Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack - Redirect infection (Google/wellaction)


  • This topic is locked This topic is locked
33 replies to this topic

#1 Roaming Diplomat

Roaming Diplomat

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 13 June 2010 - 01:00 AM

This problem started about a week ago, since then I have scanned the computer with AVG, Malwarebytes, Microsoft live care scan, and a few registry editor programs; in both normal mode and safe mode. However the issue never seems to resolved. Sometimes a single Google window will pop up on its on. Other times and quite often, I get redirected to various sites. The following 3 sites being the main ones:

http ://search.google-analytics.com/
http :www.wellaction.com
http: //results.google-analytics.com/


I hope someone can assist me in the removal of this "infection". Thank you in advance!

( !!!! The only thing I edited in the DDS.txt file was my computer user account name which also happens to be my full name in real life. Hope that doesn't ruin the file !!!)
-----------------------------------------------------------------------------------------------------------------




DDS (Ver_10-03-17.01) - NTFSx86
Run by mchei at 1:03:46.43 on Sun 06/13/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1003 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\mchei\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.ca
uWindow Title =
mWindow Title =
uInternet Settings,ProxyOverride = *.local
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\moemch~1\appdata\roaming\mozilla\firefox\profiles\ynndllct.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5

\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-3 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-3 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-3 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-3 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-3 308064]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-1-25

6628352]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-6-3 430152]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]

=============== Created Last 30 ================

2010-06-13 04:35:54 0 d-----w- c:\program files\Runtime Software
2010-06-13 04:14:33 0 d-----w- c:\programdata\Cobian
2010-06-13 04:13:05 0 d-----w- c:\program files\Cobian Backup 9
2010-06-13 03:55:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-13 03:55:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-12 20:35:25 0 d---a-w- c:\programdata\TEMP
2010-06-12 20:20:12 0 d-----w- c:\program files\Trend Micro
2010-06-12 17:07:26 0 d-----w- c:\users\moemch~1\appdata\roaming\BitTorrent
2010-06-12 16:32:13 0 d-----w- c:\program files\BitTorrent
2010-06-12 01:22:29 0 d-----w- c:\programdata\WindowsSearch
2010-06-11 15:18:59 65536 --sha-w- c:\users\mchei\NTUSER.DAT{f1f5b45b-7568-11df-97bf-001b381355a3}.TM.blf
2010-06-11 15:18:59 524288 --sha-w- c:\users\mchei\NTUSER.DAT{f1f5b45b-7568-11df-97bf-

001b381355a3}.TMContainer00000000000000000002.regtrans-ms
2010-06-11 15:18:59 524288 --sha-w- c:\users\mchei\NTUSER.DAT{f1f5b45b-7568-11df-97bf-

001b381355a3}.TMContainer00000000000000000001.regtrans-ms
2010-06-11 04:45:29 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 04:45:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 04:45:00 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 04:42:41 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 03:02:57 244024 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2010-06-11 03:02:57 203976 ----a-w- c:\windows\system32\richtx32.ocx
2010-06-11 03:02:57 184320 ----a-w- c:\windows\system32\wzcsvc.dll
2010-06-11 03:02:57 118784 ----a-w- c:\windows\system32\msstdfmt.dll
2010-06-10 02:09:53 65536 --sha-w- c:\users\mchei\NTUSER.DAT{00bef628-7401-11df-9a5f-001b381355a3}.TM.blf
2010-06-10 02:09:53 524288 --sha-w- c:\users\mchei\NTUSER.DAT{00bef628-7401-11df-9a5f-

001b381355a3}.TMContainer00000000000000000002.regtrans-ms
2010-06-10 02:09:53 524288 --sha-w- c:\users\mchei\NTUSER.DAT{00bef628-7401-11df-9a5f-

001b381355a3}.TMContainer00000000000000000001.regtrans-ms
2010-06-10 02:07:29 262144 ---ha-w- c:\users\mchei\ntuser.dat.new.LOG1
2010-06-10 02:07:29 0 ---ha-w- c:\users\mchei\ntuser.dat.new.LOG2
2010-06-10 01:20:37 58 ----a-w- c:\windows\RegDefrag.ini
2010-06-09 19:28:34 0 d-----w- c:\program files\WinASO
2010-06-08 03:33:42 0 ----a-w- c:\windows\system32\8104297.jun
2010-06-07 16:15:18 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-07 16:15:10 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-06-07 16:15:10 420800 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-06-07 16:15:10 0 d-----w- c:\windows\system32\ZoneLabs
2010-06-07 16:15:08 0 d-----w- c:\program files\Zone Labs
2010-06-07 16:14:35 0 d-----w- c:\programdata\CheckPoint
2010-06-07 16:14:34 0 d-----w- c:\windows\Internet Logs
2010-06-07 07:21:29 0 d-----w- c:\users\mchei\dwhelper
2010-06-06 22:35:56 0 d-----w- c:\program files\common files\Macrovision Shared
2010-06-06 22:34:35 0 d-----w- c:\programdata\Rosetta Stone
2010-06-06 21:58:36 0 d-----w- c:\program files\PowerISO
2010-06-06 04:14:58 0 d-----w- c:\programdata\PCPitstop
2010-06-06 01:57:12 0 d-----w- c:\users\moemch~1\appdata\roaming\FrostWire
2010-06-05 18:46:06 0 d-----w- c:\program files\Search Settings
2010-06-05 18:45:21 0 d-----w- c:\program files\Application Updater
2010-06-05 18:44:55 0 d-----w- c:\users\moemch~1\appdata\roaming\FreeAudioPack
2010-06-05 18:44:55 0 d-----w- c:\program files\Free Audio Pack
2010-06-05 17:13:50 0 d-----w- c:\users\moemch~1\appdata\roaming\Malwarebytes
2010-06-05 17:13:33 0 d-----w- c:\programdata\Malwarebytes
2010-06-05 17:13:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-04 20:01:44 0 d-----w- c:\users\mchei\Tracing
2010-06-04 20:00:51 0 d-----w- c:\program files\Microsoft
2010-06-04 20:00:28 0 d-----w- c:\program files\Windows Live SkyDrive
2010-06-04 19:58:42 0 d-----w- c:\windows\PCHEALTH
2010-06-04 19:55:11 0 d-----w- c:\program files\common files\Windows Live
2010-06-04 18:37:36 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-06-04 18:37:09 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-06-04 16:45:51 0 d-----w- c:\program files\Alarm
2010-06-04 03:51:13 38 ----a-w- c:\windows\osAviSplitter.INI
2010-06-04 03:05:50 0 d-----w- c:\users\moemch~1\appdata\roaming\uTorrent
2010-06-04 01:50:34 0 d--h--w- C:\$AVG
2010-06-04 01:50:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-04 01:50:19 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-04 01:50:07 0 d-----w- c:\windows\system32\drivers\Avg
2010-06-04 01:50:03 0 d-----w- c:\programdata\AVG Security Toolbar
2010-06-04 01:49:23 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-04 01:46:51 0 d-----w- c:\program files\AVG
2010-06-04 01:46:26 0 d-----w- c:\programdata\avg9
2010-06-04 01:36:03 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-06-04 01:36:03 270848 ----a-w- c:\windows\system32\schannel.dll
2010-06-04 01:35:38 0 d-----w- c:\program files\Privacy Mantra 2.08
2010-06-04 01:25:51 0 d-----w- c:\program files\Windows Portable Devices
2010-06-04 01:25:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-04 01:19:53 0 d-----w- c:\program files\common files\xing shared
2010-06-04 01:18:48 0 d-----w- c:\program files\common files\Real
2010-06-04 01:18:47 0 d-----w- c:\programdata\Real
2010-06-04 01:10:41 0 d-----w- c:\windows\system32\Adobe
2010-06-04 01:09:29 0 d-----w- c:\programdata\Sun
2010-06-04 01:08:42 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-04 01:03:06 0 d-----w- c:\windows\Panther
2010-06-04 01:00:57 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-06-04 01:00:56 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-06-04 01:00:56 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-06-04 00:58:22 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-06-04 00:57:54 0 d-----w- c:\program files\DCoder Image Source
2010-06-04 00:57:48 0 d-----w- c:\program files\FFMPEG Core Files
2010-06-04 00:57:38 0 d-----w- c:\program files\SHOUTcast Source
2010-06-04 00:57:35 0 d-----w- c:\program files\MONOGRAM AMR SplitterDecoder
2010-06-04 00:57:33 0 d-----w- c:\program files\CD Audio Reader Filter
2010-06-04 00:57:32 0 d-----w- c:\program files\OpenSource AVI Splitter
2010-06-04 00:57:31 0 d-----w- c:\program files\Gabest MPEG Splitter
2010-06-04 00:57:30 0 d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2010-06-04 00:57:24 0 d-----w- c:\program files\RealMedia
2010-06-04 00:57:05 0 d-----w- c:\program files\DScaler5
2010-06-04 00:56:59 497664 ----a-w- c:\windows\system32\ac3filter.acm
2010-06-04 00:56:58 0 d-----w- c:\program files\AC3Filter
2010-06-04 00:56:50 0 d-----w- c:\program files\OpenSource Flash Video Splitter
2010-06-04 00:56:47 0 d-----w- c:\program files\DirectVobSub
2010-06-04 00:56:43 0 d-----w- c:\program files\Haali
2010-06-04 00:56:33 0 d-----w- c:\program files\Bass Audio Decoder
2010-06-04 00:56:18 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-04 00:56:08 0 d-----w- c:\program files\ffdshow
2010-06-04 00:56:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-06-04 00:56:00 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-06-04 00:56:00 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-06-04 00:55:17 0 d-----w- c:\program files\Zoom Player
2010-06-04 00:46:49 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-04 00:43:29 57667 ----a-w- c:\windows\system32\ieuinit.inf
2010-06-04 00:38:53 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-04 00:38:53 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-04 00:37:52 0 d-----w- c:\program files\iPod
2010-06-04 00:37:45 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-04 00:37:44 0 d-----w- c:\program files\iTunes
2010-06-04 00:35:40 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-06-04 00:35:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-06-04 00:35:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-06-04 00:35:21 0 d-----w- c:\programdata\Apple Computer
2010-06-04 00:32:28 0 d-----w- c:\program files\Bonjour
2010-06-04 00:31:15 0 d-----w- c:\programdata\Apple
2010-06-04 00:28:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-06-04 00:28:45 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-06-04 00:28:45 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-06-04 00:28:17 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-06-04 00:28:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-04 00:28:15 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-04 00:28:09 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-04 00:28:09 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-06-04 00:28:09 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-06-04 00:28:09 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-06-04 00:26:54 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-06-04 00:26:54 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-04 00:26:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-06-04 00:26:54 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-04 00:26:53 9728 ----a-w- c:\windows\system32\lsass.exe
2010-06-04 00:26:53 72704 ----a-w- c:\windows\system32\secur32.dll
2010-06-04 00:26:02 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-06-04 00:25:57 2868224 ----a-w- c:\windows\system32\mf.dll
2010-06-04 00:25:46 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-06-04 00:25:46 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-06-04 00:25:46 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-06-04 00:25:46 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-06-04 00:25:46 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-06-04 00:25:46 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-06-04 00:25:46 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-06-04 00:25:46 10240 ----a-w- c:\windows\system32\finger.exe
2010-06-04 00:25:45 17920 ----a-w- c:\windows\system32\netevent.dll
2010-06-04 00:21:51 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-06-04 00:21:51 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-04 00:21:48 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-06-04 00:21:47 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-06-04 00:21:47 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-06-04 00:21:47 2501921 ----a-w- c:\windows\system32\wlan.tmf
2010-06-04 00:21:47 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-06-04 00:21:46 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-06-04 00:21:38 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-04 00:21:13 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-04 00:18:06 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-06-04 00:18:05 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-06-04 00:18:05 23552 ----a-w- c:\windows\system32\lpk.dll
2010-06-04 00:18:05 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-06-04 00:18:03 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-04 00:18:03 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-04 00:18:03 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-04 00:18:01 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-04 00:18:01 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-04 00:17:56 71680 ----a-w- c:\windows\system32\atl.dll
2010-06-03 23:58:49 16046 ----a-w- c:\windows\system32\results.xml
2010-06-03 23:58:22 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-06-03 23:58:22 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-06-03 23:58:22 121232 ----a-w- c:\windows\system32\IScrNB.bmp
2010-06-03 23:53:02 0 d-----w- c:\windows\system32\Lang
2010-06-03 23:52:43 0 d-----w- C:\Intel
2010-06-03 23:50:08 0 d-----w- c:\windows\tiinst
2010-06-03 23:49:08 1002008 ----a-w- c:\windows\system32\igxpun.exe
2010-06-03 23:49:08 0 d-----w- c:\windows\system32\x64
2010-06-03 23:49:03 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-06-03 23:47:45 0 d-----w- c:\users\moemch~1\appdata\roaming\WinBatch
2010-06-03 23:47:44 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-03 23:47:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-06-03 23:46:49 0 d-sh--w- c:\windows\Installer
2010-06-03 23:38:24 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-06-03 23:38:10 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-06-03 23:37:58 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-06-03 23:37:58 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-06-03 22:26:01 98816 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2010-06-03 22:26:01 0 d-----w- c:\program files\Realtek
2010-06-03 22:25:37 0 d-----w- C:\swsetup
2010-06-03 22:25:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-21 18:15:33 0 d-----w- C:\logs
2010-05-21 18:08:18 0 d-----w- C:\drivers

