Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • This topic is locked This topic is locked
31 replies to this topic

#1 Lanaea

Lanaea

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CA
  • Local time:11:29 PM

Posted 23 July 2010 - 09:40 AM

hi,

having some problems recently =\

so a few days ago I got hit with one of those fake anti-virus viruses. it was called "antivir solution pro". so I came on here and used your removal guide and cleared that right up. then I restarted my computer after everything was all cleaned out and running smoothly, and when windows started up I got a popup that said:

RUNDLL

"Error loading ehfcp.dll

The specified module could not be found."


I had never seen that warning before. but so I clicked OK and everything seemed fine after that. no popups or anything acting weird at all. then I started getting the weird google redirects. if I'd search something, some of the links I'd click would redirect me to ad sites. if I hit the back button and clicked the link again it'd be back to another ad site (a different one from before). I'd have to refresh the results in order to be able to click through to the actual site from the search results. it doesn't happen with all the results, only some, and only sporadically. no other popups or anything weird coming up.

I ran MBAM and it found some buggies. so I cleared them and it restarted and everything seemed fine. then windows loaded and a I got the "RUNDLL" error again. and just for fun I searched something random on google and lo and behold....... got the redirects again.

came on here again. read up on how to post in here if I had a problem with malware/adware and ran dds scans. downloaded gmer. started running my gmer scan when all of the sudden.... got a blue screen saying windows had to shut down. tried shutting off my computer and it wouldn't turn off, so I held down the power button to restart. it shut down finally and powered back up, and the fan inside my computer kicked on SO INCREDIBLY LOUD I literally thought it was going to launch itself off my desk. I've never heard a computer fan that loud, ever. I thought it would stop after a few seconds but it was going on for a good 30-45 seconds before I panicked and just held down the power button again for it to shut off. then it finally restarted and everything was normal again (well.. normal with the "RUNDLL" popup and back to the google redirects).

ran gmer again, it finished this time. saved the log and went to open chrome to post everything... got blue screen again. shut off the computer but no lift-off sound this time from my fan. restarted, got the RUNDLL popup again...

so! brings me to where I am now.

here is my log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by kelsey at 18:20:48.35 on Thu 07/22/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1951 [GMT -7:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\kelsey\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\kelsey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kelsey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kelsey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kelsey\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\kelsey\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Icisiko] rundll32.exe "c:\windows\BDEFMUXY.dll",Startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sta] rundll32 "ehfcp.dll",,Run
mRun: [Swixa] rundll32.exe "c:\windows\ogologoc.dll",Startup
mRun: [notepad]
dRun: [notepad] rundll32.exe c:\docume~1\networ~1\ntload.dll,_IWMPEvents@0
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: clubbox.co.kr
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kelsey\applic~1\mozilla\firefox\profiles\default user\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com
FF - plugin: c:\documents and settings\kelsey\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {388690E3-D441-445F-BD71-5A57E004BAB1} - c:\documents and settings\kelsey\local settings\application data\{388690E3-D441-445F-BD71-5A57E004BAB1}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]

=============== Created Last 30 ================

2010-07-23 01:19:52 0 ----a-w- c:\documents and settings\kelsey\defogger_reenable
2010-07-19 01:41:36 150 ----a-w- C:\zrpt.xml
2010-07-19 01:41:11 0 d-----w- c:\docume~1\kelsey\applic~1\07DDBA24D261465BE6AFF1F2DC1AC67B
2010-07-14 14:37:44 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-07 06:29:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 06:29:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

==================== Find3M ====================

2010-07-03 03:40:33 129384 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-29 02:40:44 120368 ----a-w- c:\windows\fonts\Allura_Script.ttf
2010-06-29 02:37:41 74612 ----a-w- c:\windows\fonts\arsenale_white.ttf
2010-06-29 02:33:54 24864 ----a-w- c:\windows\fonts\comesinhandy.ttf
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2008-03-20 02:44:55 1612672 ----a-w- c:\program files\CuteWriter.exe
2006-05-02 19:49:56 21031280 ----a-w- c:\program files\aaw2007.exe
2010-03-12 21:36:32 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2010-03-12 21:36:03 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2010-03-12 21:36:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2010-03-12 21:36:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010031220100313\index.dat
2010-03-12 21:36:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 18:22:28.18 ===============


thanks very much for your help!!

Attached Files



BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:10:29 AM

Posted 31 July 2010 - 03:31 AM

Hello, Lanaea.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.
We need to run Defogger
  1. Please download DeFogger to your desktop.
  2. Double click DeFogger to run the tool.
  3. The application window will appear
  4. Click the Disable button to disable your CD Emulation drivers
  5. Click Yes to continue
  6. A 'Finished!' message will appear
  7. Click OK
  8. DeFogger will now ask to reboot the machine - click OK
Note: If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until the end of the fix.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
We need to run an Anti-Rootkit (ARK) scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

If GMER crashes, hangs or blue-screens, do the following
  1. Please Download Rootkit Unhooker Save it to your desktop.
  2. Now double-click on RKUnhookerLE.exe to run it.
  3. Click the Report tab, then click Scan.
  4. Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  5. Wait till the scanner has finished and then click File, Save Report.
  6. Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.
Note:You may get this warning. If so, please ignore it.
"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"


In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log/RKUnhooker log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:10:29 AM

Posted 03 August 2010 - 03:19 AM

Hello Lanaea
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#4 Lanaea

Lanaea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CA
  • Local time:11:29 PM

Posted 04 August 2010 - 03:15 AM

hello yes I'm still here! I'm sorry for the delay. it's about 1:15am right now so I will definitely do all the things you asked me to do tomorrow after work and post the results. I'm still having the redirect issues so please don't close my topic! thank you very much.

#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:10:29 AM

Posted 04 August 2010 - 03:16 AM

No problem. Thanks for letting me know smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#6 Lanaea

Lanaea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CA
  • Local time:11:29 PM

Posted 04 August 2010 - 07:56 PM

hello again! ok, so I ran the logs. still getting google redirects. a few notes...

-- my microsoft security essentials is outdated and when I tried to update it (before doing any scanning) it says it can't download the update; "virus and spyware definitions update failed, make sure your computer is connected to the internet" etc. I don't know if this has anything to do with a virus but it's been like this for a couple of days.

-- I'm not getting the "ehfcp.dll" popup anymore when I start up

-- last week after I posted my first post here I got hit with yet another fake anti-virus bug. looked the same as "antivir solution" but not sure if it was the same name. I used your guides again and cleared it up. so, I'm gonna post another DDS log just in case. sorry if you don't need this.

-- finally... when I ran this final gmer scan it finished scanning, I opened up chrome to go post it and... got blue screen again (like I had been getting previously). same launching sound from my computer fan, too. so since my computer was shut down and restarted, should I gmer scan it again?

ok I think that's it. so here are my logs

-----DDS-----

DDS (Ver_10-03-17.01) - NTFSx86
Run by kelsey at 1:24:53.73 on Wed 08/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.2067 [GMT -7:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\kelsey\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Silverlight\4.0.50524.0\agcp.exe
C:\Documents and Settings\kelsey\Desktop\dds (1).scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\kelsey\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [notepad]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [notepad] rundll32.exe c:\docume~1\networ~1\ntload.dll,_IWMPEvents@0
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: clubbox.co.kr
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kelsey\applic~1\mozilla\firefox\profiles\default user\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com
FF - plugin: c:\documents and settings\kelsey\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {388690E3-D441-445F-BD71-5A57E004BAB1} - c:\documents and settings\kelsey\local settings\application data\{388690E3-D441-445F-BD71-5A57E004BAB1}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]

=============== Created Last 30 ================

2010-07-23 01:19:52 0 ----a-w- c:\documents and settings\kelsey\defogger_reenable
2010-07-19 01:41:36 150 ----a-w- C:\zrpt.xml
2010-07-19 01:41:11 0 d-----w- c:\docume~1\kelsey\applic~1\07DDBA24D261465BE6AFF1F2DC1AC67B
2010-07-14 14:37:44 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-07 06:29:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 06:29:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

==================== Find3M ====================

2010-07-03 03:40:33 129384 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-29 02:40:44 120368 ----a-w- c:\windows\fonts\Allura_Script.ttf
2010-06-29 02:37:41 74612 ----a-w- c:\windows\fonts\arsenale_white.ttf
2010-06-29 02:33:54 24864 ----a-w- c:\windows\fonts\comesinhandy.ttf
2010-05-21 21:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-03-20 02:44:55 1612672 ----a-w- c:\program files\CuteWriter.exe
2006-05-02 19:49:56 21031280 ----a-w- c:\program files\aaw2007.exe
2010-03-12 21:36:32 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2010-03-12 21:36:03 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2010-03-12 21:36:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2010-03-12 21:36:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010031220100313\index.dat
2010-03-12 21:36:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 1:26:36.21 ===============

------LOG------


Logfile of random's system information tool 1.08 (written by random/random)
Run by kelsey at 2010-08-04 01:29:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (37%) free of 76 GB
Total RAM: 2550 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:30:00 am, on 8/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\kelsey\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\kelsey\Desktop\RSIT.exe
C:\Program Files\trend micro\kelsey.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\kelsey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [notepad] rundll32.exe C:\DOCUME~1\NETWOR~1\ntload.dll,_IWMPEvents@0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [notepad] rundll32.exe C:\DOCUME~1\NETWOR~1\ntload.dll,_IWMPEvents@0 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6711 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3536787594-2409408838-4148652776-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3536787594-2409408838-4148652776-1006UA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-01 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
"notepad"= []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\kelsey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-09 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-07-06 1848648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
C:\ComboFix\CF18348.cfxxe /c C:\ComboFix\C.bat []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE [2004-03-04 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\kelsey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-09 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Swixa]
C:\WINDOWS\ixenosesoxi.dll,Startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-12 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^kelsey^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-12 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^kelsey^Start Menu^Programs^Startup^Last.fm Helper.lnk]
C:\Program Files\Last.fm\LastFMHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^kelsey^Start Menu^Programs^Startup^winesm32.exe]
C:\Documents and Settings\kelsey\Start Menu\Programs\Startup\winesm32.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\SYSTEM32\grdmgr.exe"="C:\WINDOWS\SYSTEM32\grdmgr.exe:*:Enabled:CDN ???? ??"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\WINDOWS\SYSTEM32\BugsSvr.exe"="C:\WINDOWS\SYSTEM32\BugsSvr.exe:*:Enabled:Bugs Music Player Control"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\AIM7\aim.exe"="C:\Program Files\AIM7\aim.exe:*:Enabled:AIM"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-04 01:29:45 ----D---- C:\rsit
2010-07-18 19:56:07 ----ASH---- C:\hiberfil.sys
2010-07-18 18:41:11 ----D---- C:\Documents and Settings\kelsey\Application Data\07DDBA24D261465BE6AFF1F2DC1AC67B
2010-07-14 09:05:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-06 23:29:09 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-06 23:29:08 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-06 23:22:03 ----SHD---- C:\WINDOWS\CSC
2010-07-06 23:21:53 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2010-08-04 01:30:00 ----D---- C:\Program Files\Trend Micro
2010-08-04 01:29:27 ----D---- C:\WINDOWS\Prefetch
2010-08-04 01:29:20 ----D---- C:\WINDOWS\temp
2010-08-04 01:05:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-30 15:07:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-30 13:59:40 ----SHD---- C:\WINDOWS\Installer
2010-07-30 13:59:39 ----D---- C:\Config.Msi
2010-07-30 13:58:59 ----D---- C:\Program Files\iTunes
2010-07-30 13:57:06 ----D---- C:\Program Files\iPod
2010-07-30 13:56:59 ----D---- C:\Program Files\Common Files\Apple
2010-07-27 07:32:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2010-07-27 07:32:32 ----D---- C:\WINDOWS\system32\DRIVERS
2010-07-26 22:14:43 ----D---- C:\Program Files\Mozilla Firefox
2010-07-25 14:35:27 ----D---- C:\WINDOWS\SYSTEM32
2010-07-25 10:03:59 ----D---- C:\WINDOWS
2010-07-22 18:12:20 ----RD---- C:\Program Files
2010-07-22 18:12:16 ----D---- C:\Documents and Settings\kelsey\Application Data\uTorrent
2010-07-19 00:09:29 ----D---- C:\Program Files\AIM+
2010-07-19 00:07:48 ----D---- C:\Program Files\Common Files\AVSMedia
2010-07-19 00:07:44 ----D---- C:\Program Files\AVS4YOU
2010-07-19 00:01:37 ----RSD---- C:\WINDOWS\Fonts
2010-07-18 19:56:18 ----SHD---- C:\System Volume Information
2010-07-18 19:56:18 ----D---- C:\WINDOWS\system32\Restore
2010-07-18 19:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2010-07-18 18:42:32 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-07-14 09:05:31 ----HD---- C:\WINDOWS\INF
2010-07-14 09:04:26 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-14 09:04:10 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-07 23:52:04 ----D---- C:\video
2010-07-07 23:31:34 ----D---- C:\american
2010-07-07 00:23:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2010-07-06 23:29:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
R0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
R0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-08-24 36528]
R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [2005-09-05 362944]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-06-14 682232]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\system32\basfipm.exe [2004-04-01 77824]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2004-02-13 155648]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-01 153376]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-04-22 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-08-09 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

