Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible TDL3 rootkit infection + other concerns


  • This topic is locked This topic is locked
28 replies to this topic

#1 Red2Black88

Red2Black88

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 03 May 2011 - 04:50 PM

Possible TDL3 rootkit infection + other concerns
Continuing from advice in "Am I infected? What shall I do" forum

NB: GMER / Ark.txt crashed the first time 3/4 the way through the scan --------> the laptop froze. I rescanned and saved just before the initial scan failed.

Following on from the advice of Cryptodan in this thread
I have followed the preparation guide at: http://www.bleepingcomputer.com/forums/topic34773.html

I really hope that someone can assist me with these perculiar issues, I have tried to conform to the standards as strictly as possible to make everyone's lives easier.

Summary of Problem:

Recent DDS log suggests: Warning: possible TDL3 rootkit infection ! (See Below)

As mentioned here --------> In the original threadand after expressing my other concerns and request for help with virus removal here; I am taking Cryptodan's advice and posting the required logs within this forum.
I followed Cryptodan's advice but ...

...I could not post logs from the instructions laid down in the previous thread:

The laptop continually froze on system restart and therefore the logs were not saved nor retrieved for SUPERantispyware or GMER,

* Frequently the laptop crashes on startup and resets itself.
* When I can log on and go online I occassionally have browser tabs opening randomly to untrustworthy sites (like ad sites etc).
* I have heard people speaking through my speakers, music and windows mouse tone clicks when there has been no audio programs running or when I am not navigating a site.
* I get frequent eroor reports and pop ups stating things like:


-- the instruction at "0x60063dasf" refererenced memory at "0x1000500". The memory could not be "written" --
-- NMIndexStoreSvr.exe has encountered a problem and needs to close --
-- Generic Host Process of Win32 Services has encountered a problem and needs to clode. We are sorry for the inconvenience. --