==================== Find3M ====================

2010-06-07 16:15:14 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-06-07 16:15:14 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-07 16:15:13 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-04 01:25:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-29 09:47:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-29 09:47:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-17 02:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-16 12:33:36 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 12:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 1:04:02.77 ===============

Attached Files


Edited by Roaming Diplomat, 13 June 2010 - 01:34 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 PM

Posted 13 June 2010 - 01:41 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  1. Do not run any other tool untill instructed to do so!
  2. Do not Attach logs unless I ask you to.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
  6. Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I would like to know if you are behind a router?

Download and run OTL:

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Roaming Diplomat

Roaming Diplomat
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 13 June 2010 - 02:04 AM

The following are the 2 copies:





OTL logfile created on: 6/13/2010 2:56:16 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\mchei\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.99 Gb Total Space | 101.54 Gb Free Space | 58.36% Space Free | Partition Type: NTFS
Drive D: | 5.72 Gb Total Space | 5.65 Gb Free Space | 98.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCHEI-PC
Current User Name: mchei
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\mchei\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\mchei\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/03 21:20:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/03 22:11:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/06/03 21:50:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/12 12:31:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/12 12:30:39 | 000,000,000 | ---D | M]

[2010/06/12 12:31:27 | 000,000,000 | ---D | M] -- C:\Users\mchei\AppData\Roaming\Mozilla\Extensions
[2010/06/12 12:34:19 | 000,000,000 | ---D | M] -- C:\Users\mchei\AppData\Roaming\Mozilla\Firefox\Profiles\ynndllct.default\extensions
[2010/06/12 12:34:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mchei\AppData\Roaming\Mozilla\Firefox\Profiles\ynndllct.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 12:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\mchei\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\mchei\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/13 02:54:30 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\mchei\Desktop\OTL.exe
[2010/06/13 00:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/06/13 00:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Cobian
[2010/06/13 00:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2010/06/12 23:55:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/12 23:55:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/12 16:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/12 16:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/12 13:07:26 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Roaming\BitTorrent
[2010/06/12 12:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/06/12 12:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/11 21:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/06/11 00:45:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/11 00:45:00 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/11 00:45:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/11 00:43:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/06/11 00:43:28 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/06/11 00:43:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/06/11 00:43:28 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/06/11 00:43:28 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/06/11 00:43:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/06/11 00:43:27 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/06/11 00:43:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/06/11 00:43:27 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/06/11 00:43:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/06/11 00:43:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/06/11 00:43:27 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/06/11 00:43:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/06/11 00:43:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/06/11 00:43:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/06/11 00:42:41 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/06/11 00:03:36 | 000,000,000 | ---D | C] -- C:\Users\mchei\Desktop\youtube 2mp3 songs
[2010/06/10 23:02:57 | 000,244,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX
[2010/06/10 23:02:57 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2010/06/10 23:02:57 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstdfmt.dll
[2010/06/09 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinASO
[2010/06/08 23:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/06/07 12:15:30 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll
[2010/06/07 12:15:24 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2010/06/07 12:15:24 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2010/06/07 12:15:20 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll
[2010/06/07 12:15:18 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll
[2010/06/07 12:15:18 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll
[2010/06/07 12:15:17 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll
[2010/06/07 12:15:17 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll
[2010/06/07 12:15:17 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll
[2010/06/07 12:15:10 | 000,457,304 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys
[2010/06/07 12:15:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2010/06/07 12:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/06/07 12:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/06/07 12:14:34 | 000,712,192 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll
[2010/06/07 12:14:34 | 000,228,352 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll
[2010/06/07 12:14:34 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/06/07 03:21:29 | 000,000,000 | ---D | C] -- C:\Users\mchei\dwhelper
[2010/06/06 18:44:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/06 18:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/06/06 18:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2010/06/06 17:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/06/06 14:28:05 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Local\Microsoft Games
[2010/06/06 00:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2010/06/05 21:57:22 | 000,000,000 | ---D | C] -- C:\Users\mchei\Documents\FrostWire
[2010/06/05 21:57:12 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Roaming\FrostWire
[2010/06/05 14:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Search Settings
[2010/06/05 14:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/06/05 14:44:57 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMCT232.OCX
[2010/06/05 14:44:56 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll
[2010/06/05 14:44:56 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll
[2010/06/05 14:44:56 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll
[2010/06/05 14:44:56 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll
[2010/06/05 14:44:56 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll
[2010/06/05 14:44:56 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll
[2010/06/05 14:44:56 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll
[2010/06/05 14:44:56 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll
[2010/06/05 14:44:56 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTL32.OCX
[2010/06/05 14:44:56 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL
[2010/06/05 14:44:56 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinet.OCX
[2010/06/05 14:44:56 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6STKIT.DLL
[2010/06/05 14:44:56 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTFR.DLL
[2010/06/05 14:44:56 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetfr.DLL
[2010/06/05 14:44:55 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomctl.ocx
[2010/06/05 14:44:55 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.dll
[2010/06/05 14:44:55 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2010/06/05 14:44:55 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2010/06/05 14:44:55 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2010/06/05 14:44:55 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL
[2010/06/05 14:44:55 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscc2fr.dll
[2010/06/05 14:44:55 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGFR.DLL
[2010/06/05 14:44:55 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Roaming\FreeAudioPack
[2010/06/05 14:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Free Audio Pack
[2010/06/05 13:54:22 | 000,000,000 | ---D | C] -- C:\Users\mchei\Documents\My Received Files
[2010/06/05 13:13:50 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Roaming\Malwarebytes
[2010/06/05 13:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/05 13:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/04 16:01:44 | 000,000,000 | ---D | C] -- C:\Users\mchei\Tracing
[2010/06/04 16:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/06/04 16:00:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/06/04 16:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/06/04 15:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/06/04 15:58:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/06/04 15:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/06/04 14:37:36 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/06/04 14:36:40 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/06/04 12:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Alarm
[2010/06/03 23:05:50 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Roaming\uTorrent
[2010/06/03 22:37:31 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Roaming\Macromedia
[2010/06/03 22:37:31 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Roaming\Adobe
[2010/06/03 22:16:36 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Local\AVG Security Toolbar
[2010/06/03 21:50:34 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/06/03 21:50:22 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/06/03 21:50:19 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/03 21:50:08 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/06/03 21:50:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/06/03 21:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/06/03 21:49:23 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/06/03 21:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/03 21:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/06/03 21:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Privacy Mantra 2.08
[2010/06/03 21:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/06/03 21:20:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/06/03 21:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/06/03 21:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/06/03 21:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/06/03 21:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/06/03 21:18:20 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Roaming\Real
[2010/06/03 21:10:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010/06/03 21:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/06/03 21:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/03 21:08:42 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/06/03 21:08:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/06/03 21:08:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/06/03 21:08:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/06/03 21:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/06/03 21:03:06 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/06/03 21:00:57 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/06/03 21:00:56 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/06/03 21:00:56 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/06/03 20:59:46 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/06/03 20:59:46 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/06/03 20:59:45 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/06/03 20:59:45 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/06/03 20:59:45 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/06/03 20:59:45 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/06/03 20:59:45 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/06/03 20:59:45 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/06/03 20:59:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/06/03 20:59:44 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/06/03 20:59:44 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/06/03 20:59:44 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/06/03 20:59:44 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/06/03 20:59:44 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/06/03 20:59:44 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/06/03 20:59:44 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/06/03 20:59:44 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/06/03 20:59:44 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/06/03 20:59:44 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/06/03 20:59:44 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/06/03 20:59:44 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/06/03 20:59:44 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/06/03 20:59:44 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/06/03 20:59:43 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/06/03 20:59:43 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/06/03 20:58:22 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/06/03 20:58:22 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/06/03 20:58:20 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/06/03 20:58:18 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/06/03 20:58:18 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/06/03 20:58:17 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/06/03 20:58:17 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/06/03 20:58:17 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/06/03 20:58:17 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/06/03 20:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\DCoder Image Source
