandler -> NDIS.sys @ 0xf7321d33
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3678623677-686160755-3649480313-1009\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="A31F863C38FEFE32B4FB823AE50E55B6D25C92F208266F22335A1E89AEA1A1D80EA52174465519BA7665FA82FC5FFE55CB6DDA353B43186039C3A769A7D408923FF38ACD40F7973F59317B2F7E2990C8A5CFE68B0F5B28DDA88860821AA6F78E1888E50413428A2ABDDAABDF29D1756E5F1C0A9C3502820CC37CE5A0C4F56DF33D17B626AF0128F64A949C0A3EB4BB3BC120FB61DE413175142CB6616D198981170768988BF54ABB67C13F7704A117B5D5DB5928C112DE36E1D43839DAD7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407BA7FD869164D67945D575E7D6A3B98083FAC1D03597BA9A036C5B226292D46677D4A754E57CC93F4F3138871D9ED79BBBB382DC24062E828670C3C362AE9610336F03A54422689375FF270E156E5515666401E50F63BB0FA0FE23905AD65E4744ED3386D390ACD405D5CF1E4E6394FD6CBC69162704D4ECD325D0B086F8D2E3C643AB26DE128EFFDC5EA56CABA7CD4BA9A5EEDE803B014C776A4DA6A911E2250B804B2DAC58487D3925324986397C870A4ADDC85EB545985A9F5120B97AB2719302005F2D3F72A1660D72908D8C8135B62EFCD8B49F9F917BB1FE07B691C2AF2D11538A25AACF60FF2577604F29F22D1ED75F1861F3752804007B903542B1AB0CD7B228F11A40D7E2EBDE0AC7181679E06213F33D475C639EDA4541B8866EA94F2815911103190931E0D03D8F7A7D9020EE9700435723D2E22042CF31A32935B37673B31D57AAB77EE5CB80F8B1EF02D0C5A039CEF40A0BE5CC500EE81C3112EB282E731C27E0BC173D6A28C95C52CC92C92B9D798C4DEBE409ED2A31B266231A23E42841D0A5E8121B727C1E6530CEF3CC61AC3A6B9EBF616566B5A27390B776715F3D00EC3DAB81254EE53B04F1731AFBCEE21762DBD22C9C8D593CA2E130B0898E77323A1385D049168990997D68E1ED0C565C400CEF26AE760828E8D05E82AEF4F7B4C6F34D9D8EAC1A0E9DB5800C0F0F1B938699E0AAC361F0CDDB0F1819C521DAC61CC100B96EC722A3322ACF0F6A209FCD4712E02684C69CA0AC66CBA518E0BFD1A2F8EC3E6BA33A926416B40C5FAE33F09F606651957D88DC5D20DEB5A86931B945CF84A180A0249E9672DBFD0A523C6222B2FB4DE96CC562C2B6FE373ACF76352719D589CA61D6389160F386562268DD41539E4FE5F6A5DB77B32E2F60DBCEA38DD4A1B096D8D89711FB3E3F1059540378CB65CDE19968C48C1799EE743A8F80F6556B697D19900F4AEC0710873DA40C6C03EF78C407E01A4D06DBF6A02C989859E18BF27D74FBFCA40DE84602BA22361B3EA8836658F8E73CF3962470DED4A2DF7EEBF389C01F48DA33C34D43860B34A3A5AD0312DFCBB41B98D196BBE"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(584)
c:\windows\system32\xfire_lsp_9425.dll

- - - - - - - > 'explorer.exe'(3364)
c:\windows\system32\xfire_lsp_9425.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\brss01a.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
f:\program files b\Sony Vegas 6\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\windows\wanmpsvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\BCMSMMSG.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\McAfee\MPF\MPFSrv.exe
.
**************************************************************************
.
Completion time: 2010-04-28 01:15:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-28 05:15
ComboFix2.txt 2010-04-25 22:09
ComboFix3.txt 2009-05-01 19:00
ComboFix4.txt 2009-04-30 21:31
ComboFix5.txt 2010-04-28 04:33

Pre-Run: 3,326,017,536 bytes free
Post-Run: 3,272,818,688 bytes free

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,7,8,9
- - End Of File - - 67062BB8D091921CE154E0705B94FC2D


#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:59 AM

Posted 30 April 2010 - 11:27 AM

Hi,

How is it running now? smile.gif



Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.