-----INFO--------


info.txt logfile of random's system information tool 1.08 2010-08-04 01:30:02

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{2460923D-1AA6-47FE-A375-76308780D20F}\setup.exe -runfromtemp -l0x0009
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash CS3 Professional-->C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MPEG Encoder-->MsiExec.exe /I{9811A185-3D3D-11D6-9E14-00036D172B00}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
AIM 7-->C:\Program Files\AIM7\uninst.exe
AOL Instant Messenger-->C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bejeweled 2 Deluxe-->C:\WINDOWS\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini"
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
Broadcom ASF Management Applications-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
Cake Mania-->"C:\Program Files\Cake Mania\ReflexiveArcade\unins000.exe"
Canon iP2600 series User Registration-->C:\Program Files\Canon\IJEREG\iP2600 series\UNINST.EXE
Canon iP2600 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series /L0x0009
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe Uninst.ini uinstrsc.dll
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Free M4a to MP3 Converter 6.0-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
Free Video Converter V 1.0-->"C:\Program Files\Free Video Converter\unins000.exe"
Google Earth Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Ipswitch WS_FTP 12-->C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
Java™ 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Korean Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5670-0000-810000000003}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware-->MsiExec.exe /X{E62A1F01-07B7-4541-A835-EE5B0BF064C2}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Expression Web MUI (English)-->MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Expression Web Service Pack 1 (SP1)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {9037FDA8-8383-4B6F-859D-D49C3C625225}
Microsoft Expression Web-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web-->MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0026-0409-0000-0000000FF1CE} /uninstall {E1044ED2-E4AD-4B39-B500-31109750F6B4}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{EF98A02A-1748-4762-9B7D-5ED1600520D5}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
MyFonts Order M1124785-->MsiExec.exe /I{45ACEB0A-5B7F-22C5-39F8-0D2CA0918A27}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OMCI-->MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Poladroid-->MsiExec.exe /X{90BC0F01-9D99-4686-AC14-2EEC0246FB84}
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Sandlot Games Client Services 1.2.2-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Total Video Converter 3.10-->"C:\Program Files\Total Video Converter\unins000.exe"
Ultra QuickTime Converter 2.0.0512-->"C:\Program Files\Ultra QuickTime Converter\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Vegas Pro 9.0-->MsiExec.exe /X{DC785DB7-D389-48C3-B146-96FE99BF4E2B}
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WS_FTP-->C:\PROGRA~1\WS_FTP\UNWISE.EXE C:\PROGRA~1\WS_FTP\INSTALL.LOG

======Security center information======

AV: Microsoft Security Essentials (outdated)

======System event log======

Computer Name: D2ZLV571
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 32048
Source Name: b57w2k
Time Written: 20100624213540.000000-420
Event Type: warning
User:

Computer Name: D2ZLV571
Event Code: 263
Message: The service "Apple Mobile Device" may not have unregistered for device event notifications before it was stopped.

Record Number: 32014
Source Name: PlugPlayManager
Time Written: 20100624193608.000000-420
Event Type: warning
User:

Computer Name: D2ZLV571
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 32000
Source Name: b57w2k
Time Written: 20100624181448.000000-420
Event Type: warning
User:

Computer Name: D2ZLV571
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 31967
Source Name: b57w2k
Time Written: 20100623210431.000000-420
Event Type: warning
User:

Computer Name: D2ZLV571
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 31938
Source Name: b57w2k
Time Written: 20100623072538.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: D2ZLV571
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 53865
Source Name: Microsoft Fax
Time Written: 20100623072526.000000-420
Event Type: warning
User:

Computer Name: D2ZLV571
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 53864
Source Name: Microsoft Fax
Time Written: 20100623072526.000000-420
Event Type: warning
User:

Computer Name: D2ZLV571
Event Code: 0
Message: Configuration section system.serviceModel.activation already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 53851
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20100623005427.000000-420
Event Type: warning
User:

Computer Name: D2ZLV571
Event Code: 0
Message: Configuration section system.runtime.serialization already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 53850
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20100623005427.000000-420
Event Type: warning
User:

Computer Name: D2ZLV571
Event Code: 0
Message: Configuration section system.serviceModel already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 53849
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20100623005427.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

-----------GMER-----------


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-04 17:32:45
Windows 5.1.2600 Service Pack 3
Running: 4vy92qh8.exe; Driver: C:\DOCUME~1\kelsey\LOCALS~1\Temp\uwloapob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006D000C
.text C:\WINDOWS\System32\svchost.exe[1212] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01DF000A
.text C:\WINDOWS\System32\svchost.exe[1212] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E1000A
.text C:\WINDOWS\Explorer.EXE[1612] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B8000A
.text C:\WINDOWS\Explorer.EXE[1612] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BE000A
.text C:\WINDOWS\Explorer.EXE[1612] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DisableSR 1

---- EOF - GMER 1.0.15 ----

thank youuuu

PS: just for the fun of it I tried yahoo to search and it redirects there too... but I'm sure you knew that. cool.gif

Edited by Lanaea, 04 August 2010 - 08:01 PM.


#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:10:29 AM

Posted 05 August 2010 - 02:57 AM

Hello, Lanaea.
Glad to help smile.gif

We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  5. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  6. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  7. Click on Yes, to continue scanning for malware.
  8. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 Lanaea

Lanaea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CA
  • Local time:11:29 PM

Posted 06 August 2010 - 09:58 AM

thanks! ok so I was scanning and as combofix said "completed stage 2" a popup came up that said "PEV.cfxxe has encountered a problem and needs to close" report this problem, etc so I just hit don't send and the scan continued.

also, my microsoft security essentials is somehow updated now.

here's the combofix log


ComboFix 10-08-05.06 - kelsey 08/06/2010 7:26.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1942 [GMT -7:00]
Running from: c:\documents and settings\kelsey\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
c:\documents and settings\kelsey\Application Data\07DDBA24D261465BE6AFF1F2DC1AC67B
c:\documents and settings\kelsey\Application Data\07DDBA24D261465BE6AFF1F2DC1AC67B\enemies-names.txt
c:\documents and settings\kelsey\Application Data\07DDBA24D261465BE6AFF1F2DC1AC67B\local.ini
c:\documents and settings\kelsey\Application Data\07DDBA24D261465BE6AFF1F2DC1AC67B\lsrslt.ini
c:\documents and settings\kelsey\Local Settings\Application Data\{388690E3-D441-445F-BD71-5A57E004BAB1}
c:\documents and settings\kelsey\Local Settings\Application Data\{388690E3-D441-445F-BD71-5A57E004BAB1}\chrome.manifest
c:\documents and settings\kelsey\Local Settings\Application Data\{388690E3-D441-445F-BD71-5A57E004BAB1}\chrome\content\_cfg.js
c:\documents and settings\kelsey\Local Settings\Application Data\{388690E3-D441-445F-BD71-5A57E004BAB1}\chrome\content\overlay.xul
c:\documents and settings\kelsey\Local Settings\Application Data\{388690E3-D441-445F-BD71-5A57E004BAB1}\install.rdf
C:\IE8-WI~1.EXE
C:\index.htm
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-04 08:29 . 2010-08-04 08:30 -------- d-----w- C:\rsit
2010-07-27 05:07 . 2010-07-27 14:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\jvytntoud
2010-07-27 05:07 . 2010-07-27 05:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-19 02:52 . 2010-07-19 02:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-19 01:41 . 2010-07-19 02:54 -------- d-----w- c:\documents and settings\kelsey\Local Settings\Application Data\ciomulhju
2010-07-14 14:37 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 08:30 . 2008-05-04 17:35 -------- d-----w- c:\program files\Trend Micro
2010-07-30 20:58 . 2007-04-22 02:41 -------- d-----w- c:\program files\iTunes
2010-07-30 20:57 . 2007-04-22 02:41 -------- d-----w- c:\program files\iPod
2010-07-30 20:56 . 2007-08-11 14:47 -------- d-----w- c:\program files\Common Files\Apple
2010-07-25 21:35 . 2007-04-23 05:14 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-25 16:41 . 2010-03-09 07:12 120 ----a-w- c:\windows\Kqatezivanomo.dat
2010-07-25 16:41 . 2010-03-09 07:12 0 ----a-w- c:\windows\Nlufako.bin
2010-07-23 01:12 . 2010-02-07 02:00 -------- d-----w- c:\documents and settings\kelsey\Application Data\uTorrent
2010-07-19 07:09 . 2007-04-22 02:40 -------- d-----w- c:\program files\AIM+
2010-07-19 07:07 . 2010-05-16 04:19 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-19 07:07 . 2010-05-16 04:18 -------- d-----w- c:\program files\AVS4YOU
2010-07-07 06:29 . 2009-12-09 08:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 03:40 . 2009-09-20 07:59 129384 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-30 08:40 . 2007-04-22 10:21 191896 ----a-w- c:\documents and settings\kelsey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-29 16:01 . 2010-06-29 16:01 191896 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-29 16:01 . 2010-03-12 18:12 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-25 02:35 . 2007-08-10 01:53 -------- d-----w- c:\program files\Bonjour
2010-06-14 14:31 . 2010-02-04 03:11 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
2010-06-12 16:07 . 2007-06-14 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-21 21:14 . 2010-03-12 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-03-20 02:44 . 2008-03-20 02:44 1612672 ----a-w- c:\program files\CuteWriter.exe
2006-05-02 19:49 . 2006-05-02 19:49 21031280 ----a-w- c:\program files\aaw2007.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\kelsey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-09 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^kelsey^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\kelsey\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^kelsey^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\kelsey\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^kelsey^Start Menu^Programs^Startup^winesm32.exe]
path=c:\documents and settings\kelsey\Start Menu\Programs\Startup\winesm32.exe
backup=c:\windows\pss\winesm32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
c:\combofix\CF18348.cfxxe [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-07 01:07 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 14:04 53248 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series]
2004-03-04 10:00 98304 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATI9AA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-09 08:59 135664 ----atw- c:\documents and settings\kelsey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 22:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 23:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\grdmgr.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\WINDOWS\\SYSTEM32\\BugsSvr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [6/14/2007 11:29 am 682232]
.
Contents of the 'Scheduled Tasks' folder

2010-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536787594-2409408838-4148652776-1006Core.job
- c:\documents and settings\kelsey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-04 08:59]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536787594-2409408838-4148652776-1006UA.job
- c:\documents and settings\kelsey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-04 08:59]

2010-08-06 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-05 05:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: clubbox.co.kr
DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab
FF - ProfilePath - c:\documents and settings\kelsey\Application Data\Mozilla\Firefox\Profiles\Default User\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com
FF - plugin: c:\documents and settings\kelsey\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-notepad - c:\docume~1\NETWOR~1\ntload.dll
SafeBoot-aawservice
MSConfigStartUp-Swixa - c:\windows\ixenosesoxi.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 07:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2876)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\basfipm.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\kelsey\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-08-06 07:49:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-06 14:49
ComboFix2.txt 2010-02-02 02:42

Pre-Run: 31,078,412,288 bytes free
Post-Run: 31,564,865,536 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 70F1F4D80794BDE000B4588EA45A7DC8

also just as a side question... people always sing praises about firefox, but what's the general consensus about chrome? I love it but would like to hear your opinion about its security... thanks!

#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:10:29 AM

Posted 06 August 2010 - 11:42 AM

Hello, Lanaea.
To be honest, I'm not too sure about Chrome. I've used it a few times, and I do like it too. But I guess it all comes down to safe browsing habits at the end of the day.

Looks like Combofix got a few things, just a little bit more to clean up. Let me know if you're still getting redirects after this fix smile.gif
We need to run a Combofix script
  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the codebox below into it. Do not copy the word "code".
    CODE
    http://www.bleepingcomputer.com/forums/t/334073/google-redirect-virus/
    Collect::
    c:\documents and settings\LocalService\Local Settings\Application Data\jvytntoud
    c:\documents and settings\kelsey\Local Settings\Application Data\ciomulhju

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5643
  4. Save this as CFScript.txt, in the same location as ComboFix.exe
  5. Now, drag and drop CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply, please include the following:
  • ComboFix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#10 Lanaea

Lanaea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CA
  • Local time:11:29 PM

Posted 06 August 2010 - 07:58 PM

hi!

here's the new log~

(also, the "PEV.cfxxe has encountered a problem" popup came up again right after stage 2 of the scan was completed...)