[2010/06/03 20:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/06/03 20:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\FFMPEG Core Files
[2010/06/03 20:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\SHOUTcast Source
[2010/06/03 20:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\MONOGRAM AMR SplitterDecoder
[2010/06/03 20:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\CD Audio Reader Filter
[2010/06/03 20:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource AVI Splitter
[2010/06/03 20:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest MPEG Splitter
[2010/06/03 20:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource DTSAC3DD+ Source Filter
[2010/06/03 20:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\RealMedia
[2010/06/03 20:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\DScaler5
[2010/06/03 20:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2010/06/03 20:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource Flash Video Splitter
[2010/06/03 20:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub
[2010/06/03 20:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/06/03 20:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bass Audio Decoder
[2010/06/03 20:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/06/03 20:56:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/06/03 20:56:00 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/06/03 20:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Zoom Player
[2010/06/03 20:46:49 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/06/03 20:40:40 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/06/03 20:40:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/06/03 20:40:39 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/06/03 20:40:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/06/03 20:40:38 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/06/03 20:40:38 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/06/03 20:40:38 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/06/03 20:40:38 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/06/03 20:40:37 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/06/03 20:40:37 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/06/03 20:40:36 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/06/03 20:40:36 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/06/03 20:40:35 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/06/03 20:40:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/06/03 20:40:35 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/06/03 20:40:33 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/06/03 20:40:32 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/06/03 20:40:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/06/03 20:40:28 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/06/03 20:40:28 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/06/03 20:40:28 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/06/03 20:40:27 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/06/03 20:40:27 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/06/03 20:40:27 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/06/03 20:40:27 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/06/03 20:39:36 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Roaming\Apple Computer
[2010/06/03 20:39:36 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Local\Apple Computer
[2010/06/03 20:38:53 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/06/03 20:38:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/06/03 20:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/03 20:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/03 20:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/03 20:35:40 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/06/03 20:35:38 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/06/03 20:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/03 20:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/06/03 20:34:35 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Local\Apple
[2010/06/03 20:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/03 20:33:58 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010/06/03 20:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/03 20:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/06/03 20:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/03 20:29:56 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/06/03 20:29:56 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/06/03 20:29:55 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/06/03 20:29:49 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/06/03 20:29:48 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/06/03 20:29:47 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/06/03 20:29:47 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/06/03 20:29:47 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/06/03 20:29:47 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/06/03 20:29:47 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/06/03 20:29:47 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/06/03 20:29:47 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/06/03 20:29:29 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/06/03 20:29:26 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/06/03 20:29:25 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/06/03 20:29:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/06/03 20:29:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/06/03 20:28:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/06/03 20:28:45 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/06/03 20:28:17 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/06/03 20:28:15 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/06/03 20:28:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/06/03 20:27:59 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/06/03 20:27:58 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/06/03 20:27:53 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/06/03 20:27:52 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/06/03 20:27:52 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/06/03 20:27:52 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/06/03 20:27:44 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/06/03 20:27:42 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/06/03 20:27:38 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/06/03 20:27:22 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/06/03 20:26:54 | 001,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/06/03 20:25:57 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/06/03 20:25:57 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/06/03 20:25:46 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/06/03 20:25:46 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/06/03 20:25:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/06/03 20:25:46 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/06/03 20:25:46 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/06/03 20:25:46 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/06/03 20:25:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010/06/03 20:25:46 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/06/03 20:25:45 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/06/03 20:21:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/06/03 20:21:47 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/06/03 20:21:47 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/06/03 20:21:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010/06/03 20:21:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/06/03 20:18:06 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/06/03 20:18:05 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/06/03 20:18:05 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/06/03 20:17:48 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/06/03 20:09:03 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Local\Mozilla
[2010/06/03 20:09:01 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Roaming\Mozilla
[2010/06/03 20:04:27 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/06/03 19:58:22 | 000,398,336 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\TVWizudlg.exe
[2010/06/03 19:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/06/03 19:53:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010/06/03 19:52:43 | 000,000,000 | ---D | C] -- C:\Intel
[2010/06/03 19:50:08 | 000,000,000 | ---D | C] -- C:\Windows\tiinst
[2010/06/03 19:49:08 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe
[2010/06/03 19:49:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2010/06/03 19:49:03 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2010/06/03 19:47:45 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Roaming\WinBatch
[2010/06/03 19:46:49 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/06/03 19:38:24 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/06/03 19:38:24 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/06/03 19:38:10 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/06/03 19:38:10 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/06/03 19:38:10 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/06/03 19:37:58 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/06/03 19:37:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/06/03 18:52:39 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Roaming\WinRAR
[2010/06/03 18:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/06/03 18:26:01 | 000,098,816 | ---- | C] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2010/06/03 18:26:01 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/06/03 18:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/06/03 18:25:38 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Roaming\InstallShield
[2010/06/03 18:25:37 | 000,000,000 | ---D | C] -- C:\swsetup
[2010/06/03 18:25:08 | 000,000,000 | R--D | C] -- C:\Users\mchei\Desktop\Shortcuts
[2010/06/03 17:40:04 | 000,000,000 | R--D | C] -- C:\Users\mchei\Searches
[2010/06/03 17:39:51 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Roaming\Identities
[2010/06/03 17:39:48 | 000,000,000 | R--D | C] -- C:\Users\mchei\Contacts
[2010/06/03 17:39:46 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Local\VirtualStore
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\AppData\Local\Temporary Internet Files
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\Templates
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\Start Menu
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\SendTo
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\Recent
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\PrintHood
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\NetHood
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\Documents\My Videos
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\Documents\My Pictures
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\Documents\My Music
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\My Documents
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\Local Settings
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\AppData\Local\History
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\Cookies
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\Application Data
[2010/06/03 17:39:41 | 000,000,000 | -HSD | C] -- C:\Users\mchei\AppData\Local\Application Data
[2010/06/03 17:39:40 | 000,000,000 | --SD | C] -- C:\Users\mchei\AppData\Roaming\Microsoft
[2010/06/03 17:39:40 | 000,000,000 | R--D | C] -- C:\Users\mchei\Videos
[2010/06/03 17:39:40 | 000,000,000 | R--D | C] -- C:\Users\mchei\Saved Games
[2010/06/03 17:39:40 | 000,000,000 | R--D | C] -- C:\Users\mchei\Pictures