I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt





  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 MayGyver

MayGyver
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 30 April 2010 - 09:12 PM

It is still a little bit slow to load and I got a win32 error thing a little while ago.

Here is the malware scan:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4056

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4/30/2010 10:08:10 PM
mbam-log-2010-04-30 (22-08-10).txt

Scan type: Quick scan
Objects scanned: 164231
Time elapsed: 9 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Going to do the second part now.

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:59 AM

Posted 01 May 2010 - 09:41 AM

Ok smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 MayGyver

MayGyver
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 01 May 2010 - 02:32 PM

I did the ESET online scan, but it took 7 hours and when I went to export to text file, it froze up. it found 28 files. I guess I will restart and run it again.

#13 MayGyver

MayGyver
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 02 May 2010 - 12:34 AM

Well, I ran it again, and I got the same Win32 error message after it finished so I could not copy a log file. However, on the second scan it didn't find anything. I will go ahead and do the last thing you wanted to do and hopefully it will allow me to post those logs.

#14 MayGyver

MayGyver
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 02 May 2010 - 01:44 AM

OTL logfile created on: 5/2/2010 2:30:44 AM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 601.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 4.77 Gb Free Space | 6.41% Space Free | Partition Type: NTFS
Drive D: | 594.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 88.45 Gb Free Space | 37.98% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXDESKTOP
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/02 02:29:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/02/11 12:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/04 15:33:53 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/07/18 13:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/08 15:42:42 | 000,256,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/04/06 21:11:02 | 000,339,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006/03/28 15:48:54 | 000,622,592 | R--- | M] () -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2006/03/01 16:06:22 | 000,069,632 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2005/06/10 05:34:34 | 001,646,592 | R--- | M] (Scansoft, Inc.) -- C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
PRC - [2005/03/17 14:25:54 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
PRC - [2004/12/16 17:49:14 | 000,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2003/08/13 12:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2003/08/06 18:58:26 | 001,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/06/03 11:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2003/01/10 19:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- F:\Program Files B\Sony Vegas 6\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
PRC - [2001/12/12 03:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\BRSS01A.EXE
PRC - [2001/11/22 03:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\BRSVC01A.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/02 02:29:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 03:56:43 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcp60.dll
MOD - [2004/08/04 02:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2003/06/03 11:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/06/03 11:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SiteAdvisor Service)
SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - [2010/02/11 12:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (yahooauservice)
SRV - [2007/10/05 17:33:26 | 000,341,328 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe -- (Emproxy)
SRV - [2007/07/18 13:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/03/08 15:42:42 | 000,256,096 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe -- (McRedirector)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/25 19:01:58 | 000,643,664 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/01/16 19:03:36 | 000,362,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (viewpoint manager service)
SRV - [2005/06/30 16:34:37 | 000,074,360 | ---- | M] (Autodesk, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2004/10/22 13:42:44 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2003/08/06 18:58:26 | 001,376,360 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/03/03 15:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/01/10 19:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files B\Sony Vegas 6\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Program Files B\Sony Vegas 6\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
SRV - [2001/11/22 03:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\BRSVC01A.EXE -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - [2009/09/25 00:54:34 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/05/20 01:33:56 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (sasdifsv)
DRV - [2009/02/25 18:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2008/02/06 10:51:44 | 000,171,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2007/07/13 07:20:24 | 000,113,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2007/06/25 15:54:44 | 000,071,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2007/06/25 10:57:28 | 000,037,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2007/06/25 10:57:24 | 000,032,008 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2007/06/25 10:57:10 | 000,034,184 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/04/28 18:43:00 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/04/28 16:49:53 | 000,642,560 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys -- (sptd)
DRV - [2006/02/16 18:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/03/22 19:17:34 | 000,450,400 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/04 02:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 02:07:42 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/07/27 11:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\ANIO.sys -- (ANIO)
DRV - [2004/04/24 20:44:43 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys -- (MxlW2k)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/06 03:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 03:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 03:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 03:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 03:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 03:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 03:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 03:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 03:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 05:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/22 02:14:04 | 000,004,608 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\npptNT.sys -- (NPPTNT)
DRV - [2003/07/14 13:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 13:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 04:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2003/05/16 11:50:00 | 000,072,893 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lmouflt2.sys -- (LMouFlt2)
DRV - [2003/05/16 11:50:00 | 000,053,869 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042PR2.SYS -- (L8042pr2)
DRV - [2003/05/16 11:50:00 | 000,037,883 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003/05/16 11:50:00 | 000,025,213 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003/01/10 19:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/05/13 20:59:20 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys -- (bvrp_pci)
DRV - [2001/08/27 14:29:26 | 000,050,528 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EUSBMSD.SYS -- (EUSBMSD)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [1999/09/10 07:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.osu.edu/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.osu.edu/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.3.1.313
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.8.7
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 23:21:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 23:21:28 | 000,000,000 | ---D | M]