ComboFix 10-08-06.01 - kelsey 08/06/2010 17:29:36.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.2018 [GMT -7:00]
Running from: c:\documents and settings\kelsey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\kelsey\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 08:30 . 2008-05-04 17:35 -------- d-----w- c:\program files\Trend Micro
2010-07-30 20:58 . 2007-04-22 02:41 -------- d-----w- c:\program files\iTunes
2010-07-30 20:57 . 2007-04-22 02:41 -------- d-----w- c:\program files\iPod
2010-07-30 20:56 . 2007-08-11 14:47 -------- d-----w- c:\program files\Common Files\Apple
2010-07-30 20:50 . 2010-07-30 20:50 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-25 21:35 . 2007-04-23 05:14 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-25 16:41 . 2010-03-09 07:12 120 ----a-w- c:\windows\Kqatezivanomo.dat
2010-07-25 16:41 . 2010-03-09 07:12 0 ----a-w- c:\windows\Nlufako.bin
2010-07-23 01:12 . 2010-02-07 02:00 -------- d-----w- c:\documents and settings\kelsey\Application Data\uTorrent
2010-07-19 07:09 . 2007-04-22 02:40 -------- d-----w- c:\program files\AIM+
2010-07-19 07:07 . 2010-05-16 04:19 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-19 07:07 . 2010-05-16 04:18 -------- d-----w- c:\program files\AVS4YOU
2010-07-07 06:29 . 2009-12-09 08:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 03:40 . 2009-09-20 07:59 129384 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-30 08:40 . 2007-04-22 10:21 191896 ----a-w- c:\documents and settings\kelsey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-29 16:01 . 2010-06-29 16:01 191896 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-29 16:01 . 2010-03-12 18:12 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-25 02:35 . 2007-08-10 01:53 -------- d-----w- c:\program files\Bonjour
2010-06-14 14:31 . 2010-02-04 03:11 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
2010-06-12 16:07 . 2007-06-14 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-21 21:14 . 2010-03-12 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-03-20 02:44 . 2008-03-20 02:44 1612672 ----a-w- c:\program files\CuteWriter.exe
2006-05-02 19:49 . 2006-05-02 19:49 21031280 ----a-w- c:\program files\aaw2007.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\kelsey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-09 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^kelsey^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\kelsey\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^kelsey^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\kelsey\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^kelsey^Start Menu^Programs^Startup^winesm32.exe]
path=c:\documents and settings\kelsey\Start Menu\Programs\Startup\winesm32.exe
backup=c:\windows\pss\winesm32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
c:\combofix\CF18348.cfxxe [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-07 01:07 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 14:04 53248 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series]
2004-03-04 10:00 98304 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATI9AA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-09 08:59 135664 ----atw- c:\documents and settings\kelsey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 22:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 23:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\grdmgr.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\WINDOWS\\SYSTEM32\\BugsSvr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [6/14/2007 11:29 am 682232]
.
Contents of the 'Scheduled Tasks' folder

2010-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536787594-2409408838-4148652776-1006Core.job
- c:\documents and settings\kelsey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-04 08:59]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536787594-2409408838-4148652776-1006UA.job
- c:\documents and settings\kelsey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-04 08:59]

2010-08-06 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-05 05:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: clubbox.co.kr
DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab
FF - ProfilePath - c:\documents and settings\kelsey\Application Data\Mozilla\Firefox\Profiles\Default User\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com
FF - plugin: c:\documents and settings\kelsey\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 17:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3000)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-06 17:41:20
ComboFix-quarantined-files.txt 2010-08-07 00:41
ComboFix2.txt 2010-08-06 14:49
ComboFix3.txt 2010-02-02 02:42

Pre-Run: 31,555,375,104 bytes free
Post-Run: 31,542,956,032 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 858D35E695D9AE7750AA74B7D53917EC


#11 Lanaea

Lanaea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CA
  • Local time:11:29 PM

Posted 06 August 2010 - 08:25 PM

browsing in chrome, msie, firefox... still getting redirects.

also, I can right click and do "open in new tab" and I get the actual site. but just clicking the link takes me through a redirect. (this has been true even before we started this removal process)

suggestions? sad.gif

Edited by Lanaea, 06 August 2010 - 09:57 PM.


#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:10:29 AM

Posted 07 August 2010 - 01:19 AM

Hello, Lanaea.
Don't worry... we'll get to the bottom of this tongue.gif

We need to run MBRCheck
  1. Please download MBRCheck from one of these locations:
    Link 1
    Link 2
    Link 3
  2. Double click MBRCheck.exe to run
  3. A report called MBRcheck will be on your desktop once the program is done
  4. Please copy and paste that into your reply

NEXT:

We need to run a custom OTL scan
  1. Please download OTL
  2. Save it to your desktop.
  3. Please run OTL on your desktop.
  4. Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not copy the word "code".
    CODE
    tsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  5. Click the Run Scan button
  6. A report will open. Copy and Paste that report in your next reply.

In your next reply, please include the following:
  • MBRCheck Log
  • OTL Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 Lanaea

Lanaea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CA
  • Local time:11:29 PM

Posted 07 August 2010 - 03:12 AM

hi again~

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 166):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 aliide.sys
0xF798D000 cmdide.sys
0xF798F000 toside.sys
0xF7991000 viaide.sys
0xF7993000 intelide.sys
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF7995000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF789B000 cpqarray.sys
0xF749A000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7482000 atapi.sys
0xF789F000 aha154x.sys
0xF7717000 sparrow.sys
0xF78A3000 symc810.sys
0xF7627000 aic78xx.sys
0xF78A7000 dac960nt.sys
0xF7637000 ql10wnt.sys
0xF78AB000 amsint.sys
0xF771F000 asc.sys
0xF78AF000 asc3550.sys
0xF7727000 mraid35x.sys
0xF772F000 i2omp.sys
0xF78B3000 ini910u.sys
0xF7647000 ql1240.sys
0xF7657000 aic78u2.sys
0xF7737000 symc8xx.sys
0xF773F000 sym_hi.sys
0xF7747000 sym_u3.sys
0xF774F000 ABP480N5.SYS
0xF7757000 asc3350p.sys
0xF7997000 cd20xrnt.sys
0xF7667000 ultra.sys
0xF786E000 adpu160m.sys
0xF775F000 dpti2o.sys
0xF7677000 ql1080.sys
0xF7687000 ql1280.sys
0xF7697000 ql12160.sys
0xF7767000 perc2.sys
0xF7999000 perc2hib.sys
0xF776F000 hpn.sys
0xF78B7000 cbidf2k.sys
0xF7842000 dac2w2k.sys
0xF76A7000 disk.sys
0xF76B7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7967000 fltmgr.sys
0xF7830000 sr.sys
0xF76C7000 PxHelp20.sys
0xF7950000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7A22000 NDIS.sys
0xF76D7000 Combo-Fix.sys
0xF76E7000 sisagp.sys
0xF76F7000 viaagp.sys
0xBA7E6000 Mup.sys
0xF7587000 agp440.sys
0xF7577000 alim1541.sys
0xF7567000 amdagp.sys
0xF7557000 agpCPQ.sys
0xB91A9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB90E4000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB90D0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB90A2000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB907E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77E7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8FE8000 \SystemRoot\system32\drivers\smwdm.sys
0xB8FC4000 \SystemRoot\system32\drivers\portcls.sys
0xB9199000 \SystemRoot\system32\drivers\drmk.sys
0xB8FA1000 \SystemRoot\system32\drivers\ks.sys
0xF79C9000 \SystemRoot\system32\drivers\aeaudio.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB8F8D000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA7D6000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA6A9000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA7C6000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA7B6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA7A6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF77F7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7AAC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA796000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA6A5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8F76000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA786000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA776000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8F65000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA766000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7807000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF780F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8F35000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA756000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7817000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF781F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79CB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8ED7000 \SystemRoot\system32\DRIVERS\update.sys
0xF793F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA695000 \SystemRoot\system32\DRIVERS\omci.sys
0xA4E72000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA4E52000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9F60A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x9F8C6000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0x9DDAD000 \SystemRoot\system32\DRIVERS\WG11TND5.sys
0x9DD8A000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7A09000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9E6B7000 \SystemRoot\System32\Drivers\Null.SYS
0xF799B000 \SystemRoot\System32\Drivers\Beep.SYS
0x9F5F2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9F5EA000 \SystemRoot\System32\drivers\vga.sys
0xF79A5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB9DB2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9EF01000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9EEF9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9F8BA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9DD57000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x9DCFE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x9DCD6000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9F8B2000 \SystemRoot\System32\drivers\ws2ifsl.sys
0x9DCB4000 \SystemRoot\System32\drivers\afd.sys
0x9F6C8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9DC89000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9DC19000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9EB73000 \SystemRoot\System32\Drivers\Fips.SYS
0x9DBF3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9EB63000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9EEF1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9E98D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9EB23000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9E985000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9E97D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9EB13000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0x9DE2C000 \SystemRoot\System32\drivers\Dxapi.sys
0x9EEE1000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB9346000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03E000 \SystemRoot\System32\ialmdev5.DLL
0xBF064000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA09BD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9DAFE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9DAC1000 \SystemRoot\system32\drivers\wdmaud.sys
0xA854D000 \SystemRoot\system32\drivers\sysaudio.sys
0x9E589000 \??\C:\WINDOWS\system32\Drivers\BASFND.sys
0x9D8AC000 \SystemRoot\system32\DRIVERS\srv.sys
0x9D573000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA64D000 \??\C:\DOCUME~1\kelsey\LOCALS~1\Temp\mbr.sys
0xF77B7000 \??\C:\ComboFix\catchme.sys
0xF79F1000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0x9D070000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
548 C:\WINDOWS\SYSTEM32\smss.exe
780 csrss.exe
804 C:\WINDOWS\SYSTEM32\winlogon.exe
852 C:\WINDOWS\SYSTEM32\services.exe
864 C:\WINDOWS\SYSTEM32\lsass.exe
1048 C:\WINDOWS\SYSTEM32\svchost.exe
1112 svchost.exe
1152 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1192 C:\WINDOWS\SYSTEM32\svchost.exe
1256 svchost.exe
1360 svchost.exe
1856 C:\WINDOWS\SYSTEM32\spoolsv.exe
1952 svchost.exe
204 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
224 C:\WINDOWS\SYSTEM32\BAsfIpM.exe
244 C:\Program Files\Bonjour\mDNSResponder.exe
408 C:\Program Files\Dell\OpenManage\Client\Iap.exe
616 C:\Program Files\Java\jre6\bin\jqs.exe
708 C:\WINDOWS\SYSTEM32\svchost.exe
2288 alg.exe
3732 C:\WINDOWS\SYSTEM32\hkcmd.exe
3740 C:\Program Files\Microsoft Security Essentials\msseces.exe
3808 C:\Program Files\iTunes\iTunesHelper.exe
3904 C:\Documents and Settings\kelsey\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
1732 C:\Program Files\iPod\bin\iPodService.exe
3004 wmiprvse.exe
3000 C:\WINDOWS\explorer.exe
2508 C:\WINDOWS\SYSTEM32\ctfmon.exe
1312 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
3828 C:\Documents and Settings\kelsey\Desktop\MBRCheck.exe
3032 MpCmdRun.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`03ec1000 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive1 Model Number: WDCWD800JD-75JNA0, Rev: 05.01C05
PhysicalDrive2 Model Number: WDCWD5000AACS-00ZUB0, Rev: 01.01B01

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive2 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495


Done!




OTL logfile created on: 8/7/2010 12:39:56 am - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\kelsey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 29.36 Gb Free Space | 39.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 268.75 Gb Free Space | 57.70% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2ZLV571
Current User Name: kelsey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/07 00:36:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kelsey\Desktop\OTL.exe
PRC - [2010/06/26 15:21:33 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\kelsey\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/08/17 15:16:34 | 002,356,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/04/01 17:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe
PRC - [2004/02/13 09:47:02 | 000,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe


========== Modules (SafeList) ==========

MOD - [2010/08/07 00:36:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kelsey\Desktop\OTL.exe
MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/08/09 18:44:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2004/04/01 17:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe -- (BAsfIpM)
SRV - [2004/02/13 09:47:02 | 000,155,648 | ---- | M] (Dell Inc) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - [2008/04/14 01:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 01:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/14 11:29:15 | 000,682,232 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys -- (sptd)
DRV - [2005/09/05 10:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WG11TND5.sys -- (AR5523)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/05/29 16:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2003/04/24 15:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BASFND.sys -- (BASFND)
DRV - [2001/08/17 15:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ovcd.sys -- (QCDonner)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 00:45:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/09 00:46:26 | 000,000,000 | ---D | M]