[2010/06/03 17:39:40 | 000,000,000 | R--D | C] -- C:\Users\mchei\Music
[2010/06/03 17:39:40 | 000,000,000 | R--D | C] -- C:\Users\mchei\Links
[2010/06/03 17:39:40 | 000,000,000 | R--D | C] -- C:\Users\mchei\Favorites
[2010/06/03 17:39:40 | 000,000,000 | R--D | C] -- C:\Users\mchei\Downloads
[2010/06/03 17:39:40 | 000,000,000 | R--D | C] -- C:\Users\mchei\Documents
[2010/06/03 17:39:40 | 000,000,000 | R--D | C] -- C:\Users\mchei\Desktop
[2010/06/03 17:39:40 | 000,000,000 | -H-D | C] -- C:\Users\mchei\AppData
[2010/06/03 17:39:40 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Local\Temp
[2010/06/03 17:39:40 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Local\Microsoft
[2010/06/03 17:39:40 | 000,000,000 | ---D | C] -- C:\Users\mchei\AppData\Roaming\Media Center Programs
[2010/05/21 14:15:33 | 000,000,000 | ---D | C] -- C:\logs
[2010/05/21 14:08:18 | 000,000,000 | ---D | C] -- C:\drivers
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/13 02:56:59 | 001,835,008 | ---- | M] () -- C:\Users\mchei\NTUSER.DAT
[2010/06/13 02:54:32 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\mchei\Desktop\OTL.exe
[2010/06/13 02:42:38 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/13 02:42:38 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/13 01:10:34 | 000,049,664 | ---- | M] () -- C:\Users\mchei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/13 01:07:03 | 000,293,376 | ---- | M] () -- C:\Users\mchei\Desktop\gmer.exe
[2010/06/13 01:05:37 | 000,284,915 | ---- | M] () -- C:\Users\mchei\Desktop\gmer.zip
[2010/06/13 00:56:00 | 000,525,824 | ---- | M] () -- C:\Users\mchei\Desktop\dds.scr
[2010/06/13 00:42:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/13 00:42:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/13 00:42:33 | 2137,432,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/13 00:40:07 | 000,524,288 | -HS- | M] () -- C:\Users\mchei\NTUSER.DAT{f1f5b45b-7568-11df-97bf-001b381355a3}.TMContainer00000000000000000001.regtrans-ms
[2010/06/13 00:40:07 | 000,065,536 | -HS- | M] () -- C:\Users\mchei\NTUSER.DAT{f1f5b45b-7568-11df-97bf-001b381355a3}.TM.blf
[2010/06/13 00:40:04 | 006,291,456 | -H-- | M] () -- C:\Users\mchei\AppData\Local\IconCache.db
[2010/06/13 00:35:59 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2010/06/12 23:55:46 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/12 18:09:58 | 060,983,337 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/06/12 16:20:14 | 000,001,885 | ---- | M] () -- C:\Users\mchei\Desktop\HijackThis.lnk
[2010/06/12 12:30:41 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/06/12 12:18:00 | 000,052,224 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2010/06/11 21:23:21 | 000,524,288 | -HS- | M] () -- C:\Users\mchei\NTUSER.DAT{f1f5b45b-7568-11df-97bf-001b381355a3}.TMContainer00000000000000000002.regtrans-ms
[2010/06/11 11:16:10 | 001,835,008 | ---- | M] () -- C:\Users\mchei\ntuser.dat.bak
[2010/06/11 11:03:42 | 000,000,058 | ---- | M] () -- C:\Windows\RegDefrag.ini
[2010/06/11 03:11:06 | 000,524,288 | -HS- | M] () -- C:\Users\mchei\NTUSER.DAT{00bef628-7401-11df-9a5f-001b381355a3}.TMContainer00000000000000000001.regtrans-ms
[2010/06/11 03:11:06 | 000,065,536 | -HS- | M] () -- C:\Users\mchei\NTUSER.DAT{00bef628-7401-11df-9a5f-001b381355a3}.TM.blf
[2010/06/11 01:04:35 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/10 22:27:14 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/10 04:28:53 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/10 04:28:53 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/10 04:28:52 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/10 04:01:57 | 000,524,288 | -HS- | M] () -- C:\Users\mchei\NTUSER.DAT{00bef628-7401-11df-9a5f-001b381355a3}.TMContainer00000000000000000002.regtrans-ms
[2010/06/09 22:08:06 | 000,524,288 | -HS- | M] () -- C:\Users\mchei\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/09 22:08:06 | 000,065,536 | -HS- | M] () -- C:\Users\mchei\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/09 15:28:36 | 000,000,984 | ---- | M] () -- C:\Users\mchei\Desktop\WinASO Registry Optimizer.lnk
[2010/06/07 23:33:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\8104297.jun
[2010/06/07 12:15:51 | 000,420,800 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/06/07 12:15:32 | 000,000,882 | ---- | M] () -- C:\Users\mchei\Desktop\ZoneAlarm Security.lnk
[2010/06/07 11:46:21 | 000,019,906 | ---- | M] () -- C:\Users\mchei\Desktop\FACW.jpg
[2010/06/07 03:50:13 | 000,028,036 | ---- | M] () -- C:\Users\mchei\Desktop\Untitled.jpg
[2010/06/06 17:58:42 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/06/05 22:17:52 | 000,000,596 | ---- | M] () -- C:\Users\mchei\Desktop\Saved - Shortcut.lnk
[2010/06/05 14:45:01 | 000,001,051 | ---- | M] () -- C:\Users\mchei\Desktop\Free Mp3 Wma Converter.lnk
[2010/06/04 16:16:17 | 000,001,230 | ---- | M] () -- C:\Users\mchei\Desktop\Downloads - Shortcut.lnk
[2010/06/03 23:51:23 | 000,000,038 | ---- | M] () -- C:\Windows\osAviSplitter.INI
[2010/06/03 22:08:27 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/03 22:08:26 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/06/03 21:50:24 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/06/03 21:50:23 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/06/03 21:50:08 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/06/03 21:49:24 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/06/03 21:31:59 | 000,049,168 | ---- | M] () -- C:\Users\mchei\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/03 21:25:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/06/03 21:20:21 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/06/03 21:20:07 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/06/03 21:20:07 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/06/03 21:18:54 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/06/03 21:08:25 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/06/03 21:08:25 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/06/03 21:08:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/06/03 21:08:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/06/03 21:02:52 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/06/03 20:55:20 | 000,001,829 | ---- | M] () -- C:\Users\mchei\Desktop\Zoom Player.lnk
[2010/06/03 20:36:04 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/03 20:19:53 | 000,048,744 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/06/03 20:10:21 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/06/03 19:58:49 | 000,016,046 | ---- | M] () -- C:\Windows\System32\results.xml
[2010/06/03 18:36:55 | 000,000,680 | ---- | M] () -- C:\Users\mchei\AppData\Local\d3d9caps.dat
[2010/06/03 18:25:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/06/03 17:46:44 | 000,524,288 | -HS- | M] () -- C:\Users\mchei\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 17:39:41 | 000,000,020 | -HS- | M] () -- C:\Users\mchei\ntuser.ini
[2010/05/31 13:48:53 | 006,474,909 | ---- | M] () -- C:\Users\mchei\Desktop\Never Think.mp3
[2010/05/26 13:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/05/26 13:03:22 | 001,238,528 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll
[2010/05/26 13:03:16 | 000,712,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll
[2010/05/26 13:03:16 | 000,110,080 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll
[2010/05/26 13:03:16 | 000,103,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2010/05/26 13:03:16 | 000,069,120 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2010/05/26 13:03:16 | 000,043,008 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll
[2010/05/26 13:03:14 | 000,302,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll
[2010/05/26 13:03:14 | 000,228,352 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll
[2010/05/26 13:03:14 | 000,112,128 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll
[2010/05/26 13:03:14 | 000,107,520 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll
[2010/05/26 13:03:14 | 000,058,368 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll
[2010/05/26 10:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/05/25 14:23:28 | 000,120,908 | ---- | M] () -- C:\Users\mchei\Desktop\screen shot.jpg
[2010/05/21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/15 16:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/13 01:07:03 | 000,293,376 | ---- | C] () -- C:\Users\mchei\Desktop\gmer.exe
[2010/06/13 01:05:36 | 000,284,915 | ---- | C] () -- C:\Users\mchei\Desktop\gmer.zip
[2010/06/13 00:55:54 | 000,525,824 | ---- | C] () -- C:\Users\mchei\Desktop\dds.scr
[2010/06/13 00:35:59 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2010/06/12 23:55:46 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/12 18:01:44 | 2137,432,064 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/12 16:20:14 | 000,001,885 | ---- | C] () -- C:\Users\mchei\Desktop\HijackThis.lnk
[2010/06/12 12:30:41 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/06/11 11:18:59 | 000,524,288 | -HS- | C] () -- C:\Users\mchei\NTUSER.DAT{f1f5b45b-7568-11df-97bf-001b381355a3}.TMContainer00000000000000000002.regtrans-ms
[2010/06/11 11:18:59 | 000,524,288 | -HS- | C] () -- C:\Users\mchei\NTUSER.DAT{f1f5b45b-7568-11df-97bf-001b381355a3}.TMContainer00000000000000000001.regtrans-ms
[2010/06/11 11:18:59 | 000,065,536 | -HS- | C] () -- C:\Users\mchei\NTUSER.DAT{f1f5b45b-7568-11df-97bf-001b381355a3}.TM.blf
[2010/06/09 22:09:53 | 000,524,288 | -HS- | C] () -- C:\Users\mchei\NTUSER.DAT{00bef628-7401-11df-9a5f-001b381355a3}.TMContainer00000000000000000002.regtrans-ms
[2010/06/09 22:09:53 | 000,524,288 | -HS- | C] () -- C:\Users\mchei\NTUSER.DAT{00bef628-7401-11df-9a5f-001b381355a3}.TMContainer00000000000000000001.regtrans-ms
[2010/06/09 22:09:53 | 000,065,536 | -HS- | C] () -- C:\Users\mchei\NTUSER.DAT{00bef628-7401-11df-9a5f-001b381355a3}.TM.blf
[2010/06/09 22:07:29 | 000,262,144 | -H-- | C] () -- C:\Users\mchei\ntuser.dat.new.LOG1
[2010/06/09 22:07:29 | 000,000,000 | -H-- | C] () -- C:\Users\mchei\ntuser.dat.new.LOG2
[2010/06/09 21:20:37 | 000,000,058 | ---- | C] () -- C:\Windows\RegDefrag.ini
[2010/06/09 15:28:36 | 000,000,984 | ---- | C] () -- C:\Users\mchei\Desktop\WinASO Registry Optimizer.lnk
[2010/06/07 23:33:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\8104297.jun
[2010/06/07 12:15:32 | 000,000,882 | ---- | C] () -- C:\Users\mchei\Desktop\ZoneAlarm Security.lnk
[2010/06/07 12:15:10 | 000,420,800 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/06/07 11:46:21 | 000,019,906 | ---- | C] () -- C:\Users\mchei\Desktop\FACW.jpg
[2010/06/07 03:50:13 | 000,028,036 | ---- | C] () -- C:\Users\mchei\Desktop\Untitled.jpg
[2010/06/06 17:58:42 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/06/05 22:17:52 | 000,000,596 | ---- | C] () -- C:\Users\mchei\Desktop\Saved - Shortcut.lnk
[2010/06/05 14:45:01 | 000,001,051 | ---- | C] () -- C:\Users\mchei\Desktop\Free Mp3 Wma Converter.lnk
[2010/06/05 14:44:56 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2010/06/05 14:44:55 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/06/04 16:15:46 | 000,001,230 | ---- | C] () -- C:\Users\mchei\Desktop\Downloads - Shortcut.lnk
[2010/06/03 23:51:13 | 000,000,038 | ---- | C] () -- C:\Windows\osAviSplitter.INI
[2010/06/03 21:50:24 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/06/03 21:50:08 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/06/03 21:50:07 | 060,983,337 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/06/03 21:25:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/06/03 20:56:59 | 000,497,664 | ---- | C] () -- C:\Windows\System32\ac3filter.acm
[2010/06/03 20:56:18 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/06/03 20:55:20 | 000,001,829 | ---- | C] () -- C:\Users\mchei\Desktop\Zoom Player.lnk
[2010/06/03 20:43:29 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/06/03 20:39:14 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/03 20:36:04 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/03 20:21:47 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/06/03 20:10:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/06/03 19:58:49 | 000,016,046 | ---- | C] () -- C:\Windows\System32\results.xml
[2010/06/03 19:58:22 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/06/03 19:58:22 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
[2010/06/03 18:25:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/06/03 18:25:01 | 000,049,664 | ---- | C] () -- C:\Users\mchei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/03 17:39:42 | 000,000,680 | ---- | C] () -- C:\Users\mchei\AppData\Local\d3d9caps.dat
[2010/06/03 17:39:41 | 000,524,288 | -HS- | C] () -- C:\Users\mchei\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 17:39:41 | 000,000,020 | -HS- | C] () -- C:\Users\mchei\ntuser.ini
[2010/06/03 17:39:40 | 001,835,008 | ---- | C] () -- C:\Users\mchei\ntuser.dat.bak
[2010/06/03 17:39:40 | 001,835,008 | ---- | C] () -- C:\Users\mchei\NTUSER.DAT
[2010/06/03 17:39:40 | 000,524,288 | -HS- | C] () -- C:\Users\mchei\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 17:39:40 | 000,262,144 | -H-- | C] () -- C:\Users\mchei\ntuser.dat.LOG1
[2010/06/03 17:39:40 | 000,065,536 | -HS- | C] () -- C:\Users\mchei\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/03 17:39:40 | 000,000,000 | -H-- | C] () -- C:\Users\mchei\ntuser.dat.LOG2
[2010/05/25 14:23:27 | 000,120,908 | ---- | C] () -- C:\Users\mchei\Desktop\screen shot.jpg
[2009/04/11 09:18:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >



____________________________________________________________________________________________




OTL Extras logfile created on: 6/13/2010 2:56:16 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\mchei\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.99 Gb Total Space | 101.54 Gb Free Space | 58.36% Space Free | Partition Type: NTFS
Drive D: | 5.72 Gb Total Space | 5.65 Gb Free Space | 98.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCHEI-PC
Current User Name: mchei
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5E515524-84C5-4443-AF87-B636FD0D4138}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{63F06920-BF54-405C-B7C5-12A6293DFB72}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06855A80-A19E-4898-95E0-A300EBBE99E1}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{6349354D-011E-4646-BEB3-CF03DFB7D103}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C8D1D38-DE42-4008-84C3-51742668C21C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{80DF62BB-D1AC-4122-B7E7-FC036C62AB49}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{8816233E-BD3F-46EC-ACC0-3957DAAF2F30}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{98FCB7D2-0163-45A7-81C1-71EC49900A9A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C0549804-93DA-436B-B819-880A6A3AE178}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C4DD645E-AD35-4A39-AAD3-1C50EA84FE14}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{C7DA5897-329E-4492-8206-938937A48BE7}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{C9D13101-7DA1-430A-B872-34FD71247C5B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D264AE43-524D-49C9-9DF8-CFCAA5B4D805}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DE085AD0-5344-4B2E-8719-8402461F7CB8}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{E67D22FF-A009-426F-BEFF-21678908152F}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{ED12DD9E-2719-4E0F-BBA5-9EFAD6D2633B}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{EFCDB48C-67FD-4CF4-9C98-59F941990F6C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{A0075006-D00F-4811-ACBD-38599AD12F6E}C:\users\mchei\downloads\software\age of empires\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\mchei\downloads\software\age of empires\age2_x1.exe |
"UDP Query User{11308791-F763-4501-836B-7A7078FBB264}C:\users\mchei\downloads\software\age of empires\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\mchei\downloads\software\age of empires\age2_x1.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG Free 9.0
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"BitTorrent" = BitTorrent
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CobBackup9" = Cobian Backup 9
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PowerISO" = PowerISO
"Privacy Mantra 2.08" = Privacy Mantra 2.08
"RealMedia" = RealMedia (remove only)
"RealPlayer 12.0" = RealPlayer
"SHOUTcast Source" = SHOUTcast Source (remove only)
"TVWiz" = Intel® TV Wizard
"WinASO Registry Optimizer 4.5.5_is1" = WinASO Registry Optimizer 4.5.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"ZoneAlarm" = ZoneAlarm
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/12/2010 5:04:55 PM | Computer Name = mchei-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 6/12/2010 5:04:55 PM | Computer Name = mchei-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 6/12/2010 5:04:56 PM | Computer Name = mchei-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 6/12/2010 5:53:28 PM | Computer Name = mchei-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 6/12/2010 5:53:30 PM | Computer Name = mchei-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 6/12/2010 5:53:30 PM | Computer Name = mchei-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 6/12/2010 5:56:50 PM | Computer Name = mchei-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/12/2010 11:45:57 PM | Computer Name = mchei-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 6/12/2010 11:46:02 PM | Computer Name = mchei-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 6/12/2010 11:46:02 PM | Computer Name = mchei-PC | Source = Windows Search Service | ID = 3058
Description =

[ System Events ]
Error - 6/12/2010 6:07:23 PM | Computer Name = mchei-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/12/2010 6:19:32 PM | Computer Name = mchei-PC | Source = BROWSER | ID = 8032
Description =

Error - 6/12/2010 11:46:03 PM | Computer Name = mchei-PC | Source = DCOM | ID = 10005
Description =

Error - 6/12/2010 11:47:06 PM | Computer Name = mchei-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/12/2010 11:47:06 PM | Computer Name = mchei-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 6/12/2010 11:47:06 PM | Computer Name = mchei-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 6/12/2010 11:47:06 PM | Computer Name = mchei-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/12/2010 11:47:06 PM | Computer Name = mchei-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/13/2010 12:39:32 AM | Computer Name = mchei-PC | Source = DCOM | ID = 10010
Description =

Error - 6/13/2010 12:44:07 AM | Computer Name = mchei-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >








#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 PM

Posted 13 June 2010 - 02:19 AM

Greetings

we are going to check the router

Create and Run Batch File
    Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
CODE
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
    Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

    It should look like this: <--XP
    Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Roaming Diplomat

Roaming Diplomat
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 13 June 2010 - 02:28 AM

The Results:






Windows IP Configuration

Host Name . . . . . . . . . . . . : mchei-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-13-E8-32-05-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.2.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, June 13, 2010 12:42:42 AM
Lease Expires . . . . . . . . . . : Wednesday, July 20, 2146 9:54:15 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-1B-38-13-55-A3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 72.14.204.99
72.14.204.104
72.14.204.147
72.14.204.103

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.137.149.56
69.147.125.65
209.191.122.70
67.195.160.76
72.30.2.43



Pinging google.com [72.14.204.99] with 32 bytes of data:

Reply from 72.14.204.99: bytes=32 time=41ms TTL=53

Reply from 72.14.204.99: bytes=32 time=43ms TTL=53



Ping statistics for 72.14.204.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 41ms, Maximum = 43ms, Average = 42ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=52ms TTL=53

Reply from 209.191.122.70: bytes=32 time=57ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 52ms, Maximum = 57ms, Average = 54ms

===========================================================================
Interface List
11 ...00 13 e8 32 05 df ...... Intel® Wireless WiFi Link 4965AGN
10 ...00 1b 38 13 55 a3 ...... Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.6 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.6 286
192.168.2.6 255.255.255.255 On-link 192.168.2.6 286
192.168.2.255 255.255.255.255 On-link 192.168.2.6 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.6 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.6 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 PM

Posted 13 June 2010 - 04:07 AM

Hello

Please do The following.


It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully

    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Roaming Diplomat

Roaming Diplomat
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 13 June 2010 - 10:44 AM

I had no problem running the combofix, however the browser redirection seems to have remained. The following website opened in a new window http: //www.bestcanadiansites10.com/15/find/tv



The combofix Log file:




ComboFix 10-06-12.04 - mchei 06/13/2010 11:24:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1128 [GMT -4:00]
Running from: c:\users\mchei\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\feed.txt
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SeARchsettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
C:\XESCBBA.tmp

.
((((((((((((((((((((((((( Files Created from 2010-05-13 to 2010-06-13 )))))))))))))))))))))))))))))))
.