[2008/08/27 18:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2010/05/01 05:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\tlop0npp.default\extensions
[2009/05/06 14:50:08 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\tlop0npp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/05/06 14:50:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\tlop0npp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/09/22 14:51:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\tlop0npp.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/01/27 02:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\tlop0npp.default\extensions\toolbar@ask.com
[2008/08/27 18:11:26 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\tlop0npp.default\searchplugins\siteadvisor.xml
[2010/05/01 05:05:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/09/18 19:58:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test
[2006/03/05 15:11:57 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/04/28 00:57:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (BitComet Helper) - {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - F:\Program Files B\Bitcomet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6f74-2d53-2644-206d7942484f} - F:\Program Files B\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ask.com Toolbar) - {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll File not found
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Program Files B\Adobe\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk = C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe (Scansoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - F:\Program Files B\Bitcomet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - F:\Program Files B\Bitcomet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - F:\Program Files B\Bitcomet\BitComet.exe (www.BitComet.com)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067a26b-1337-4436-8afe-ee169c2da79f} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - F:\Program Files B\Bitcomet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - F:\Program Files B\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!saswinlogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/21 07:07:48 | 000,000,029 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2003/11/21 21:16:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/02 02:28:57 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010/04/30 22:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/30 21:54:41 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam-setup-1.46.exe
[2010/04/30 07:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/28 11:55:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/27 00:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\AIM7
[2010/04/16 21:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/16 21:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/14 21:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/29 10:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sagekey Software
[2010/03/29 10:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Access 97 Runtime
[2010/03/29 10:01:21 | 000,339,968 | ---- | C] (SageKey Software) -- C:\WINDOWS\System32\sagekey6.dll
[2010/03/29 10:01:21 | 000,204,800 | ---- | C] (SageKey Software Inc.) -- C:\WINDOWS\System32\SagekeySecurity.ocx
[2010/03/29 10:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\TSPDAT
[2010/02/08 14:51:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2010/02/08 01:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\AskToolbar
[2010/02/04 01:30:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Crack DAT PAT
[2010/02/04 01:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Crack DAT PAT
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/02 02:29:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010/05/02 02:25:29 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/05/02 02:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/05/02 01:41:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3678623677-686160755-3649480313-1009UA.job
[2010/05/02 01:33:56 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/02 01:33:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/02 01:33:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/02 01:33:33 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/01 20:03:07 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/01 03:41:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3678623677-686160755-3649480313-1009Core.job
[2010/05/01 01:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/04/30 21:55:48 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/30 21:54:41 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam-setup-1.46.exe
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 03:40:19 | 000,054,818 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/04/29 03:40:15 | 013,107,200 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/04/29 03:40:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Admin\NTUSER.INI
[2010/04/29 03:05:54 | 000,485,844 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/29 03:05:54 | 000,423,140 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/04/29 03:05:54 | 000,071,544 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/04/29 03:02:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/28 13:15:06 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Personal Statement.doc
[2010/04/28 11:53:07 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Resume.doc
[2010/04/28 01:02:09 | 000,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/28 00:57:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/04/27 10:49:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/27 00:32:41 | 000,002,009 | -H-- | M] () -- C:\IPH.PH
[2010/04/27 00:32:38 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/04/25 23:56:06 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Google Chrome.lnk
[2010/04/25 16:59:08 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Admin\Desktop\schrauber.exe
[2010/04/23 16:16:41 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\q2lr2qff.exe
[2010/04/23 16:10:35 | 000,004,300 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Attach.zip
[2010/04/21 04:15:56 | 000,001,088 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\35KNma140
[2010/04/18 21:48:43 | 000,000,876 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5mQ6cU6r72D8X
[2010/04/16 21:18:20 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/04/14 22:46:22 | 001,504,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/14 21:47:29 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/04/14 21:47:28 | 000,000,994 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/04/13 01:35:05 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 19:02:07 | 000,114,738 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2010/03/29 10:27:37 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Admin.acl
[2010/03/29 10:01:26 | 000,001,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TopScore Pro for the DAT.lnk
[2010/03/15 04:58:48 | 000,091,648 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Kaplan Summary.doc
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/02/09 01:21:23 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/04 01:29:10 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Crack DAT PAT.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/30 21:55:48 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/29 03:02:01 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/25 17:17:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/25 17:17:06 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/25 16:59:08 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Admin\Desktop\schrauber.exe
[2010/04/23 16:16:39 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\q2lr2qff.exe
[2010/04/23 16:10:35 | 000,004,300 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Attach.zip
[2010/04/21 04:15:56 | 000,001,088 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\35KNma140