[2008/12/05 10:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Extensions
[2010/08/06 18:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Firefox\Profiles\Default User\extensions
[2009/09/13 18:00:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Firefox\Profiles\Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/16 11:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Firefox\Profiles\Default User\extensions\moveplayer@movenetworks.com
[2007/04/22 03:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Firefox\Profiles\default.3dj\extensions
[2007/04/22 03:20:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Firefox\Profiles\default.3dj\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/04/22 03:20:55 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Firefox\Profiles\default.3dj\extensions\{641d8d09-7dda-4850-8228-ac0ab65e2ac9}
[2007/04/22 03:20:55 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Firefox\Profiles\default.3dj\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/08/06 18:37:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/06 07:37:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clubbox.co.kr ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Reg Error: Key error.)
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} http://app.ipop.co.kr/gom/GomWeb.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\kelsey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kelsey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/07 00:36:14 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kelsey\Desktop\OTL.exe
[2010/08/06 07:22:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/06 07:22:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/06 07:22:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/06 07:22:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/04 01:29:45 | 000,000,000 | ---D | C] -- C:\rsit
[2010/07/26 22:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\jvytntoud
[2010/07/26 22:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/26 22:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/22 00:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/22 00:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/18 19:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/18 19:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/18 19:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/18 19:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/18 18:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kelsey\Local Settings\Application Data\ciomulhju
[2010/07/14 07:37:44 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/07 00:36:25 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\5150.doc
[2010/08/07 00:36:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kelsey\Desktop\OTL.exe
[2010/08/07 00:35:40 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\MBRCheck.exe
[2010/08/07 00:26:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3536787594-2409408838-4148652776-1006UA.job
[2010/08/06 17:41:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/06 17:36:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/06 17:25:44 | 003,816,456 | R--- | M] () -- C:\Documents and Settings\kelsey\Desktop\ComboFix.exe
[2010/08/06 15:26:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3536787594-2409408838-4148652776-1006Core.job
[2010/08/06 07:37:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/08/06 07:37:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/08/06 07:36:52 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/08/06 07:36:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/06 07:36:44 | 2674,012,160 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/06 07:35:46 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\kelsey\NTUSER.DAT
[2010/08/06 07:35:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\kelsey\NTUSER.INI
[2010/08/04 17:32:53 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\kelsey\Desktop\~$Hello.doc
[2010/08/04 01:22:14 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\Hello.doc
[2010/08/04 01:18:13 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\dds (1).scr
[2010/08/04 01:16:51 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\RKUnhookerLE (1).EXE
[2010/08/04 01:16:38 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\4vy92qh8.exe
[2010/08/04 01:16:25 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\RSIT.exe
[2010/08/04 01:16:14 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\Defogger (1).exe
[2010/07/30 13:59:05 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/30 13:52:48 | 000,033,147 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\phuket.jpg
[2010/07/28 18:23:18 | 000,074,662 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\gradschool2.jpg
[2010/07/28 18:20:32 | 000,077,687 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\gradschool.jpg
[2010/07/28 18:18:11 | 000,058,887 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\bananaclub.jpg
[2010/07/26 22:13:41 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\rkill.com
[2010/07/26 19:39:16 | 000,028,547 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\n.jpg
[2010/07/26 01:45:24 | 000,099,790 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\n19900757_32203985_8081.jpg
[2010/07/25 14:35:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/25 10:33:33 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\RKUnhookerLE.EXE
[2010/07/25 10:33:20 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\dds.scr
[2010/07/25 09:41:08 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Kqatezivanomo.dat
[2010/07/25 09:41:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Nlufako.bin
[2010/07/24 00:31:46 | 000,235,993 | ---- | M] () -- C:\Documents and Settings\kelsey\My Documents\560_0_resize.jpg
[2010/07/23 07:27:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\kelsey\My Documents\~$eeping Computer Malware Removal.doc
[2010/07/22 23:03:38 | 000,931,840 | ---- | M] () -- C:\Documents and Settings\kelsey\My Documents\Bleeping Computer Malware Removal.doc
[2010/07/22 18:19:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\kelsey\defogger_reenable
[2010/07/22 00:28:09 | 000,225,792 | ---- | M] () -- C:\Documents and Settings\kelsey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/18 18:41:39 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/10 09:53:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/07 00:35:39 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\MBRCheck.exe
[2010/08/06 22:00:01 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\5150.doc
[2010/08/06 07:22:20 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/06 07:22:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/06 07:22:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/06 07:22:20 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/06 07:22:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/06 07:21:20 | 003,816,456 | R--- | C] () -- C:\Documents and Settings\kelsey\Desktop\ComboFix.exe
[2010/08/04 17:32:53 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\kelsey\Desktop\~$Hello.doc
[2010/08/04 01:22:14 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\Hello.doc
[2010/08/04 01:18:09 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\dds (1).scr
[2010/08/04 01:16:50 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\RKUnhookerLE (1).EXE
[2010/08/04 01:16:37 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\4vy92qh8.exe
[2010/08/04 01:16:23 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\RSIT.exe
[2010/08/04 01:16:13 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\Defogger (1).exe
[2010/07/30 13:59:05 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/30 13:52:48 | 000,033,147 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\phuket.jpg
[2010/07/28 18:23:18 | 000,074,662 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\gradschool2.jpg
[2010/07/28 18:20:31 | 000,077,687 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\gradschool.jpg
[2010/07/28 18:18:11 | 000,058,887 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\bananaclub.jpg
[2010/07/26 22:13:36 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\rkill.com
[2010/07/26 19:39:16 | 000,028,547 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\n.jpg
[2010/07/26 01:44:45 | 000,099,790 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\n19900757_32203985_8081.jpg
[2010/07/25 10:33:33 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\RKUnhookerLE.EXE
[2010/07/24 00:31:46 | 000,235,993 | ---- | C] () -- C:\Documents and Settings\kelsey\My Documents\560_0_resize.jpg
[2010/07/23 07:27:43 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\kelsey\My Documents\~$eeping Computer Malware Removal.doc
[2010/07/22 23:03:38 | 000,931,840 | ---- | C] () -- C:\Documents and Settings\kelsey\My Documents\Bleeping Computer Malware Removal.doc
[2010/07/22 18:20:30 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\dds.scr
[2010/07/22 18:19:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\kelsey\defogger_reenable
[2010/07/18 19:56:07 | 2674,012,160 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/18 18:41:36 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/06/18 18:59:37 | 000,000,027 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/05/16 09:01:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/03 21:23:10 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/03/19 19:45:07 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/10/15 17:13:10 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
[2007/08/02 23:56:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/02 22:28:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/04/22 18:28:17 | 000,000,084 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/04/22 17:55:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\nod.dll
[2007/04/22 17:52:53 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\fscflist.ini
[2007/04/22 17:52:51 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\fscagent.ini
[2007/04/21 19:41:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/05/02 13:49:38 | 000,000,385 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/26 13:34:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2005/03/29 22:40:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/29 22:17:46 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 16:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< tsvcs >