2010-06-13 15:31 . 2010-06-13 15:31 -------- d-----w- c:\users\mchei\AppData\Local\temp
2010-06-13 15:31 . 2010-06-13 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-13 04:35 . 2010-06-13 04:35 -------- d-----w- c:\program files\Runtime Software
2010-06-13 04:14 . 2010-06-13 04:14 -------- d-----w- c:\programdata\Cobian
2010-06-13 04:13 . 2010-06-13 04:14 -------- d-----w- c:\program files\Cobian Backup 9
2010-06-12 20:20 . 2010-06-12 20:20 -------- d-----w- c:\program files\Trend Micro
2010-06-12 17:07 . 2010-06-13 08:41 -------- d-----w- c:\users\mchei\AppData\Roaming\BitTorrent
2010-06-12 16:32 . 2010-06-12 16:32 -------- d-----w- c:\program files\BitTorrent
2010-06-12 01:22 . 2010-06-12 01:22 -------- d-----w- c:\programdata\WindowsSearch
2010-06-11 04:45 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 04:45 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 04:45 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 04:42 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 03:02 . 2001-10-04 17:14 184320 ----a-w- c:\windows\system32\wzcsvc.dll
2010-06-11 03:02 . 2000-04-04 03:05 118784 ----a-w- c:\windows\system32\msstdfmt.dll
2010-06-09 19:28 . 2010-06-09 19:28 -------- d-----w- c:\program files\WinASO
2010-06-09 03:22 . 2010-06-11 23:10 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-07 16:15 . 2010-05-26 17:03 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-06-07 16:15 . 2010-05-26 17:03 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-06-07 16:15 . 2010-05-26 17:03 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-07 16:15 . 2010-06-07 16:15 -------- d-----w- c:\windows\system32\ZoneLabs
2010-06-07 16:15 . 2010-05-15 20:30 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-06-07 16:15 . 2010-06-07 16:15 -------- d-----w- c:\program files\Zone Labs
2010-06-07 16:14 . 2010-06-07 16:14 -------- d-----w- c:\programdata\CheckPoint
2010-06-07 16:14 . 2010-06-13 15:12 -------- d-----w- c:\windows\Internet Logs
2010-06-07 07:21 . 2010-06-07 07:21 -------- d-----w- c:\users\mchei\dwhelper
2010-06-06 22:35 . 2010-06-06 22:35 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-06 22:34 . 2010-06-06 22:40 -------- d-----w- c:\programdata\Rosetta Stone
2010-06-06 21:58 . 2010-06-06 21:58 -------- d-----w- c:\program files\PowerISO
2010-06-06 18:28 . 2010-06-06 18:33 -------- d-----w- c:\users\mchei\AppData\Local\Microsoft Games
2010-06-06 04:14 . 2010-06-06 04:21 -------- d-----w- c:\programdata\PCPitstop
2010-06-06 02:04 . 2010-06-06 02:04 0 ----a-w- c:\users\mchei\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-06-06 01:57 . 2010-06-06 02:17 -------- d-----w- c:\users\mchei\AppData\Roaming\FrostWire
2010-06-05 18:45 . 2010-06-05 18:45 -------- d-----w- c:\program files\Application Updater
2010-06-05 17:13 . 2010-06-05 17:13 -------- d-----w- c:\users\mchei\AppData\Roaming\Malwarebytes
2010-06-05 17:13 . 2010-06-05 17:13 -------- d-----w- c:\programdata\Malwarebytes
2010-06-05 17:13 . 2010-06-13 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-04 20:01 . 2010-06-12 04:05 -------- d-----w- c:\users\mchei\Tracing
2010-06-04 20:00 . 2010-06-04 20:00 -------- d-----w- c:\program files\Microsoft
2010-06-04 20:00 . 2010-06-04 20:00 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-04 19:59 . 2010-06-04 20:00 -------- d-----w- c:\program files\Windows Live
2010-06-04 19:58 . 2010-06-04 19:58 -------- d-----w- c:\windows\PCHEALTH
2010-06-04 19:55 . 2010-06-04 19:55 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-04 18:37 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-06-04 18:37 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-06-04 16:50 . 2010-04-19 14:25 2117704 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-06-04 16:45 . 2010-06-04 16:45 -------- d-----w- c:\program files\Alarm
2010-06-04 03:05 . 2010-06-05 05:55 -------- d-----w- c:\users\mchei\AppData\Roaming\uTorrent
2010-06-04 02:16 . 2010-06-04 02:16 -------- d-----w- c:\users\mchei\AppData\Local\AVG Security Toolbar
2010-06-04 01:50 . 2010-06-04 01:50 -------- d-----w- C:\$AVG
2010-06-04 01:50 . 2010-06-04 01:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-04 01:50 . 2010-06-04 02:08 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-04 01:50 . 2010-06-04 02:08 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-04 01:50 . 2010-06-13 14:50 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-04 01:50 . 2010-06-04 16:50 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-06-04 01:49 . 2010-06-04 01:49 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-04 01:46 . 2010-06-04 01:46 -------- d-----w- c:\program files\AVG
2010-06-04 01:46 . 2010-06-04 01:46 -------- d-----w- c:\programdata\avg9
2010-06-04 01:36 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2010-06-04 01:36 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-06-04 01:35 . 2010-06-04 01:35 -------- d-----w- c:\program files\Privacy Mantra 2.08
2010-06-04 01:25 . 2010-06-04 01:25 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-04 01:20 . 2010-06-04 01:20 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-04 01:10 . 2010-06-04 01:10 -------- d-----w- c:\windows\system32\Adobe
2010-06-04 01:09 . 2010-06-04 01:09 -------- d-----w- c:\program files\Common Files\Java
2010-06-04 01:08 . 2010-06-04 01:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-04 01:08 . 2010-06-04 01:08 -------- d-----w- c:\program files\Java
2010-06-04 01:03 . 2010-06-04 00:30 -------- d-----w- c:\windows\Panther
2010-06-04 01:00 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-06-04 01:00 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-06-04 01:00 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-06-04 00:58 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-06-04 00:58 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-06-04 00:58 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-06-04 00:58 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-06-04 00:58 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-06-04 00:58 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-06-04 00:58 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-06-04 00:58 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-06-04 00:58 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-06-04 00:58 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-06-04 00:58 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-06-04 00:58 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\DCoder Image Source
2010-06-04 00:57 . 2010-06-07 06:51 -------- d-----w- c:\program files\7-Zip
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\FFMPEG Core Files
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\SHOUTcast Source
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\MONOGRAM AMR SplitterDecoder
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\CD Audio Reader Filter
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\OpenSource AVI Splitter
2010-06-04 00:57 . 2010-06-04 04:22 -------- d-----w- c:\program files\Gabest MPEG Splitter
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\RealMedia
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\DScaler5
2010-06-04 00:56 . 2010-06-04 00:57 -------- d-----w- c:\program files\AC3Filter
2010-06-04 00:56 . 2010-06-04 00:56 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2010-06-04 00:56 . 2010-06-04 04:22 -------- d-----w- c:\program files\DirectVobSub
2010-06-04 00:56 . 2010-06-04 00:56 -------- d-----w- c:\program files\Haali
2010-06-04 00:56 . 2010-06-04 00:56 -------- d-----w- c:\program files\Bass Audio Decoder
2010-06-04 00:56 . 2009-11-03 23:34 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-04 00:56 . 2010-06-04 04:22 -------- d-----w- c:\program files\ffdshow
2010-06-04 00:56 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-06-04 00:56 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-06-04 00:56 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-06-04 00:55 . 2010-06-13 06:18 -------- d-----w- c:\program files\Zoom Player
2010-06-04 00:46 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-04 00:39 . 2010-06-06 02:58 -------- d-----w- c:\users\mchei\AppData\Roaming\Apple Computer
2010-06-04 00:39 . 2010-06-04 03:37 -------- d-----w- c:\users\mchei\AppData\Local\Apple Computer
2010-06-04 00:38 . 2010-06-04 00:38 -------- dc----w- c:\windows\system32\DRVSTORE
2010-06-04 00:38 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-04 00:38 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-04 00:31 . 2010-06-04 00:31 -------- d-----w- c:\programdata\Apple
2010-06-04 00:28 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-06-04 00:28 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-06-04 00:28 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-04 00:28 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-04 00:28 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-04 00:28 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-06-04 00:28 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-06-04 00:28 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-06-04 00:26 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-04 00:26 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-06-04 00:26 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-06-04 00:26 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-04 00:26 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 21:54 . 2010-06-12 22:01 1704960 ----a-w- c:\windows\Internet Logs\xDB898A.tmp
2010-06-12 21:54 . 2010-06-12 22:01 2898432 ----a-w- c:\windows\Internet Logs\xDB87B5.tmp
2010-06-12 01:25 . 2010-06-12 01:26 1678336 ----a-w- c:\windows\Internet Logs\xDB92DC.tmp
2010-06-11 05:02 . 2010-06-11 05:04 1673216 ----a-w- c:\windows\Internet Logs\xDB48C2.tmp
2010-06-11 05:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-07 16:15 . 2010-06-07 16:15 420800 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-06-05 18:44 . 2010-06-05 18:44 -------- d-----w- c:\users\mchei\AppData\Roaming\FreeAudioPack
2010-06-05 18:44 . 2010-06-05 18:44 -------- d-----w- c:\program files\Free Audio Pack
2010-06-04 01:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-04 01:25 . 2010-06-04 01:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-04 01:20 . 2010-06-04 01:20 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-04 01:20 . 2010-06-04 01:20 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-04 01:20 . 2010-06-04 01:20 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-04 01:20 . 2010-06-04 01:20 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-04 01:20 . 2010-06-04 01:20 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-04 01:20 . 2010-06-04 01:20 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-04 01:20 . 2010-06-04 01:20 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-04 01:20 . 2010-06-04 01:20 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-04 01:20 . 2010-06-04 01:18 -------- d-----w- c:\program files\Common Files\Real
2010-06-04 01:20 . 2010-06-04 01:18 -------- d-----w- c:\program files\Real
2010-06-04 01:19 . 2010-06-04 01:19 -------- d-----w- c:\program files\Common Files\xing shared
2010-06-04 00:38 . 2010-06-04 00:37 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-04 00:38 . 2010-06-04 00:37 -------- d-----w- c:\program files\iTunes
2010-06-04 00:37 . 2010-06-04 00:37 -------- d-----w- c:\program files\iPod
2010-06-04 00:37 . 2010-06-04 00:31 -------- d-----w- c:\program files\Common Files\Apple
2010-06-04 00:37 . 2010-06-04 00:35 -------- d-----w- c:\programdata\Apple Computer
2010-06-04 00:36 . 2010-06-04 00:35 -------- d-----w- c:\program files\QuickTime
2010-06-04 00:34 . 2010-06-04 00:34 -------- d-----w- c:\program files\Apple Software Update
2010-06-04 00:32 . 2010-06-04 00:32 -------- d-----w- c:\program files\Bonjour
2010-06-03 22:36 . 2010-06-03 21:39 680 ----a-w- c:\users\mchei\AppData\Local\d3d9caps.dat
2010-06-03 22:25 . 2010-06-03 22:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-04 05:59 . 2010-06-11 04:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 04:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 04:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 04:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-29 09:47 . 2010-04-29 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-29 09:47 . 2010-04-29 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-28 19:45 . 2010-04-28 19:45 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-17 02:12 . 2010-04-17 02:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-16 12:33 . 2010-04-16 12:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 12:33 . 2010-04-16 12:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-12 08:44 . 2010-04-12 08:44 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-04 2065248]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-04 01:18 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:62,22,80,d4,a9,ba,c9,01