[2010/04/21 04:15:56 | 000,001,088 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\35KNma140
[2010/04/20 00:09:19 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Resume.doc
[2010/04/18 21:48:42 | 000,000,876 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\5mQ6cU6r72D8X
[2010/04/18 21:48:42 | 000,000,876 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5mQ6cU6r72D8X
[2010/04/16 21:18:20 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/15 14:59:32 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Google Chrome.lnk
[2010/04/14 19:43:57 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Personal Statement.doc
[2010/03/29 10:27:37 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Admin.acl
[2010/03/29 10:01:34 | 000,384,399 | ---- | C] () -- C:\WINDOWS\System32\JETERR35.hlp
[2010/03/29 10:01:34 | 000,086,101 | ---- | C] () -- C:\WINDOWS\System32\JETDEF35.hlp
[2010/03/29 10:01:34 | 000,000,337 | ---- | C] () -- C:\WINDOWS\System32\JETERR35.cnt
[2010/03/29 10:01:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2010/03/29 10:01:30 | 000,005,438 | ---- | C] () -- C:\WINDOWS\System32\Misc.srg
[2010/03/29 10:01:30 | 000,000,504 | ---- | C] () -- C:\WINDOWS\System32\Misc2.srg
[2010/03/29 10:01:30 | 000,000,457 | ---- | C] () -- C:\WINDOWS\System32\Hlink.srg
[2010/03/29 10:01:29 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\Msaccess.srg
[2010/03/29 10:01:26 | 000,001,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TopScore Pro for the DAT.lnk
[2010/03/29 10:01:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\SageKeyx.dll
[2010/03/06 04:54:03 | 000,091,648 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Kaplan Summary.doc
[2010/02/09 01:21:23 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/04 01:29:10 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Crack DAT PAT.lnk
[2008/12/23 18:34:47 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/10/18 01:00:05 | 000,000,370 | ---- | C] () -- C:\WINDOWS\Graphing Calculator Viewer.INI
[2006/09/17 11:37:19 | 000,000,212 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/09/17 11:37:19 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/09/17 11:34:02 | 000,027,015 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/09/12 22:12:13 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/05/07 00:18:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/04/22 15:21:44 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/07/21 19:45:01 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/04/28 00:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/28 00:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/09/23 21:53:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\xfire_lsp_9425.dll
[2004/08/08 17:07:05 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\js32.dll
[2004/08/04 21:38:14 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/06/26 22:25:49 | 000,000,219 | ---- | C] () -- C:\WINDOWS\SimPark.ini
[2003/12/23 16:47:33 | 000,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2003/12/15 16:22:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003/12/15 16:22:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003/12/15 16:22:26 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003/12/10 23:10:33 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_6800.ini
[2003/12/10 23:07:08 | 000,000,079 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2003/12/10 23:07:07 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2003/12/10 23:07:05 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2003/12/10 23:07:03 | 000,000,105 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2003/12/09 22:10:12 | 000,000,470 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/12/02 21:55:30 | 000,021,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/11/27 02:27:11 | 000,000,105 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2003/11/21 21:59:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/11/21 21:55:33 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/11/21 21:50:41 | 000,000,611 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/11/21 21:46:38 | 000,000,894 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/11/21 21:31:08 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/21 21:30:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/11/21 21:19:08 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/14 01:13:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/10 16:03:04 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/06/15 03:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\2K Sports
[2006/05/07 00:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\acccore
[2009/05/04 15:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Aim
[2010/04/05 23:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Crack DAT PAT
[2004/10/03 19:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DMCache
[2010/01/27 02:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ManyCam
[2006/04/28 20:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Publish Providers
[2007/11/07 17:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Ruckus Network
[2006/04/28 20:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Sony
[2007/06/04 00:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Viewpoint
[2009/05/12 18:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/01/04 20:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2007/06/13 01:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2003/11/27 13:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/04/28 20:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/08/23 14:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/05/12 18:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/08/27 23:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/05/04 14:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/05/01 01:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/05/02 02:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/31 17:51:54 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2004/08/31 17:51:54 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\erdnt\cache\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2001/08/17 15:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS
[2001/08/17 15:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2004/08/31 17:51:54 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2004/08/31 17:51:54 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/08/29 03:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2002/08/29 03:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2010/04/15 15:13:03 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/04/15 15:13:03 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2003/04/23 11:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys
[2003/04/23 11:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2002/08/29 07:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL
[2002/08/29 07:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2002/08/29 07:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2002/08/29 07:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SYSTEM32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\erdnt\cache\scecli.dll
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SYSTEM32\scecli.dll
[2002/08/29 07:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2002/08/29 07:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/02/25 17:42:32 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\ATIDEMGX.dll
[2009/02/20 04:30:23 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/02/20 04:30:23 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/03 10:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 10:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 10:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemdrive%\*.sys /90 /md5 >
[2010/05/02 01:33:33 | 1072,746,496 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010/05/02 01:33:31 | 1610,612,736 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys
< End of report >