< %SYSTEMDRIVE%\*.* >
[2004/06/28 00:42:46 | 000,051,941 | ---- | M] () -- C:\19146.gif
[2004/03/02 02:30:58 | 000,008,202 | ---- | M] () -- C:\19146.jpg
[2003/03/24 23:10:18 | 000,012,437 | ---- | M] () -- C:\3-10photo1.jpg
[2004/07/25 01:50:04 | 000,029,797 | ---- | M] () -- C:\328503.gif
[2004/10/24 03:04:16 | 000,007,817 | ---- | M] () -- C:\a335.gif
[2010/04/11 20:36:06 | 000,000,035 | ---- | M] () -- C:\aa.txt
[2010/03/11 16:57:16 | 000,000,068 | -H-- | M] () -- C:\aaw7boot.cmd
[2010/03/11 16:44:56 | 000,000,668 | ---- | M] () -- C:\aaw7boot.log
[2004/10/12 21:45:12 | 002,636,408 | ---- | M] () -- C:\aawsepersonal.exe
[2009/12/09 01:41:56 | 077,086,488 | ---- | M] (Lavasoft ) -- C:\Ad-AwareInstallation.exe
[2005/04/05 00:47:04 | 020,798,256 | ---- | M] (Netopsystems AG ) -- C:\AdbeRdr70_enu_full.exe
[2007/05/22 10:41:53 | 021,822,168 | ---- | M] ( ) -- C:\AdbeRdr80_en_US.exe
[2005/04/10 22:38:30 | 001,374,689 | ---- | M] (XemiComputers Ltd. ) -- C:\adcsr.exe
[2003/08/08 10:33:44 | 000,203,061 | ---- | M] () -- C:\AIM+Setup.exe
[2005/04/05 02:42:24 | 001,897,860 | ---- | M] (ESTsoft Corp. ) -- C:\alzip.exe
[2007/06/25 00:11:53 | 000,089,379 | ---- | M] () -- C:\angel131.jpg
[2003/09/02 01:05:22 | 000,021,705 | ---- | M] () -- C:\Animation1.gif
[2003/09/02 01:07:14 | 000,013,584 | ---- | M] () -- C:\Animation2.gif
[2003/12/08 21:07:56 | 000,343,207 | ---- | M] () -- C:\AppleWin_1.10.zip
[2007/05/22 12:46:35 | 000,033,792 | ---- | M] () -- C:\ARPEDepartmentalApplication.xls
[2004/08/11 16:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/12/11 18:33:34 | 000,002,422 | ---- | M] () -- C:\bbc.ico
[2003/11/24 01:29:20 | 000,041,404 | ---- | M] () -- C:\billy-vector.jpg
[2003/01/15 09:25:10 | 000,863,494 | ---- | M] (Stardust Software) -- C:\blumaroobounce.exe
[2006/01/18 13:24:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/03/11 14:57:19 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2007/10/12 23:57:10 | 015,739,448 | ---- | M] () -- C:\CakeManiaSetup.exe
[2005/11/17 22:04:34 | 000,011,031 | ---- | M] () -- C:\candy bar doll me!!.gif
[2003/08/13 02:00:08 | 000,177,578 | ---- | M] () -- C:\cheat1.bmp
[2003/09/11 00:48:32 | 000,046,815 | ---- | M] () -- C:\cheygayman.jpg
[2005/11/13 20:57:22 | 000,853,672 | ---- | M] () -- C:\chinatown 004.jpg
[2006/04/30 22:05:12 | 000,132,882 | ---- | M] () -- C:\CIMG0008.JPG
[2006/04/30 22:03:56 | 000,128,192 | ---- | M] () -- C:\CIMG0012.JPG
[2006/04/08 02:22:58 | 000,956,890 | ---- | M] () -- C:\CIMG0102.JPG
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/06 17:41:24 | 000,010,987 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 16:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/03/29 22:18:02 | 000,003,756 | RH-- | M] () -- C:\DELL.SDR
[2003/04/28 23:09:28 | 000,044,345 | ---- | M] () -- C:\desk.JPG
[2003/05/21 00:03:44 | 000,069,954 | ---- | M] () -- C:\desk2.JPG
[2003/05/25 01:07:20 | 000,084,298 | ---- | M] () -- C:\deskcap3.JPG
[2002/07/06 02:05:14 | 003,286,795 | ---- | M] () -- C:\DivX502Bundle.exe
[2006/10/15 01:27:12 | 024,265,736 | ---- | M] (Microsoft) -- C:\dotnetfx.exe
[2006/12/30 14:22:54 | 000,363,800 | ---- | M] (Digital River, Inc.) -- C:\download-flvplayer_setup.exe.exe
[2004/03/07 01:43:44 | 000,662,307 | ---- | M] () -- C:\DSC00244-1.JPG
[2004/03/07 01:42:32 | 000,724,615 | ---- | M] () -- C:\DSC00249-1.JPG
[2006/01/29 21:21:02 | 000,783,909 | ---- | M] () -- C:\DSCF0635.JPG
[2004/07/31 17:21:36 | 000,102,487 | ---- | M] () -- C:\DTR.JPG
[2004/08/27 03:27:18 | 003,038,672 | ---- | M] () -- C:\Dynomite Deluxe 2.71.exe
[2005/09/18 00:26:06 | 000,020,473 | ---- | M] () -- C:\earrang.jpg
[2003/01/01 19:45:04 | 002,266,608 | ---- | M] () -- C:\ec22.exe
[2007/09/05 22:19:04 | 006,820,864 | ---- | M] () -- C:\epson11262.exe
[2007/09/13 11:38:16 | 007,848,448 | ---- | M] () -- C:\epson11375.exe
[2007/09/13 11:26:28 | 007,005,184 | ---- | M] () -- C:\epson11505.exe
[2007/04/29 23:42:34 | 003,224,463 | ---- | M] () -- C:\fgf173.exe
[2004/08/10 23:27:24 | 005,082,708 | ---- | M] (Mozilla) -- C:\FirefoxSetup-0.9.3.exe
[2002/10/11 14:45:28 | 000,013,071 | ---- | M] () -- C:\fwnfe.zip
[2003/06/29 11:42:10 | 000,119,602 | ---- | M] () -- C:\gm121d.zip
[2005/09/03 13:36:36 | 000,336,821 | ---- | M] () -- C:\gn 001.jpg
[2010/08/06 07:36:44 | 2674,012,160 | -HS- | M] () -- C:\hiberfil.sys
[2008/05/04 10:30:30 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2004/03/07 15:47:08 | 000,139,478 | ---- | M] () -- C:\ibrentskateboard.jpg
[2003/06/26 23:06:00 | 000,025,997 | ---- | M] () -- C:\iconsxp.zip
[2007/11/25 01:47:23 | 000,191,572 | ---- | M] () -- C:\iconsxp2.zip
[2007/11/25 01:46:58 | 000,025,997 | ---- | M] () -- C:\iconsxp3.zip
[2002/08/02 23:02:26 | 002,032,792 | ---- | M] (Microsoft Corporation) -- C:\ie_ko.exe
[2003/09/25 11:08:58 | 000,063,496 | ---- | M] () -- C:\index.1
[2004/08/11 16:27:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2007/04/28 17:54:45 | 008,506,408 | ---- | M] () -- C:\Install_AIM59.exe
[2006/11/20 00:27:28 | 001,410,680 | ---- | M] () -- C:\install_flash_player.exe
[2004/08/11 16:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/03/29 00:38:48 | 000,000,722 | -H-- | M] () -- C:\IPH.PH
[2005/11/28 05:10:06 | 056,298,664 | ---- | M] (Apple Computer, Inc. ) -- C:\iPodSetup.exe
[2004/03/07 15:48:34 | 000,130,437 | ---- | M] () -- C:\isangwall.jpg
[2006/03/21 23:45:34 | 001,321,140 | ---- | M] () -- C:\iScrobblerWin_1_1_0.exe
[2008/05/08 08:01:28 | 059,782,440 | ---- | M] (Apple Inc.) -- C:\iTunesSetup.exe
[2002/12/22 20:33:38 | 000,827,392 | ---- | M] () -- C:\iview375.exe
[2005/09/21 23:17:14 | 000,336,896 | ---- | M] () -- C:\keljudjes.jpg
[2003/11/05 22:45:32 | 003,366,186 | ---- | M] () -- C:\klitekpp243e.exe
[2007/09/22 00:02:03 | 004,217,146 | ---- | M] (Last.fm ) -- C:\Last.fm-1.3.2.13b.exe
[2003/12/27 11:50:10 | 001,760,378 | ---- | M] () -- C:\lavasoft ad-aware 6.0 build 181 (aaw6.exe).exe
[2003/03/30 15:45:54 | 000,032,955 | ---- | M] () -- C:\layout.JPG
[2003/06/21 23:55:28 | 000,393,216 | ---- | M] () -- C:\lemonade_tycoon.zip
[2006/09/18 18:08:58 | 000,359,112 | ---- | M] () -- C:\LimeWireWin.exe
[2009/03/25 23:15:16 | 002,813,421 | ---- | M] (ManiacTools.com ) -- C:\m4a-to-mp3-converter.exe
[2006/04/28 12:40:18 | 043,424,778 | ---- | M] () -- C:\making friends1.avi
[2003/04/08 19:11:36 | 000,003,644 | ---- | M] () -- C:\ma_de_item04b.gif
[2003/04/08 19:11:58 | 000,002,879 | ---- | M] () -- C:\ma_li_item04a_1.gif
[2009/12/09 01:41:45 | 004,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2003/08/17 13:41:16 | 000,092,166 | ---- | M] () -- C:\mfaq52hp.zip
[2003/08/17 13:40:18 | 001,216,000 | ---- | M] (mIRC Co. Ltd.) -- C:\mirc603.exe
[2004/10/16 00:23:54 | 012,653,296 | ---- | M] (Microsoft Corporation) -- C:\MP10Setup.exe
[2004/09/16 01:44:12 | 010,431,072 | ---- | M] (Microsoft Corporation) -- C:\mp71.exe
[2004/08/11 16:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2005/12/19 21:36:14 | 005,316,176 | ---- | M] (Microsoft Corporation) -- C:\msjavx86.exe
[2003/09/08 02:30:42 | 000,005,283 | ---- | M] () -- C:\msnemails.gif
[2004/11/17 03:35:14 | 001,035,943 | ---- | M] ( ) -- C:\myTunesReduxInstaller.exe
[2006/11/30 22:42:26 | 000,056,702 | ---- | M] () -- C:\n19900125_30251321_1358.jpg
[2007/10/17 17:12:20 | 001,305,088 | ---- | M] () -- C:\Netflix_Movie_Viewer_Installer.msi
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/12 12:42:32 | 000,250,048 | ---- | M] () -- C:\ntldr
[2007/07/06 20:48:15 | 001,088,976 | ---- | M] () -- C:\octosetup_v_l_odd.exe
[2005/04/19 00:43:04 | 000,394,451 | ---- | M] () -- C:\other_quotes.zip
[2004/01/01 01:00:00 | 000,850,622 | ---- | M] () -- C:\P1010309.JPG
[2006/02/05 14:25:58 | 000,893,121 | ---- | M] () -- C:\P1010310.JPG
[2006/02/05 14:27:02 | 000,527,928 | ---- | M] () -- C:\P1010311.JPG
[2004/01/01 01:00:00 | 000,830,522 | ---- | M] () -- C:\P1010312.JPG
[2006/04/02 12:36:04 | 000,468,299 | ---- | M] () -- C:\P1010517.JPG
[2010/08/06 07:36:43 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2003/04/06 17:27:52 | 031,354,419 | ---- | M] () -- C:\Paint Shop Pro 7 full.zip
[2004/10/04 23:52:50 | 001,028,385 | ---- | M] (Stardust Software) -- C:\petpetsitter.exe
[2004/12/29 12:06:34 | 000,070,367 | ---- | M] () -- C:\phpfanbase_v2.zip
[2002/08/04 16:50:28 | 001,650,357 | ---- | M] () -- C:\player304.exe
[2006/10/15 01:37:50 | 000,488,094 | ---- | M] ( ) -- C:\PlazerSetup.exe
[2004/09/05 15:30:40 | 000,481,251 | ---- | M] () -- C:\plvx2cleaner.exe
[2009/05/02 22:31:21 | 005,618,115 | ---- | M] () -- C:\Poladroid0.9.5r5-PC.zip
[2003/05/22 02:21:18 | 000,041,626 | ---- | M] () -- C:\ps-brian2.jpg
[2008/02/16 00:46:08 | 030,401,112 | ---- | M] (Logitech, Inc.) -- C:\qc1150.exe
[2008/02/16 00:39:05 | 033,344,864 | ---- | M] (Logitech, Inc.) -- C:\qc1150_x64.exe
[2007/04/25 21:57:26 | 019,994,184 | ---- | M] (Apple Computer, Inc.) -- C:\QuickTimeInstaller.exe
[2002/08/11 02:27:28 | 001,799,685 | ---- | M] () -- C:\QuickVCD.exe
[2003/09/13 13:33:40 | 000,099,269 | ---- | M] () -- C:\r89s.wav
[2010/03/11 15:32:24 | 000,002,851 | ---- | M] () -- C:\rapport.txt
[1996/10/09 03:21:18 | 000,000,780 | ---- | M] () -- C:\README.TXT
[2005/09/18 00:19:16 | 000,850,971 | ---- | M] () -- C:\rebels 004.jpg
[2005/09/18 00:26:50 | 000,035,898 | ---- | M] () -- C:\rebels 005.jpg
[2008/06/02 17:11:57 | 042,925,882 | ---- | M] () -- C:\rezcon-win.exe
[2004/03/17 14:15:30 | 000,002,485 | ---- | M] () -- C:\rickee.txt
[2003/05/12 23:14:38 | 000,286,294 | ---- | M] () -- C:\ringtone.wav
[2003/11/28 03:14:54 | 001,043,479 | ---- | M] () -- C:\RJSS95.EXE
[2010/07/26 22:26:56 | 000,000,371 | ---- | M] () -- C:\rkill.log
[1996/10/09 01:23:28 | 002,071,235 | ---- | M] () -- C:\ROMEO95.EXE
[2005/09/17 12:52:22 | 000,788,318 | ---- | M] () -- C:\roomiesdos 001.jpg
[2005/09/17 12:52:24 | 000,828,861 | ---- | M] () -- C:\roomiesdos 002.jpg
[2003/10/12 23:22:52 | 000,041,125 | ---- | M] () -- C:\runmenu.jpg
[2004/03/07 15:30:12 | 000,249,520 | ---- | M] () -- C:\sangwall.jpg
[2004/03/07 15:31:12 | 000,257,853 | ---- | M] () -- C:\sangwall2.jpg
[2007/11/25 01:52:03 | 000,399,703 | ---- | M] () -- C:\sb_quotes.zip
[2004/02/09 12:35:16 | 000,962,597 | ---- | M] () -- C:\scanogram.jpg
[2001/03/14 11:21:18 | 000,002,238 | ---- | M] () -- C:\ShinHwaicon.ico
[2008/02/16 00:55:50 | 006,997,792 | ---- | M] (SightSpeed Inc.) -- C:\SightSpeedSetup.exe
[2009/09/08 19:52:51 | 004,938,616 | ---- | M] (Microsoft Corporation) -- C:\Silverlight.exe
[2005/10/29 01:14:26 | 000,038,289 | ---- | M] () -- C:\SimpleViewer_v17.zip
[2008/06/18 18:58:01 | 000,039,409 | ---- | M] () -- C:\ski32.zip
[2002/07/15 01:43:44 | 000,230,975 | ---- | M] () -- C:\skinner120.zip
[2004/11/07 23:05:04 | 000,786,333 | ---- | M] () -- C:\slsk154test.exe
[2005/04/11 00:03:50 | 000,107,792 | ---- | M] (Microsoft Corporation) -- C:\sndrec32.exe
[2004/05/14 08:27:30 | 004,354,084 | ---- | M] (Safer Networking Limited ) -- C:\spybot 1.3 05.12.04 (spybotsd13.exe).exe
[2007/10/08 23:42:20 | 007,467,056 | ---- | M] (Safer Networking Ltd. ) -- C:\spybotsd15.exe
[2004/09/05 15:07:22 | 002,247,855 | ---- | M] (Javacool Software LLC ) -- C:\spywareblastersetup.exe
[2005/10/31 08:56:02 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2004/09/09 00:51:46 | 000,065,503 | ---- | M] () -- C:\surf-flier-small.jpg
[2007/11/25 01:50:12 | 001,544,848 | ---- | M] () -- C:\sys_sounds.zip
[2003/07/22 04:25:10 | 000,387,985 | ---- | M] (Macromedia, Inc.) -- C:\take-a-break.exe
[2003/01/15 09:16:22 | 000,900,243 | ---- | M] (Stardust Software) -- C:\techodance.exe
[2007/11/25 01:54:05 | 000,844,636 | ---- | M] () -- C:\The Cheat Theme Song.zip
[2007/11/25 01:56:02 | 000,688,534 | ---- | M] () -- C:\The System is Down.zip
[2007/11/25 01:54:44 | 000,859,743 | ---- | M] () -- C:\Trogdor.zip
[2004/02/06 01:25:58 | 000,000,079 | ---- | M] () -- C:\twacker.log
[2003/08/14 05:17:16 | 000,000,062 | ---- | M] () -- C:\Untitled-1 copy.gif
[2003/05/29 22:53:42 | 000,005,361 | ---- | M] () -- C:\Untitled-2 copy.jpg
[2003/08/28 22:37:00 | 000,046,263 | ---- | M] () -- C:\untitled.GIF
[2003/06/13 03:06:02 | 000,067,429 | ---- | M] () -- C:\untitled.JPG
[2003/08/16 19:49:44 | 000,108,251 | ---- | M] () -- C:\untitled2.JPG
[2003/08/16 19:57:10 | 000,046,338 | ---- | M] () -- C:\untitled3.JPG
[2003/08/17 01:45:04 | 000,022,754 | ---- | M] () -- C:\untitled4.JPG
[2004/12/11 19:18:06 | 000,001,189 | ---- | M] () -- C:\VETlog.txt
[2006/12/30 14:00:46 | 000,014,738 | ---- | M] () -- C:\videodownloader-1.1.1-fx.xpi
[2007/05/27 14:05:24 | 009,516,033 | ---- | M] () -- C:\vlc-0.8.6b-win32.exe
[2004/08/11 08:58:14 | 000,000,014 | ---- | M] () -- C:\win2.log
[2004/08/10 22:20:56 | 005,703,377 | ---- | M] (Intel Corporation) -- C:\win2k_xp141.exe
[2007/04/22 18:28:13 | 006,718,976 | ---- | M] (Nullsoft, Inc.) -- C:\winamp533_full_emusic-7plus.exe
[2004/08/11 09:07:16 | 002,710,296 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB835732-x86-ENU.EXE
[2006/03/21 23:04:26 | 000,000,621 | ---- | M] () -- C:\WS_FTP.LOG
[2007/08/04 17:04:43 | 000,682,063 | ---- | M] () -- C:\ws_ftp45.exe
[2002/07/13 22:18:16 | 000,707,072 | ---- | M] () -- C:\ws_ftple.exe
[2004/10/02 11:46:46 | 003,905,464 | ---- | M] (Microsoft Corporation) -- C:\xlViewer.exe
[2003/07/17 11:32:16 | 000,142,993 | ---- | M] () -- C:\XviD-Dec-300303.exe
[2005/11/17 21:18:20 | 006,805,758 | ---- | M] () -- C:\yahoo_dynomite_tm1-1.exe
[2003/01/08 05:00:50 | 001,256,972 | ---- | M] () -- C:\ZipWizard20.exe
[2010/07/18 18:41:39 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2004/08/24 20:50:04 | 006,113,752 | ---- | M] () -- C:\ZumaSetup.exe
[2007/08/11 07:33:56 | 000,000,221 | ---- | M] () -- C:\_audioscrobbler.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 16:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/11 16:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/11 16:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >

========== Files - Unicode (All) ==========
[2008/03/12 02:53:30 | 000,070,656 | ---- | M] ()(C:\Documents and Settings\kelsey\My Documents\?????.doc) -- C:\Documents and Settings\kelsey\My Documents\사랑인가요.doc
[2008/03/12 02:40:40 | 000,070,656 | ---- | C] ()(C:\Documents and Settings\kelsey\My Documents\?????.doc) -- C:\Documents and Settings\kelsey\My Documents\사랑인가요.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE2C623F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1F4E0B
< End of report >



wasn't sure if you wanted extras too so in case, here it is




OTL Extras logfile created on: 8/7/2010 12:39:56 am - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\kelsey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 29.36 Gb Free Space | 39.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 268.75 Gb Free Space | 57.70% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2ZLV571
Current User Name: kelsey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\grdmgr.exe" = C:\WINDOWS\SYSTEM32\grdmgr.exe:*:Enabled:CDN ???? ?? -- (나우콤)
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\WINDOWS\SYSTEM32\BugsSvr.exe" = C:\WINDOWS\SYSTEM32\BugsSvr.exe:*:Enabled:Bugs Music Player Control -- ()
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{45ACEB0A-5B7F-22C5-39F8-0D2CA0918A27}" = MyFonts Order M1124785
"{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}" = Google Earth Pro
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90BC0F01-9D99-4686-AC14-2EEC0246FB84}" = Poladroid
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9811A185-3D3D-11D6-9E14-00036D172B00}" = Adobe MPEG Encoder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.