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-06-04 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-06-04 242896]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-06-04 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-04 308064]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.ca
mWindow Title =
uInternet Settings,ProxyOverride = *.local
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\mchei\AppData\Roaming\Mozilla\Firefox\Profiles\ynndllct.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-13 11:31
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3868358487-3234660525-1832001144-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9ECBFBCC-78C7-32DA-10AD-66C17345CFC9}*]
"oamplkpmhkpobicgkdcnokldchaigd"=hex:6a,61,6e,67,6e,6e,6f,70,6a,67,62,62,62,6c,
6a,6b,66,68,67,62,00,00
"naklfgadfbidmgadldomedogbjlp"=hex:6a,61,6e,67,6d,6e,6c,6c,6e,69,6e,62,62,68,
6e,68,62,69,66,65,00,00
"oaiallepajjnfglabnamfcelccllej"=hex:64,61,69,67,6c,62,70,66,00,c9

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-06-13 11:33:12
ComboFix-quarantined-files.txt 2010-06-13 15:33

Pre-Run: 103,637,811,200 bytes free
Post-Run: 103,615,115,264 bytes free

- - End Of File - - DF902384820F248A43FE86F9FF2B82C4

Edited by Roaming Diplomat, 13 June 2010 - 10:51 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 PM

Posted 13 June 2010 - 02:37 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
RegNull::
[HKEY_USERS\S-1-5-21-3868358487-3234660525-1832001144-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9ECBFBCC-78C7-32DA-10AD-66C17345CFC9}*]


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

NOTE**
  • When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will upload files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Roaming Diplomat

Roaming Diplomat
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 13 June 2010 - 08:45 PM

I'm now having problems connecting to the internet. After clicking on the the internet icon I received this message: [Illegal operation attempted on a registry key that has been marked for deletion] I received the same message for firefox aswell.

I manged to copy the log file of the latest scan on my ipod and transfer it to another computer, the one I'm currently using to access the internet.







ComboFix 10-06-13.01 - mchei 06/13/2010 21:20:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1203 [GMT -4:00]
Running from: c:\users\mchei\Desktop\ComboFix.exe
Command switches used :: c:\users\mchei\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))
.