OTL Extras logfile created on: 5/2/2010 2:30:48 AM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 601.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 4.77 Gb Free Space | 6.41% Space Free | Partition Type: NTFS
Drive D: | 594.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 88.45 Gb Free Space | 37.98% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXDESKTOP
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [addtoplaylistvlc] -- "F:\Program Files B\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [playwithvlc] -- "F:\Program Files B\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files B\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "F:\Program Files B\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "F:\Program Files B\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"18944:TCP" = 18944:TCP:*:Enabled:BitComet 18944 TCP
"18944:UDP" = 18944:UDP:*:Enabled:BitComet 18944 UDP
"7000:TCP" = 7000:TCP:*:Enabled:Blizzard Downloader: 7000
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"15508:TCP" = 15508:TCP:*:Enabled:BitComet 15508 TCP
"15508:UDP" = 15508:UDP:*:Enabled:BitComet 15508 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (AOL LLC)
"F:\Program Files B\Last.fm\LastFM.exe" = F:\Program Files B\Last.fm\LastFM.exe:*:Enabled:Last.fm -- (Last.fm)
"C:\Program Files\Steam\SteamApps\short12stuff0615@excite.com\counter-strike\hl.exe" = C:\Program Files\Steam\SteamApps\short12stuff0615@excite.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"F:\Program Files B\World of Warcraft\BackgroundDownloader.exe" = F:\Program Files B\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\Program Files B\Bitcomet\BitComet.exe" = F:\Program Files B\Bitcomet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"F:\Program Files B\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe" = F:\Program Files B\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\Program Files B\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe" = F:\Program Files B\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\Program Files B\World of Warcraft\Launcher.exe" = F:\Program Files B\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Steam\SteamApps\short12stuff0615@excite.com\codename gordon\cg.exe" = C:\Program Files\Steam\SteamApps\short12stuff0615@excite.com\codename gordon\cg.exe:*:Enabled:Codename Gordon -- (The Design Assembly GmbH)
"C:\Program Files\Steam\SteamApps\common\medieval ii total war demo\medieval2.exe" = C:\Program Files\Steam\SteamApps\common\medieval ii total war demo\medieval2.exe:*:Enabled:Medieval II: Total War Demo -- (The Creative Assembly Ltd)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"F:\Program Files B\VLC\vlc.exe" = F:\Program Files B\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe:*:Enabled:HelpSvc -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{055ee59d-217b-43a7-abff-507b966405d8}" = ATI Catalyst Control Center
"{07287123-b8ac-41ce-8346-3d777245c35b}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216ab108-2ae1-4130-b3d5-20b2c4c80f8f}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26a24ae4-039d-4ca4-87b4-2f83216013ff}" = Java™ 6 Update 13
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing
"{4324bc93-c82f-ed16-ba86-5e34b9e05303}" = ccc-core-static
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4ed118ee-785c-cc18-5d2e-d5ca4baa03f0}" = Catalyst Control Center Graphics Full New
"{539475b7-44b7-8b0a-134c-f01b9c8b7569}" = ccc-core-preinstall