hi again~

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 166):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 aliide.sys
0xF798D000 cmdide.sys
0xF798F000 toside.sys
0xF7991000 viaide.sys
0xF7993000 intelide.sys
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF7995000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF789B000 cpqarray.sys
0xF749A000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7482000 atapi.sys
0xF789F000 aha154x.sys
0xF7717000 sparrow.sys
0xF78A3000 symc810.sys
0xF7627000 aic78xx.sys
0xF78A7000 dac960nt.sys
0xF7637000 ql10wnt.sys
0xF78AB000 amsint.sys
0xF771F000 asc.sys
0xF78AF000 asc3550.sys
0xF7727000 mraid35x.sys
0xF772F000 i2omp.sys
0xF78B3000 ini910u.sys
0xF7647000 ql1240.sys
0xF7657000 aic78u2.sys
0xF7737000 symc8xx.sys
0xF773F000 sym_hi.sys
0xF7747000 sym_u3.sys
0xF774F000 ABP480N5.SYS
0xF7757000 asc3350p.sys
0xF7997000 cd20xrnt.sys
0xF7667000 ultra.sys
0xF786E000 adpu160m.sys
0xF775F000 dpti2o.sys
0xF7677000 ql1080.sys
0xF7687000 ql1280.sys
0xF7697000 ql12160.sys
0xF7767000 perc2.sys
0xF7999000 perc2hib.sys
0xF776F000 hpn.sys
0xF78B7000 cbidf2k.sys
0xF7842000 dac2w2k.sys
0xF76A7000 disk.sys
0xF76B7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7967000 fltmgr.sys
0xF7830000 sr.sys
0xF76C7000 PxHelp20.sys
0xF7950000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7A22000 NDIS.sys
0xF76D7000 Combo-Fix.sys
0xF76E7000 sisagp.sys
0xF76F7000 viaagp.sys
0xBA7E6000 Mup.sys
0xF7587000 agp440.sys
0xF7577000 alim1541.sys
0xF7567000 amdagp.sys
0xF7557000 agpCPQ.sys
0xB91A9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB90E4000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB90D0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB90A2000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB907E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77E7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8FE8000 \SystemRoot\system32\drivers\smwdm.sys
0xB8FC4000 \SystemRoot\system32\drivers\portcls.sys
0xB9199000 \SystemRoot\system32\drivers\drmk.sys
0xB8FA1000 \SystemRoot\system32\drivers\ks.sys
0xF79C9000 \SystemRoot\system32\drivers\aeaudio.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB8F8D000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA7D6000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA6A9000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA7C6000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA7B6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA7A6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF77F7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7AAC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA796000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA6A5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8F76000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA786000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA776000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8F65000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA766000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7807000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF780F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8F35000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA756000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7817000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF781F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79CB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8ED7000 \SystemRoot\system32\DRIVERS\update.sys
0xF793F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA695000 \SystemRoot\system32\DRIVERS\omci.sys
0xA4E72000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA4E52000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9F60A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x9F8C6000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0x9DDAD000 \SystemRoot\system32\DRIVERS\WG11TND5.sys
0x9DD8A000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7A09000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9E6B7000 \SystemRoot\System32\Drivers\Null.SYS
0xF799B000 \SystemRoot\System32\Drivers\Beep.SYS
0x9F5F2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9F5EA000 \SystemRoot\System32\drivers\vga.sys
0xF79A5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB9DB2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9EF01000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9EEF9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9F8BA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9DD57000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x9DCFE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x9DCD6000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9F8B2000 \SystemRoot\System32\drivers\ws2ifsl.sys
0x9DCB4000 \SystemRoot\System32\drivers\afd.sys
0x9F6C8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9DC89000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9DC19000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9EB73000 \SystemRoot\System32\Drivers\Fips.SYS
0x9DBF3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9EB63000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9EEF1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9E98D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9EB23000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9E985000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9E97D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9EB13000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0x9DE2C000 \SystemRoot\System32\drivers\Dxapi.sys
0x9EEE1000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB9346000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03E000 \SystemRoot\System32\ialmdev5.DLL
0xBF064000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA09BD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9DAFE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9DAC1000 \SystemRoot\system32\drivers\wdmaud.sys
0xA854D000 \SystemRoot\system32\drivers\sysaudio.sys
0x9E589000 \??\C:\WINDOWS\system32\Drivers\BASFND.sys
0x9D8AC000 \SystemRoot\system32\DRIVERS\srv.sys
0x9D573000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA64D000 \??\C:\DOCUME~1\kelsey\LOCALS~1\Temp\mbr.sys
0xF77B7000 \??\C:\ComboFix\catchme.sys
0xF79F1000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0x9D070000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
548 C:\WINDOWS\SYSTEM32\smss.exe
780 csrss.exe
804 C:\WINDOWS\SYSTEM32\winlogon.exe
852 C:\WINDOWS\SYSTEM32\services.exe
864 C:\WINDOWS\SYSTEM32\lsass.exe
1048 C:\WINDOWS\SYSTEM32\svchost.exe
1112 svchost.exe
1152 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1192 C:\WINDOWS\SYSTEM32\svchost.exe
1256 svchost.exe
1360 svchost.exe
1856 C:\WINDOWS\SYSTEM32\spoolsv.exe
1952 svchost.exe
204 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
224 C:\WINDOWS\SYSTEM32\BAsfIpM.exe
244 C:\Program Files\Bonjour\mDNSResponder.exe
408 C:\Program Files\Dell\OpenManage\Client\Iap.exe
616 C:\Program Files\Java\jre6\bin\jqs.exe
708 C:\WINDOWS\SYSTEM32\svchost.exe
2288 alg.exe
3732 C:\WINDOWS\SYSTEM32\hkcmd.exe
3740 C:\Program Files\Microsoft Security Essentials\msseces.exe
3808 C:\Program Files\iTunes\iTunesHelper.exe
3904 C:\Documents and Settings\kelsey\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
1732 C:\Program Files\iPod\bin\iPodService.exe
3004 wmiprvse.exe
3000 C:\WINDOWS\explorer.exe
2508 C:\WINDOWS\SYSTEM32\ctfmon.exe
1312 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
3828 C:\Documents and Settings\kelsey\Desktop\MBRCheck.exe
3032 MpCmdRun.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`03ec1000 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive1 Model Number: WDCWD800JD-75JNA0, Rev: 05.01C05
PhysicalDrive2 Model Number: WDCWD5000AACS-00ZUB0, Rev: 01.01B01

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive2 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495


Done!




OTL logfile created on: 8/7/2010 12:39:56 am - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\kelsey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 29.36 Gb Free Space | 39.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 268.75 Gb Free Space | 57.70% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2ZLV571
Current User Name: kelsey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/07 00:36:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kelsey\Desktop\OTL.exe
PRC - [2010/06/26 15:21:33 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\kelsey\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/08/17 15:16:34 | 002,356,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/04/01 17:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe
PRC - [2004/02/13 09:47:02 | 000,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe


========== Modules (SafeList) ==========

MOD - [2010/08/07 00:36:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kelsey\Desktop\OTL.exe
MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/08/09 18:44:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2004/04/01 17:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe -- (BAsfIpM)
SRV - [2004/02/13 09:47:02 | 000,155,648 | ---- | M] (Dell Inc) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - [2008/04/14 01:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 01:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/14 11:29:15 | 000,682,232 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys -- (sptd)
DRV - [2005/09/05 10:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WG11TND5.sys -- (AR5523)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/05/29 16:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2003/04/24 15:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BASFND.sys -- (BASFND)
DRV - [2001/08/17 15:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ovcd.sys -- (QCDonner)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 00:45:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/09 00:46:26 | 000,000,000 | ---D | M]

[2008/12/05 10:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Extensions
[2010/08/06 18:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Firefox\Profiles\Default User\extensions
[2009/09/13 18:00:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Firefox\Profiles\Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/16 11:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Firefox\Profiles\Default User\extensions\moveplayer@movenetworks.com
[2007/04/22 03:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Firefox\Profiles\default.3dj\extensions
[2007/04/22 03:20:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Firefox\Profiles\default.3dj\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/04/22 03:20:55 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Firefox\Profiles\default.3dj\extensions\{641d8d09-7dda-4850-8228-ac0ab65e2ac9}
[2007/04/22 03:20:55 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\kelsey\Application Data\Mozilla\Firefox\Profiles\default.3dj\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/08/06 18:37:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/06 07:37:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clubbox.co.kr ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Reg Error: Key error.)
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} http://app.ipop.co.kr/gom/GomWeb.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\kelsey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kelsey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/07 00:36:14 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kelsey\Desktop\OTL.exe
[2010/08/06 07:22:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/06 07:22:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/06 07:22:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/06 07:22:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/04 01:29:45 | 000,000,000 | ---D | C] -- C:\rsit
[2010/07/26 22:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\jvytntoud
[2010/07/26 22:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/26 22:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/22 00:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/22 00:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/18 19:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/18 19:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/18 19:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/18 19:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/18 18:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kelsey\Local Settings\Application Data\ciomulhju
[2010/07/14 07:37:44 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/07 00:36:25 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\5150.doc
[2010/08/07 00:36:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kelsey\Desktop\OTL.exe
[2010/08/07 00:35:40 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\MBRCheck.exe
[2010/08/07 00:26:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3536787594-2409408838-4148652776-1006UA.job
[2010/08/06 17:41:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/06 17:36:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/06 17:25:44 | 003,816,456 | R--- | M] () -- C:\Documents and Settings\kelsey\Desktop\ComboFix.exe
[2010/08/06 15:26:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3536787594-2409408838-4148652776-1006Core.job
[2010/08/06 07:37:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/08/06 07:37:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/08/06 07:36:52 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/08/06 07:36:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/06 07:36:44 | 2674,012,160 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/06 07:35:46 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\kelsey\NTUSER.DAT
[2010/08/06 07:35:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\kelsey\NTUSER.INI
[2010/08/04 17:32:53 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\kelsey\Desktop\~$Hello.doc
[2010/08/04 01:22:14 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\Hello.doc
[2010/08/04 01:18:13 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\dds (1).scr
[2010/08/04 01:16:51 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\RKUnhookerLE (1).EXE
[2010/08/04 01:16:38 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\4vy92qh8.exe
[2010/08/04 01:16:25 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\RSIT.exe
[2010/08/04 01:16:14 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\Defogger (1).exe
[2010/07/30 13:59:05 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/30 13:52:48 | 000,033,147 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\phuket.jpg
[2010/07/28 18:23:18 | 000,074,662 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\gradschool2.jpg
[2010/07/28 18:20:32 | 000,077,687 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\gradschool.jpg
[2010/07/28 18:18:11 | 000,058,887 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\bananaclub.jpg
[2010/07/26 22:13:41 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\rkill.com
[2010/07/26 19:39:16 | 000,028,547 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\n.jpg
[2010/07/26 01:45:24 | 000,099,790 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\n19900757_32203985_8081.jpg
[2010/07/25 14:35:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/25 10:33:33 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\RKUnhookerLE.EXE
[2010/07/25 10:33:20 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\kelsey\Desktop\dds.scr
[2010/07/25 09:41:08 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Kqatezivanomo.dat
[2010/07/25 09:41:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Nlufako.bin
[2010/07/24 00:31:46 | 000,235,993 | ---- | M] () -- C:\Documents and Settings\kelsey\My Documents\560_0_resize.jpg
[2010/07/23 07:27:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\kelsey\My Documents\~$eeping Computer Malware Removal.doc
[2010/07/22 23:03:38 | 000,931,840 | ---- | M] () -- C:\Documents and Settings\kelsey\My Documents\Bleeping Computer Malware Removal.doc
[2010/07/22 18:19:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\kelsey\defogger_reenable
[2010/07/22 00:28:09 | 000,225,792 | ---- | M] () -- C:\Documents and Settings\kelsey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/18 18:41:39 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/10 09:53:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/07 00:35:39 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\MBRCheck.exe
[2010/08/06 22:00:01 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\5150.doc
[2010/08/06 07:22:20 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/06 07:22:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/06 07:22:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/06 07:22:20 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/06 07:22:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/06 07:21:20 | 003,816,456 | R--- | C] () -- C:\Documents and Settings\kelsey\Desktop\ComboFix.exe
[2010/08/04 17:32:53 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\kelsey\Desktop\~$Hello.doc
[2010/08/04 01:22:14 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\Hello.doc
[2010/08/04 01:18:09 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\dds (1).scr
[2010/08/04 01:16:50 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\RKUnhookerLE (1).EXE
[2010/08/04 01:16:37 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\4vy92qh8.exe
[2010/08/04 01:16:23 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\RSIT.exe
[2010/08/04 01:16:13 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\Defogger (1).exe
[2010/07/30 13:59:05 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/30 13:52:48 | 000,033,147 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\phuket.jpg
[2010/07/28 18:23:18 | 000,074,662 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\gradschool2.jpg
[2010/07/28 18:20:31 | 000,077,687 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\gradschool.jpg
[2010/07/28 18:18:11 | 000,058,887 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\bananaclub.jpg
[2010/07/26 22:13:36 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\rkill.com
[2010/07/26 19:39:16 | 000,028,547 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\n.jpg
[2010/07/26 01:44:45 | 000,099,790 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\n19900757_32203985_8081.jpg
[2010/07/25 10:33:33 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\RKUnhookerLE.EXE
[2010/07/24 00:31:46 | 000,235,993 | ---- | C] () -- C:\Documents and Settings\kelsey\My Documents\560_0_resize.jpg
[2010/07/23 07:27:43 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\kelsey\My Documents\~$eeping Computer Malware Removal.doc
[2010/07/22 23:03:38 | 000,931,840 | ---- | C] () -- C:\Documents and Settings\kelsey\My Documents\Bleeping Computer Malware Removal.doc
[2010/07/22 18:20:30 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\kelsey\Desktop\dds.scr
[2010/07/22 18:19:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\kelsey\defogger_reenable
[2010/07/18 19:56:07 | 2674,012,160 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/18 18:41:36 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/06/18 18:59:37 | 000,000,027 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/05/16 09:01:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/03 21:23:10 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/03/19 19:45:07 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/10/15 17:13:10 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
[2007/08/02 23:56:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/02 22:28:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/04/22 18:28:17 | 000,000,084 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/04/22 17:55:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\nod.dll
[2007/04/22 17:52:53 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\fscflist.ini
[2007/04/22 17:52:51 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\fscagent.ini
[2007/04/21 19:41:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/05/02 13:49:38 | 000,000,385 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/26 13:34:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2005/03/29 22:40:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/29 22:17:46 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 16:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< tsvcs >