2010-06-14 01:25 . 2010-06-14 01:26 -------- d-----w- c:\users\mchei\AppData\Local\temp
2010-06-14 01:25 . 2010-06-14 01:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-14 01:25 . 2010-06-14 01:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-13 04:35 . 2010-06-13 04:35 -------- d-----w- c:\program files\Runtime Software
2010-06-13 04:14 . 2010-06-13 04:14 -------- d-----w- c:\programdata\Cobian
2010-06-13 04:13 . 2010-06-13 04:14 -------- d-----w- c:\program files\Cobian Backup 9
2010-06-12 20:20 . 2010-06-12 20:20 -------- d-----w- c:\program files\Trend Micro
2010-06-12 17:07 . 2010-06-13 19:58 -------- d-----w- c:\users\mchei\AppData\Roaming\BitTorrent
2010-06-12 16:32 . 2010-06-12 16:32 -------- d-----w- c:\program files\BitTorrent
2010-06-12 01:22 . 2010-06-12 01:22 -------- d-----w- c:\programdata\WindowsSearch
2010-06-11 04:45 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 04:45 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 04:45 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 04:42 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 03:02 . 2001-10-04 17:14 184320 ----a-w- c:\windows\system32\wzcsvc.dll
2010-06-11 03:02 . 2000-04-04 03:05 118784 ----a-w- c:\windows\system32\msstdfmt.dll
2010-06-09 19:28 . 2010-06-09 19:28 -------- d-----w- c:\program files\WinASO
2010-06-09 03:22 . 2010-06-11 23:10 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-07 16:15 . 2010-05-26 17:03 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-06-07 16:15 . 2010-05-26 17:03 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-06-07 16:15 . 2010-05-26 17:03 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-07 16:15 . 2010-06-07 16:15 -------- d-----w- c:\windows\system32\ZoneLabs
2010-06-07 16:15 . 2010-05-15 20:30 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-06-07 16:15 . 2010-06-07 16:15 -------- d-----w- c:\program files\Zone Labs
2010-06-07 16:14 . 2010-06-07 16:14 -------- d-----w- c:\programdata\CheckPoint
2010-06-07 16:14 . 2010-06-14 01:03 -------- d-----w- c:\windows\Internet Logs
2010-06-07 07:21 . 2010-06-07 07:21 -------- d-----w- c:\users\mchei\dwhelper
2010-06-06 22:35 . 2010-06-06 22:35 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-06 22:34 . 2010-06-06 22:40 -------- d-----w- c:\programdata\Rosetta Stone
2010-06-06 21:58 . 2010-06-06 21:58 -------- d-----w- c:\program files\PowerISO
2010-06-06 18:28 . 2010-06-06 18:33 -------- d-----w- c:\users\mchei\AppData\Local\Microsoft Games
2010-06-06 04:14 . 2010-06-06 04:21 -------- d-----w- c:\programdata\PCPitstop
2010-06-06 02:04 . 2010-06-06 02:04 0 ----a-w- c:\users\mchei\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-06-06 01:57 . 2010-06-06 02:17 -------- d-----w- c:\users\mchei\AppData\Roaming\FrostWire
2010-06-05 18:45 . 2010-06-05 18:45 -------- d-----w- c:\program files\Application Updater
2010-06-05 17:13 . 2010-06-05 17:13 -------- d-----w- c:\users\mchei\AppData\Roaming\Malwarebytes
2010-06-05 17:13 . 2010-06-05 17:13 -------- d-----w- c:\programdata\Malwarebytes
2010-06-05 17:13 . 2010-06-14 00:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-04 20:01 . 2010-06-12 04:05 -------- d-----w- c:\users\mchei\Tracing
2010-06-04 20:00 . 2010-06-04 20:00 -------- d-----w- c:\program files\Microsoft
2010-06-04 20:00 . 2010-06-04 20:00 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-04 19:59 . 2010-06-04 20:00 -------- d-----w- c:\program files\Windows Live
2010-06-04 19:58 . 2010-06-04 19:58 -------- d-----w- c:\windows\PCHEALTH
2010-06-04 19:55 . 2010-06-04 19:55 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-04 18:37 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-06-04 18:37 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-06-04 16:50 . 2010-04-19 14:25 2117704 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-06-04 16:45 . 2010-06-04 16:45 -------- d-----w- c:\program files\Alarm
2010-06-04 03:05 . 2010-06-05 05:55 -------- d-----w- c:\users\mchei\AppData\Roaming\uTorrent
2010-06-04 02:16 . 2010-06-04 02:16 -------- d-----w- c:\users\mchei\AppData\Local\AVG Security Toolbar
2010-06-04 01:50 . 2010-06-04 01:50 -------- d-----w- C:\$AVG
2010-06-04 01:50 . 2010-06-04 01:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-04 01:50 . 2010-06-04 02:08 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-04 01:50 . 2010-06-04 02:08 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-04 01:50 . 2010-06-13 22:30 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-04 01:50 . 2010-06-04 16:50 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-06-04 01:49 . 2010-06-04 01:49 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-04 01:46 . 2010-06-04 01:46 -------- d-----w- c:\program files\AVG
2010-06-04 01:46 . 2010-06-04 01:46 -------- d-----w- c:\programdata\avg9
2010-06-04 01:36 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2010-06-04 01:36 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-06-04 01:35 . 2010-06-04 01:35 -------- d-----w- c:\program files\Privacy Mantra 2.08
2010-06-04 01:25 . 2010-06-04 01:25 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-04 01:20 . 2010-06-04 01:20 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-04 01:10 . 2010-06-04 01:10 -------- d-----w- c:\windows\system32\Adobe
2010-06-04 01:09 . 2010-06-04 01:09 -------- d-----w- c:\program files\Common Files\Java
2010-06-04 01:08 . 2010-06-04 01:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-04 01:08 . 2010-06-04 01:08 -------- d-----w- c:\program files\Java
2010-06-04 01:03 . 2010-06-04 00:30 -------- d-----w- c:\windows\Panther
2010-06-04 01:00 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-06-04 01:00 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-06-04 01:00 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-06-04 00:58 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-06-04 00:58 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-06-04 00:58 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-06-04 00:58 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-06-04 00:58 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-06-04 00:58 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-06-04 00:58 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-06-04 00:58 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-06-04 00:58 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-06-04 00:58 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-06-04 00:58 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-06-04 00:58 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\DCoder Image Source
2010-06-04 00:57 . 2010-06-07 06:51 -------- d-----w- c:\program files\7-Zip
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\FFMPEG Core Files
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\SHOUTcast Source
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\MONOGRAM AMR SplitterDecoder
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\CD Audio Reader Filter
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\OpenSource AVI Splitter
2010-06-04 00:57 . 2010-06-04 04:22 -------- d-----w- c:\program files\Gabest MPEG Splitter
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\RealMedia
2010-06-04 00:57 . 2010-06-04 00:57 -------- d-----w- c:\program files\DScaler5
2010-06-04 00:56 . 2010-06-04 00:57 -------- d-----w- c:\program files\AC3Filter
2010-06-04 00:56 . 2010-06-04 00:56 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2010-06-04 00:56 . 2010-06-04 04:22 -------- d-----w- c:\program files\DirectVobSub
2010-06-04 00:56 . 2010-06-04 00:56 -------- d-----w- c:\program files\Haali
2010-06-04 00:56 . 2010-06-04 00:56 -------- d-----w- c:\program files\Bass Audio Decoder
2010-06-04 00:56 . 2009-11-03 23:34 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-04 00:56 . 2010-06-04 04:22 -------- d-----w- c:\program files\ffdshow
2010-06-04 00:56 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-06-04 00:56 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-06-04 00:56 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-06-04 00:55 . 2010-06-13 17:47 -------- d-----w- c:\program files\Zoom Player
2010-06-04 00:46 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-04 00:39 . 2010-06-06 02:58 -------- d-----w- c:\users\mchei\AppData\Roaming\Apple Computer
2010-06-04 00:39 . 2010-06-04 03:37 -------- d-----w- c:\users\mchei\AppData\Local\Apple Computer
2010-06-04 00:38 . 2010-06-04 00:38 -------- dc----w- c:\windows\system32\DRVSTORE
2010-06-04 00:38 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-04 00:38 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-04 00:31 . 2010-06-04 00:31 -------- d-----w- c:\programdata\Apple
2010-06-04 00:28 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-06-04 00:28 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-06-04 00:28 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-04 00:28 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-04 00:28 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-04 00:28 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-06-04 00:28 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-06-04 00:28 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-06-04 00:26 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-04 00:26 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-06-04 00:26 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-06-04 00:26 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 21:54 . 2010-06-12 22:01 1704960 ----a-w- c:\windows\Internet Logs\xDB898A.tmp
2010-06-12 21:54 . 2010-06-12 22:01 2898432 ----a-w- c:\windows\Internet Logs\xDB87B5.tmp
2010-06-12 01:25 . 2010-06-12 01:26 1678336 ----a-w- c:\windows\Internet Logs\xDB92DC.tmp
2010-06-11 05:02 . 2010-06-11 05:04 1673216 ----a-w- c:\windows\Internet Logs\xDB48C2.tmp
2010-06-11 05:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-07 16:15 . 2010-06-07 16:15 420800 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-06-05 18:44 . 2010-06-05 18:44 -------- d-----w- c:\users\mchei\AppData\Roaming\FreeAudioPack
2010-06-05 18:44 . 2010-06-05 18:44 -------- d-----w- c:\program files\Free Audio Pack
2010-06-04 01:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-04 01:25 . 2010-06-04 01:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-04 01:20 . 2010-06-04 01:20 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-04 01:20 . 2010-06-04 01:20 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-04 01:20 . 2010-06-04 01:20 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-04 01:20 . 2010-06-04 01:20 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-04 01:20 . 2010-06-04 01:20 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-04 01:20 . 2010-06-04 01:20 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-04 01:20 . 2010-06-04 01:20 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-04 01:20 . 2010-06-04 01:20 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-04 01:20 . 2010-06-04 01:18 -------- d-----w- c:\program files\Common Files\Real
2010-06-04 01:20 . 2010-06-04 01:18 -------- d-----w- c:\program files\Real
2010-06-04 01:19 . 2010-06-04 01:19 -------- d-----w- c:\program files\Common Files\xing shared
2010-06-04 00:38 . 2010-06-04 00:37 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-04 00:38 . 2010-06-04 00:37 -------- d-----w- c:\program files\iTunes
2010-06-04 00:37 . 2010-06-04 00:37 -------- d-----w- c:\program files\iPod
2010-06-04 00:37 . 2010-06-04 00:31 -------- d-----w- c:\program files\Common Files\Apple
2010-06-04 00:37 . 2010-06-04 00:35 -------- d-----w- c:\programdata\Apple Computer
2010-06-04 00:36 . 2010-06-04 00:35 -------- d-----w- c:\program files\QuickTime
2010-06-04 00:34 . 2010-06-04 00:34 -------- d-----w- c:\program files\Apple Software Update
2010-06-04 00:32 . 2010-06-04 00:32 -------- d-----w- c:\program files\Bonjour
2010-06-03 22:36 . 2010-06-03 21:39 680 ----a-w- c:\users\mchei\AppData\Local\d3d9caps.dat
2010-06-03 22:25 . 2010-06-03 22:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-04 05:59 . 2010-06-11 04:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 04:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 04:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 04:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-29 09:47 . 2010-04-29 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-29 09:47 . 2010-04-29 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-28 19:45 . 2010-04-28 19:45 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-17 02:12 . 2010-04-17 02:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-16 12:33 . 2010-04-16 12:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 12:33 . 2010-04-16 12:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-12 08:44 . 2010-04-12 08:44 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-06-13_15.31.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-06-14 01:00 29564 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-06-14 01:00 71150 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-03 21:36 . 2010-06-14 00:58 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-03 21:36 . 2010-06-13 14:59 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-03 21:36 . 2010-06-14 00:58 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-03 21:36 . 2010-06-13 14:59 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-03 21:36 . 2010-06-14 00:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-03 21:36 . 2010-06-13 14:59 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-03 22:14 . 2010-06-13 04:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-03 22:14 . 2010-06-13 14:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-03 22:14 . 2010-06-13 04:42 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-03 22:14 . 2010-06-13 14:56 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-03 22:14 . 2010-06-13 04:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-03 22:14 . 2010-06-13 14:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-03 21:41 . 2010-06-14 01:00 6152 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3868358487-3234660525-1832001144-1000_UserData.bin
+ 2010-06-14 00:58 . 2010-06-14 00:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-06-13 14:56 . 2010-06-13 14:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-06-13 14:56 . 2010-06-13 14:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-14 00:58 . 2010-06-14 00:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-06-13 17:50 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-06-10 08:28 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-06-13 17:50 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-06-10 08:28 101350 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-04 2065248]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-04 01:18 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:62,22,80,d4,a9,ba,c9,01

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-06-04 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-06-04 242896]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-06-04 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-04 308064]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.ca
mWindow Title =
uInternet Settings,ProxyOverride = *.local
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\mchei\AppData\Roaming\Mozilla\Firefox\Profiles\ynndllct.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-13 21:26
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-06-13 21:28:20
ComboFix-quarantined-files.txt 2010-06-14 01:28
ComboFix2.txt 2010-06-13 15:33

Pre-Run: 103,010,484,224 bytes free
Post-Run: 102,984,384,512 bytes free

- - End Of File - - C1BC468565B0E81E56CF3CDB436A67E7



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 PM

Posted 13 June 2010 - 11:07 PM

Greetings

QUOTE
I'm now having problems connecting to the internet. After clicking on the the internet icon I received this message: [Illegal operation attempted on a registry key that has been marked for deletion] I received the same message for firefox aswell.
this will clear up after you reboot

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs
    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    Dealio Toolbar v4.0.2
    Search Settings v1.2.3


    and click on remove

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. Log From ESET Online Scanner
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Roaming Diplomat

Roaming Diplomat
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 13 June 2010 - 11:54 PM

Hello,

I was'nt able to uninstall the following programs, due to the same error message showing up everytime I attempt to do anything (surfing, playing a movie, etc)

Error: [Illegal operation attempted on a registry key that has been marked for deletion]



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 PM

Posted 13 June 2010 - 11:55 PM

have you rebooted the computer?

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Roaming Diplomat

Roaming Diplomat
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 13 June 2010 - 11:59 PM

Not yet. I assumed it would restart by itself...should I restart immediately?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 PM

Posted 14 June 2010 - 12:01 AM

yes reboot the computer and let me know if it clears up

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Roaming Diplomat

Roaming Diplomat
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 14 June 2010 - 12:06 AM

I rebooted and thankfully it's working now smile.gif

should I continue with the steps outlined in post #10?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users