"{541deac0-5f3d-45e6-b7cb-94ecf3b96748}" = Skype web features
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.77
"{5ac7ae54-55df-1126-076c-623f008d40b6}" = Catalyst Control Center Graphics Full Existing
"{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English
"{6351d217-3ee3-1967-29be-6a77635fe485}" = Skins
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856f-b6b3-4be0-ba0b-8f495be32033}" = Apple Software Update
"{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility
"{6ab9cd3a-f91f-233b-923b-6c59ba63524d}" = Catalyst Control Center HydraVision Full
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{72736f5f-520d-472a-88cc-7b02872fd34e}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{85a91c22-c369-fcfb-5f1f-d59eb21ad0e1}" = CCC Help English
"{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}" = iTunes
"{86d4b82a-abed-442a-be86-96357b70f4fe}" = Ask Toolbar
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}" = URGE
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000ff1ce}" = Compatibility Pack for the 2007 Office system
"{90437E5F-0A9E-4B63-AD8B-D232897D18BF}" = ATI Parental Control & Encoder
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{a6d0140f-e62f-9d1e-2408-9cff91ff6fc8}" = ccc-utility
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{afa20d47-69c3-4030-8df8-d37466e70f13}" = Apple Mobile Device Support
"{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b4092c6d-e886-4cb2-ba68-fe5a88d31de6}_is1" = Spybot - Search & Destroy
"{b7050cbdb2504b34bc2a9ca0a692cc29}" = DivX Web Player
"{bbc783b7-8725-3b1c-b49a-ba7f09391251}" = Google Talk Plugin
"{c4124e95-5061-4776-8d5d-e3d931c778e1}" = Microsoft VC9 runtime libraries
"{c44a7422-e380-44be-79fe-1c032d8a03a7}" = Catalyst Control Center Core Implementation
"{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}" = Sony Media Manager 2.0
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{d103c4ba-f905-437a-8049-db24763bbe36}" = Skype™ 4.1
"{d3b1c799-cb73-42de-ba0f-2344793a095c}" = Catalyst Control Center - Branding
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{e5d24929-91a4-b0a1-de00-afc453921ef7}" = Catalyst Control Center Graphics Light
"{e6c09bfb-ba75-15c7-5b18-a2ce31c4f42b}" = Catalyst Control Center Graphics Previews Common
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe AIR" = Adobe AIR
"adobe flash player activex" = Adobe Flash Player 10 ActiveX
"adobe flash player plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BitComet" = BitComet 1.07
"camstudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"crack dat pat" = Crack DAT PAT 2010-2011
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"LastFM_is1" = Last.fm 1.3.0.62
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MCAT CD Companion_is1" = MCAT CD Companion
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Product_Name" = DAT Achiever
"PROSet" = Intel® PRO Network Adapters and Drivers
"realplayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam" = Steam
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TSPDAT" = TSPDAT
"ViewpointMediaPlayer" = Viewpoint Media Player
"vlc media player" = VLC media player 1.0.0-rc1
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" %3

#15 MayGyver

MayGyver
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 02 May 2010 - 01:44 AM

Sorry for the duplicate.

Edited by MayGyver, 02 May 2010 - 01:48 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users