< %SYSTEMDRIVE%\*.* >
[2004/06/28 00:42:46 | 000,051,941 | ---- | M] () -- C:\19146.gif
[2004/03/02 02:30:58 | 000,008,202 | ---- | M] () -- C:\19146.jpg
[2003/03/24 23:10:18 | 000,012,437 | ---- | M] () -- C:\3-10photo1.jpg
[2004/07/25 01:50:04 | 000,029,797 | ---- | M] () -- C:\328503.gif
[2004/10/24 03:04:16 | 000,007,817 | ---- | M] () -- C:\a335.gif
[2010/04/11 20:36:06 | 000,000,035 | ---- | M] () -- C:\aa.txt
[2010/03/11 16:57:16 | 000,000,068 | -H-- | M] () -- C:\aaw7boot.cmd
[2010/03/11 16:44:56 | 000,000,668 | ---- | M] () -- C:\aaw7boot.log
[2004/10/12 21:45:12 | 002,636,408 | ---- | M] () -- C:\aawsepersonal.exe
[2009/12/09 01:41:56 | 077,086,488 | ---- | M] (Lavasoft ) -- C:\Ad-AwareInstallation.exe
[2005/04/05 00:47:04 | 020,798,256 | ---- | M] (Netopsystems AG ) -- C:\AdbeRdr70_enu_full.exe
[2007/05/22 10:41:53 | 021,822,168 | ---- | M] ( ) -- C:\AdbeRdr80_en_US.exe
[2005/04/10 22:38:30 | 001,374,689 | ---- | M] (XemiComputers Ltd. ) -- C:\adcsr.exe
[2003/08/08 10:33:44 | 000,203,061 | ---- | M] () -- C:\AIM+Setup.exe
[2005/04/05 02:42:24 | 001,897,860 | ---- | M] (ESTsoft Corp. ) -- C:\alzip.exe
[2007/06/25 00:11:53 | 000,089,379 | ---- | M] () -- C:\angel131.jpg
[2003/09/02 01:05:22 | 000,021,705 | ---- | M] () -- C:\Animation1.gif
[2003/09/02 01:07:14 | 000,013,584 | ---- | M] () -- C:\Animation2.gif
[2003/12/08 21:07:56 | 000,343,207 | ---- | M] () -- C:\AppleWin_1.10.zip
[2007/05/22 12:46:35 | 000,033,792 | ---- | M] () -- C:\ARPEDepartmentalApplication.xls
[2004/08/11 16:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/12/11 18:33:34 | 000,002,422 | ---- | M] () -- C:\bbc.ico
[2003/11/24 01:29:20 | 000,041,404 | ---- | M] () -- C:\billy-vector.jpg
[2003/01/15 09:25:10 | 000,863,494 | ---- | M] (Stardust Software) -- C:\blumaroobounce.exe
[2006/01/18 13:24:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/03/11 14:57:19 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2007/10/12 23:57:10 | 015,739,448 | ---- | M] () -- C:\CakeManiaSetup.exe
[2005/11/17 22:04:34 | 000,011,031 | ---- | M] () -- C:\candy bar doll me!!.gif
[2003/08/13 02:00:08 | 000,177,578 | ---- | M] () -- C:\cheat1.bmp
[2003/09/11 00:48:32 | 000,046,815 | ---- | M] () -- C:\cheygayman.jpg
[2005/11/13 20:57:22 | 000,853,672 | ---- | M] () -- C:\chinatown 004.jpg
[2006/04/30 22:05:12 | 000,132,882 | ---- | M] () -- C:\CIMG0008.JPG
[2006/04/30 22:03:56 | 000,128,192 | ---- | M] () -- C:\CIMG0012.JPG
[2006/04/08 02:22:58 | 000,956,890 | ---- | M] () -- C:\CIMG0102.JPG
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/06 17:41:24 | 000,010,987 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 16:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/03/29 22:18:02 | 000,003,756 | RH-- | M] () -- C:\DELL.SDR
[2003/04/28 23:09:28 | 000,044,345 | ---- | M] () -- C:\desk.JPG
[2003/05/21 00:03:44 | 000,069,954 | ---- | M] () -- C:\desk2.JPG
[2003/05/25 01:07:20 | 000,084,298 | ---- | M] () -- C:\deskcap3.JPG
[2002/07/06 02:05:14 | 003,286,795 | ---- | M] () -- C:\DivX502Bundle.exe
[2006/10/15 01:27:12 | 024,265,736 | ---- | M] (Microsoft) -- C:\dotnetfx.exe
[2006/12/30 14:22:54 | 000,363,800 | ---- | M] (Digital River, Inc.) -- C:\download-flvplayer_setup.exe.exe
[2004/03/07 01:43:44 | 000,662,307 | ---- | M] () -- C:\DSC00244-1.JPG
[2004/03/07 01:42:32 | 000,724,615 | ---- | M] () -- C:\DSC00249-1.JPG
[2006/01/29 21:21:02 | 000,783,909 | ---- | M] () -- C:\DSCF0635.JPG
[2004/07/31 17:21:36 | 000,102,487 | ---- | M] () -- C:\DTR.JPG
[2004/08/27 03:27:18 | 003,038,672 | ---- | M] () -- C:\Dynomite Deluxe 2.71.exe
[2005/09/18 00:26:06 | 000,020,473 | ---- | M] () -- C:\earrang.jpg
[2003/01/01 19:45:04 | 002,266,608 | ---- | M] () -- C:\ec22.exe
[2007/09/05 22:19:04 | 006,820,864 | ---- | M] () -- C:\epson11262.exe
[2007/09/13 11:38:16 | 007,848,448 | ---- | M] () -- C:\epson11375.exe
[2007/09/13 11:26:28 | 007,005,184 | ---- | M] () -- C:\epson11505.exe
[2007/04/29 23:42:34 | 003,224,463 | ---- | M] () -- C:\fgf173.exe
[2004/08/10 23:27:24 | 005,082,708 | ---- | M] (Mozilla) -- C:\FirefoxSetup-0.9.3.exe
[2002/10/11 14:45:28 | 000,013,071 | ---- | M] () -- C:\fwnfe.zip
[2003/06/29 11:42:10 | 000,119,602 | ---- | M] () -- C:\gm121d.zip
[2005/09/03 13:36:36 | 000,336,821 | ---- | M] () -- C:\gn 001.jpg
[2010/08/06 07:36:44 | 2674,012,160 | -HS- | M] () -- C:\hiberfil.sys
[2008/05/04 10:30:30 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2004/03/07 15:47:08 | 000,139,478 | ---- | M] () -- C:\ibrentskateboard.jpg
[2003/06/26 23:06:00 | 000,025,997 | ---- | M] () -- C:\iconsxp.zip
[2007/11/25 01:47:23 | 000,191,572 | ---- | M] () -- C:\iconsxp2.zip
[2007/11/25 01:46:58 | 000,025,997 | ---- | M] () -- C:\iconsxp3.zip
[2002/08/02 23:02:26 | 002,032,792 | ---- | M] (Microsoft Corporation) -- C:\ie_ko.exe
[2003/09/25 11:08:58 | 000,063,496 | ---- | M] () -- C:\index.1
[2004/08/11 16:27:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2007/04/28 17:54:45 | 008,506,408 | ---- | M] () -- C:\Install_AIM59.exe
[2006/11/20 00:27:28 | 001,410,680 | ---- | M] () -- C:\install_flash_player.exe
[2004/08/11 16:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/03/29 00:38:48 | 000,000,722 | -H-- | M] () -- C:\IPH.PH
[2005/11/28 05:10:06 | 056,298,664 | ---- | M] (Apple Computer, Inc. ) -- C:\iPodSetup.exe
[2004/03/07 15:48:34 | 000,130,437 | ---- | M] () -- C:\isangwall.jpg
[2006/03/21 23:45:34 | 001,321,140 | ---- | M] () -- C:\iScrobblerWin_1_1_0.exe
[2008/05/08 08:01:28 | 059,782,440 | ---- | M] (Apple Inc.) -- C:\iTunesSetup.exe
[2002/12/22 20:33:38 | 000,827,392 | ---- | M] () -- C:\iview375.exe
[2005/09/21 23:17:14 | 000,336,896 | ---- | M] () -- C:\keljudjes.jpg
[2003/11/05 22:45:32 | 003,366,186 | ---- | M] () -- C:\klitekpp243e.exe
[2007/09/22 00:02:03 | 004,217,146 | ---- | M] (Last.fm ) -- C:\Last.fm-1.3.2.13b.exe
[2003/12/27 11:50:10 | 001,760,378 | ---- | M] () -- C:\lavasoft ad-aware 6.0 build 181 (aaw6.exe).exe
[2003/03/30 15:45:54 | 000,032,955 | ---- | M] () -- C:\layout.JPG
[2003/06/21 23:55:28 | 000,393,216 | ---- | M] () -- C:\lemonade_tycoon.zip
[2006/09/18 18:08:58 | 000,359,112 | ---- | M] () -- C:\LimeWireWin.exe
[2009/03/25 23:15:16 | 002,813,421 | ---- | M] (ManiacTools.com ) -- C:\m4a-to-mp3-converter.exe
[2006/04/28 12:40:18 | 043,424,778 | ---- | M] () -- C:\making friends1.avi
[2003/04/08 19:11:36 | 000,003,644 | ---- | M] () -- C:\ma_de_item04b.gif
[2003/04/08 19:11:58 | 000,002,879 | ---- | M] () -- C:\ma_li_item04a_1.gif
[2009/12/09 01:41:45 | 004,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2003/08/17 13:41:16 | 000,092,166 | ---- | M] () -- C:\mfaq52hp.zip
[2003/08/17 13:40:18 | 001,216,000 | ---- | M] (mIRC Co. Ltd.) -- C:\mirc603.exe
[2004/10/16 00:23:54 | 012,653,296 | ---- | M] (Microsoft Corporation) -- C:\MP10Setup.exe
[2004/09/16 01:44:12 | 010,431,072 | ---- | M] (Microsoft Corporation) -- C:\mp71.exe
[2004/08/11 16:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2005/12/19 21:36:14 | 005,316,176 | ---- | M] (Microsoft Corporation) -- C:\msjavx86.exe
[2003/09/08 02:30:42 | 000,005,283 | ---- | M] () -- C:\msnemails.gif
[2004/11/17 03:35:14 | 001,035,943 | ---- | M] ( ) -- C:\myTunesReduxInstaller.exe
[2006/11/30 22:42:26 | 000,056,702 | ---- | M] () -- C:\n19900125_30251321_1358.jpg
[2007/10/17 17:12:20 | 001,305,088 | ---- | M] () -- C:\Netflix_Movie_Viewer_Installer.msi
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/12 12:42:32 | 000,250,048 | ---- | M] () -- C:\ntldr
[2007/07/06 20:48:15 | 001,088,976 | ---- | M] () -- C:\octosetup_v_l_odd.exe
[2005/04/19 00:43:04 | 000,394,451 | ---- | M] () -- C:\other_quotes.zip
[2004/01/01 01:00:00 | 000,850,622 | ---- | M] () -- C:\P1010309.JPG
[2006/02/05 14:25:58 | 000,893,121 | ---- | M] () -- C:\P1010310.JPG
[2006/02/05 14:27:02 | 000,527,928 | ---- | M] () -- C:\P1010311.JPG
[2004/01/01 01:00:00 | 000,830,522 | ---- | M] () -- C:\P1010312.JPG
[2006/04/02 12:36:04 | 000,468,299 | ---- | M] () -- C:\P1010517.JPG
[2010/08/06 07:36:43 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2003/04/06 17:27:52 | 031,354,419 | ---- | M] () -- C:\Paint Shop Pro 7 full.zip
[2004/10/04 23:52:50 | 001,028,385 | ---- | M] (Stardust Software) -- C:\petpetsitter.exe
[2004/12/29 12:06:34 | 000,070,367 | ---- | M] () -- C:\phpfanbase_v2.zip
[2002/08/04 16:50:28 | 001,650,357 | ---- | M] () -- C:\player304.exe
[2006/10/15 01:37:50 | 000,488,094 | ---- | M] ( ) -- C:\PlazerSetup.exe
[2004/09/05 15:30:40 | 000,481,251 | ---- | M] () -- C:\plvx2cleaner.exe
[2009/05/02 22:31:21 | 005,618,115 | ---- | M] () -- C:\Poladroid0.9.5r5-PC.zip
[2003/05/22 02:21:18 | 000,041,626 | ---- | M] () -- C:\ps-brian2.jpg
[2008/02/16 00:46:08 | 030,401,112 | ---- | M] (Logitech, Inc.) -- C:\qc1150.exe
[2008/02/16 00:39:05 | 033,344,864 | ---- | M] (Logitech, Inc.) -- C:\qc1150_x64.exe
[2007/04/25 21:57:26 | 019,994,184 | ---- | M] (Apple Computer, Inc.) -- C:\QuickTimeInstaller.exe
[2002/08/11 02:27:28 | 001,799,685 | ---- | M] () -- C:\QuickVCD.exe
[2003/09/13 13:33:40 | 000,099,269 | ---- | M] () -- C:\r89s.wav
[2010/03/11 15:32:24 | 000,002,851 | ---- | M] () -- C:\rapport.txt
[1996/10/09 03:21:18 | 000,000,780 | ---- | M] () -- C:\README.TXT
[2005/09/18 00:19:16 | 000,850,971 | ---- | M] () -- C:\rebels 004.jpg
[2005/09/18 00:26:50 | 000,035,898 | ---- | M] () -- C:\rebels 005.jpg
[2008/06/02 17:11:57 | 042,925,882 | ---- | M] () -- C:\rezcon-win.exe
[2004/03/17 14:15:30 | 000,002,485 | ---- | M] () -- C:\rickee.txt
[2003/05/12 23:14:38 | 000,286,294 | ---- | M] () -- C:\ringtone.wav
[2003/11/28 03:14:54 | 001,043,479 | ---- | M] () -- C:\RJSS95.EXE
[2010/07/26 22:26:56 | 000,000,371 | ---- | M] () -- C:\rkill.log
[1996/10/09 01:23:28 | 002,071,235 | ---- | M] () -- C:\ROMEO95.EXE
[2005/09/17 12:52:22 | 000,788,318 | ---- | M] () -- C:\roomiesdos 001.jpg
[2005/09/17 12:52:24 | 000,828,861 | ---- | M] () -- C:\roomiesdos 002.jpg
[2003/10/12 23:22:52 | 000,041,125 | ---- | M] () -- C:\runmenu.jpg
[2004/03/07 15:30:12 | 000,249,520 | ---- | M] () -- C:\sangwall.jpg
[2004/03/07 15:31:12 | 000,257,853 | ---- | M] () -- C:\sangwall2.jpg
[2007/11/25 01:52:03 | 000,399,703 | ---- | M] () -- C:\sb_quotes.zip
[2004/02/09 12:35:16 | 000,962,597 | ---- | M] () -- C:\scanogram.jpg
[2001/03/14 11:21:18 | 000,002,238 | ---- | M] () -- C:\ShinHwaicon.ico
[2008/02/16 00:55:50 | 006,997,792 | ---- | M] (SightSpeed Inc.) -- C:\SightSpeedSetup.exe
[2009/09/08 19:52:51 | 004,938,616 | ---- | M] (Microsoft Corporation) -- C:\Silverlight.exe
[2005/10/29 01:14:26 | 000,038,289 | ---- | M] () -- C:\SimpleViewer_v17.zip
[2008/06/18 18:58:01 | 000,039,409 | ---- | M] () -- C:\ski32.zip
[2002/07/15 01:43:44 | 000,230,975 | ---- | M] () -- C:\skinner120.zip
[2004/11/07 23:05:04 | 000,786,333 | ---- | M] () -- C:\slsk154test.exe
[2005/04/11 00:03:50 | 000,107,792 | ---- | M] (Microsoft Corporation) -- C:\sndrec32.exe
[2004/05/14 08:27:30 | 004,354,084 | ---- | M] (Safer Networking Limited ) -- C:\spybot 1.3 05.12.04 (spybotsd13.exe).exe
[2007/10/08 23:42:20 | 007,467,056 | ---- | M] (Safer Networking Ltd. ) -- C:\spybotsd15.exe
[2004/09/05 15:07:22 | 002,247,855 | ---- | M] (Javacool Software LLC ) -- C:\spywareblastersetup.exe
[2005/10/31 08:56:02 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2004/09/09 00:51:46 | 000,065,503 | ---- | M] () -- C:\surf-flier-small.jpg
[2007/11/25 01:50:12 | 001,544,848 | ---- | M] () -- C:\sys_sounds.zip
[2003/07/22 04:25:10 | 000,387,985 | ---- | M] (Macromedia, Inc.) -- C:\take-a-break.exe
[2003/01/15 09:16:22 | 000,900,243 | ---- | M] (Stardust Software) -- C:\techodance.exe
[2007/11/25 01:54:05 | 000,844,636 | ---- | M] () -- C:\The Cheat Theme Song.zip
[2007/11/25 01:56:02 | 000,688,534 | ---- | M] () -- C:\The System is Down.zip
[2007/11/25 01:54:44 | 000,859,743 | ---- | M] () -- C:\Trogdor.zip
[2004/02/06 01:25:58 | 000,000,079 | ---- | M] () -- C:\twacker.log
[2003/08/14 05:17:16 | 000,000,062 | ---- | M] () -- C:\Untitled-1 copy.gif
[2003/05/29 22:53:42 | 000,005,361 | ---- | M] () -- C:\Untitled-2 copy.jpg
[2003/08/28 22:37:00 | 000,046,263 | ---- | M] () -- C:\untitled.GIF
[2003/06/13 03:06:02 | 000,067,429 | ---- | M] () -- C:\untitled.JPG
[2003/08/16 19:49:44 | 000,108,251 | ---- | M] () -- C:\untitled2.JPG
[2003/08/16 19:57:10 | 000,046,338 | ---- | M] () -- C:\untitled3.JPG
[2003/08/17 01:45:04 | 000,022,754 | ---- | M] () -- C:\untitled4.JPG
[2004/12/11 19:18:06 | 000,001,189 | ---- | M] () -- C:\VETlog.txt
[2006/12/30 14:00:46 | 000,014,738 | ---- | M] () -- C:\videodownloader-1.1.1-fx.xpi
[2007/05/27 14:05:24 | 009,516,033 | ---- | M] () -- C:\vlc-0.8.6b-win32.exe
[2004/08/11 08:58:14 | 000,000,014 | ---- | M] () -- C:\win2.log
[2004/08/10 22:20:56 | 005,703,377 | ---- | M] (Intel Corporation) -- C:\win2k_xp141.exe
[2007/04/22 18:28:13 | 006,718,976 | ---- | M] (Nullsoft, Inc.) -- C:\winamp533_full_emusic-7plus.exe
[2004/08/11 09:07:16 | 002,710,296 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB835732-x86-ENU.EXE
[2006/03/21 23:04:26 | 000,000,621 | ---- | M] () -- C:\WS_FTP.LOG
[2007/08/04 17:04:43 | 000,682,063 | ---- | M] () -- C:\ws_ftp45.exe
[2002/07/13 22:18:16 | 000,707,072 | ---- | M] () -- C:\ws_ftple.exe
[2004/10/02 11:46:46 | 003,905,464 | ---- | M] (Microsoft Corporation) -- C:\xlViewer.exe
[2003/07/17 11:32:16 | 000,142,993 | ---- | M] () -- C:\XviD-Dec-300303.exe
[2005/11/17 21:18:20 | 006,805,758 | ---- | M] () -- C:\yahoo_dynomite_tm1-1.exe
[2003/01/08 05:00:50 | 001,256,972 | ---- | M] () -- C:\ZipWizard20.exe
[2010/07/18 18:41:39 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2004/08/24 20:50:04 | 006,113,752 | ---- | M] () -- C:\ZumaSetup.exe
[2007/08/11 07:33:56 | 000,000,221 | ---- | M] () -- C:\_audioscrobbler.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 16:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/11 16:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/11 16:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >

========== Files - Unicode (All) ==========
[2008/03/12 02:53:30 | 000,070,656 | ---- | M] ()(C:\Documents and Settings\kelsey\My Documents\?????.doc) -- C:\Documents and Settings\kelsey\My Documents\사랑인가요.doc
[2008/03/12 02:40:40 | 000,070,656 | ---- | C] ()(C:\Documents and Settings\kelsey\My Documents\?????.doc) -- C:\Documents and Settings\kelsey\My Documents\사랑인가요.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE2C623F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1F4E0B
< End of report >



wasn't sure if you wanted extras too so in case, here it is




OTL Extras logfile created on: 8/7/2010 12:39:56 am - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\kelsey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 29.36 Gb Free Space | 39.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 268.75 Gb Free Space | 57.70% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2ZLV571
Current User Name: kelsey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\grdmgr.exe" = C:\WINDOWS\SYSTEM32\grdmgr.exe:*:Enabled:CDN ???? ?? -- (나우콤)
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\WINDOWS\SYSTEM32\BugsSvr.exe" = C:\WINDOWS\SYSTEM32\BugsSvr.exe:*:Enabled:Bugs Music Player Control -- ()
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{45ACEB0A-5B7F-22C5-39F8-0D2CA0918A27}" = MyFonts Order M1124785
"{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}" = Google Earth Pro
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90BC0F01-9D99-4686-AC14-2EEC0246FB84}" = Poladroid
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9811A185-3D3D-11D6-9E14-00036D172B00}" = Adobe MPEG Encoder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.

#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:10:29 AM

Posted 07 August 2010 - 12:37 PM

Hello, Lanaea.
No sign of an MBR infection, which is good. Are you using a router to connect to the internet?

We need to run a batch file
  1. Copy the following into notepad (Start>Run>"notepad"). Do not copy the word "code".
    CODE
    @echo off
    >Log1.txt (
    ipconfig /all
    nslookup google.com
    nslookup yahoo.com
    ping -n 2 google.com
    ping -n 2 yahoo.com
    route print
    )
    start Log1.txt
  2. Click File, then Save As... .
  3. Click Desktop on the left.
  4. Under the Save as type dropdown, select All Files.
  5. In the box File Name, input fix.bat
  6. Hit OK.
  7. Double click fix.bat. You will see a black command prompt window open then close. It might seem like nothing is happening, but the script is running.
  8. A log will be produced. Please post that up in your next reply.

Edited by aommaster, 07 August 2010 - 12:37 PM.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#15 Lanaea

Lanaea
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:CA
  • Local time:11:29 PM

Posted 07 August 2010 - 04:52 PM

hi,

from what I understand we just have a modem, but I believe it transmits a wireless signal? we don't have a separate router. still getting redirects. I also haven't restarted the computer since we've been doing all of this, would that make a difference?




Windows IP Configuration



Host Name . . . . . . . . . . . . : D2ZLV571

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-11-43-14-CC-3C



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter

Physical Address. . . . . . . . . : 00-0F-B5-9A-E9-19

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.38

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Wednesday, August 04, 2010 5:36:32 pm

Lease Expires . . . . . . . . . . : Wednesday, August 11, 2010 5:36:32 pm

Server: www
Address: 192.168.0.1

Name: google.com
Addresses: 66.102.7.99, 66.102.7.104

Server: www
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70, 67.195.160.76, 69.147.125.65, 72.30.2.43
98.137.149.56



Pinging google.com [66.102.7.104] with 32 bytes of data:



Reply from 66.102.7.104: bytes=32 time=17ms TTL=55

Reply from 66.102.7.104: bytes=32 time=16ms TTL=54



Ping statistics for 66.102.7.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 17ms, Average = 16ms



Pinging yahoo.com [67.195.160.76] with 32 bytes of data:



Reply from 67.195.160.76: bytes=32 time=108ms TTL=50

Reply from 67.195.160.76: bytes=32 time=106ms TTL=50



Ping statistics for 67.195.160.76:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 106ms, Maximum = 108ms, Average = 107ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 43 14 cc 3c ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x10004 ...00 0f b5 9a e9 19 ...... NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.38 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.38 192.168.0.38 20
192.168.0.0 255.255.255.0 192.168.0.38 192.168.0.38 25
192.168.0.38 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.38 192.168.0.38 25
224.0.0.0 240.0.0.0 192.168.0.38 192.168.0.38 25
255.255.255.255 255.255.255.255 192.168.0.38 2 1
255.255.255.255 255.255.255.255 192.168.0.38 192.168.0.38 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users