etc etc

Visual Aid:
Posted Image">


DDS Log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by soltechWeb at 19:40:19.45 on 03/05/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1918.1018 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\PROGRA~1\cebas\ip-clamp\ipclamp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\soltechWeb\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
uSearch Bar = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://uk.yahoo.com
mStart Page = hxxp://uk.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.webceo.com/cgi-bin/goto.pl?unin&user=&cr=FFFFFFFF&revision=0
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Mikogo] "c:\documents and settings\soltechweb\application data\mikogo\Mikogo-Host.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Ikenaqakoy] rundll32.exe "c:\windows\asofusizebazobif.dll",Startup
mRun: [wmupdater] "c:\program files\updater.exe" -update
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\soltec~1\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
StartupFolder: c:\docume~1\soltec~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\soltec~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\soltec~1\startm~1\programs\startup\projec~1.lnk - c:\program files\domain tools\projectwhois\ProjectWhois.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: google.co.uk\adwords
Trusted Zone: google.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: refalag - c:\documents and settings\networkservice.nt authority\local settings\application data\refalag.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\soltec~1\applic~1\mozilla\firefox\profiles\igi54jh4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc721db&v=6.103.018.001&i=29&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - component: c:\documents and settings\soltechweb\application data\mozilla\firefox\profiles\igi54jh4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\soltechweb\application data\mozilla\firefox\profiles\igi54jh4.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit-3.5.dll
FF - component: c:\documents and settings\soltechweb\application data\mozilla\firefox\profiles\igi54jh4.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit-3.6.dll
FF - component: c:\documents and settings\soltechweb\application data\mozilla\firefox\profiles\igi54jh4.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\soltechweb\application data\mozilla\firefox\profiles\igi54jh4.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll
FF - component: c:\documents and settings\soltechweb\application data\mozilla\firefox\profiles\igi54jh4.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\soltechweb\application data\mozilla\firefox\profiles\igi54jh4.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox
FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg8\toolbar\firefox\avg@igeared
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: XULRunner: {AAB0E970-B64B-4D5F-B132-2EF4DAF208A9} - c:\documents and settings\soltechweb\local settings\application data\{AAB0E970-B64B-4D5F-B132-2EF4DAF208A9}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Duplicate Content: duplicatecontent@seobook.com - %profile%\extensions\duplicatecontent@seobook.com
FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com
FF - Ext: SEO For Firefox: seo4firefox@seobook.com - %profile%\extensions\seo4firefox@seobook.com
FF - Ext: Website Health Check Tool: websitehealth@seobook.com - %profile%\extensions\websitehealth@seobook.com
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: SeoQuake Plugin - Ask.com: seoquake-plugin-ask@seoquake.com - %profile%\extensions\seoquake-plugin-ask@seoquake.com
FF - Ext: SeoQuake Plugin - Baidu.com: seoquake-plugin-baidu@seoquake.com - %profile%\extensions\seoquake-plugin-baidu@seoquake.com
FF - Ext: SeoQuake Plugin - Del.icio.us: seoquake-plugin-delicious@seoquake.com - %profile%\extensions\seoquake-plugin-delicious@seoquake.com
FF - Ext: SeoQuake Plugin - Rambler.ru: seoquake-plugin-rambler@seoquake.com - %profile%\extensions\seoquake-plugin-rambler@seoquake.com
FF - Ext: SeoQuake Plugin - Technorati.com: seoquake-plugin-technorati@seoquake.com - %profile%\extensions\seoquake-plugin-technorati@seoquake.com
FF - Ext: SeoQuake Plugin - Yandex.ru: seoquake-plugin-yandex@seoquake.com - %profile%\extensions\seoquake-plugin-yandex@seoquake.com
FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Pixel Perfect: pixelperfectplugin@openhouseconcepts.com - %profile%\extensions\pixelperfectplugin@openhouseconcepts.com
FF - Ext: Ad Hacker: firefox@adhacker.com - %profile%\extensions\firefox@adhacker.com
FF - Ext: LinkDiagnosis 2.2: beta@linkdiagnosis.com - %profile%\extensions\beta@linkdiagnosis.com
FF - Ext: Mozbar: toolbar@seomoz.org - %profile%\extensions\toolbar@seomoz.org
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: HttpFox: {4093c4de-454a-4329-8aff-c6b0b123c386} - %profile%\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Page Speed Closure Compiler Extension: {70a9aa80-d283-4eae-8a87-ee7b769edf53} - %profile%\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: YSlow: yslow@yahoo-inc.com - %profile%\extensions\yslow@yahoo-inc.com
FF - Ext: Firecookie: firecookie@janodvarko.cz - %profile%\extensions\firecookie@janodvarko.cz
FF - Ext: FirePHP: FirePHPExtension-Build@firephp.org - %profile%\extensions\FirePHPExtension-Build@firephp.org
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Aardvark: aardvark@rob.brown - %profile%\extensions\aardvark@rob.brown
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: Rapportive: rapportive@rapportive.com - %profile%\extensions\rapportive@rapportive.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: SEO Live YSRank - Unique live search ranking for any URL: ysrank@predictad.com - %profile%\extensions\ysrank@predictad.com
FF - Ext: Google Global: {B97F57B9-1B42-4aed-9475-0022600C62DC} - %profile%\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
FF - Ext: Domain Lookup: domainlookup@qualitynonsense.com - %profile%\extensions\domainlookup@qualitynonsense.com
FF - Ext: WiseStamp: wisestamp@wisestamp.com - %profile%\extensions\wisestamp@wisestamp.com
FF - Ext: Multi Links: multilinks@plugin - %profile%\extensions\multilinks@plugin
FF - Ext: OutWit Hub: base-outfit@outwit.com - %profile%\extensions\base-outfit@outwit.com
FF - Ext: OutWit Kernel: {5fb1186a-3398-4c47-b579-0f2eee222ad1} - %profile%\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}
FF - Ext: Boomerang for GMail: {65e41d20-f092-41b7-bb83-c6e8a9ab0f57} - %profile%\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
FF - Ext: Gmail Manager: {582195F5-92E7-40a0-A127-DB71295901D7} - %profile%\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
FF - Ext: TooManyTabs: TooManyTabs@visibotech.com - %profile%\extensions\TooManyTabs@visibotech.com
FF - Ext: XPath Checker: {7eb3f691-25b4-4a85-9038-9e57e2bcd537} - %profile%\extensions\{7eb3f691-25b4-4a85-9038-9e57e2bcd537}
FF - Ext: SEO Doctor: seodoctor@prelovac.com - %profile%\extensions\seodoctor@prelovac.com
FF - Ext: BlekkoToolbar: BlekkoToolbar@blekko.com - %profile%\extensions\BlekkoToolbar@blekko.com
FF - Ext: KGen: kgen@elitwork.com - %profile%\extensions\kgen@elitwork.com
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: CookieSwap: cookieSwap@cookieSwap.mozdev.org - %profile%\extensions\cookieSwap@cookieSwap.mozdev.org
FF - Ext: Taskforce: developers@tyrantinc.com - %profile%\extensions\developers@tyrantinc.com
FF - Ext: dragdropupload: {CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9} - %profile%\extensions\{CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}
FF - Ext: XPather: {636fd8b0-ce2b-4e00-b812-2afbe77ee899} - %profile%\extensions\{636fd8b0-ce2b-4e00-b812-2afbe77ee899}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-11 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-11 27784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-24 297752]
R2 IPClampService;IPCLAMP by cebas Computer GmbH;c:\progra~1\cebas\ip-clamp\ipclamp.exe [2009-1-25 45188]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-3-3 632792]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2010-3-16 55016]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2007-12-26 264576]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S1 SDManager;SDManager;\??\c:\program files\spywaredetector\sdmanager.sys --> c:\program files\spywaredetector\SDManager.sys [?]
S2 gupdate1ca1080423c5599;Google Update Service (gupdate1ca1080423c5599);c:\program files\google\update\GoogleUpdate.exe [2009-7-29 133104]
S2 MSWA-238e286b;MSWA-238e286b;c:\windows\system32\238e286b.exe --> c:\windows\system32\238e286b.exe [?]
S2 Pixar License Server 5.0.2;Pixar License Server 5.0.2;c:\program files\pixar\license-5.0.2\pixarlicenseserver.exe --> c:\program files\pixar\license-5.0.2\PixarLicenseServer.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 B-Service;B-Service;c:\documents and settings\soltechweb\application data\mikogo\B-Service.exe [2010-11-14 185640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-29 133104]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-1-28 1245064]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
.
=============== Created Last 30 ================
.
2011-05-02 19:46:59 -------- d-----w- c:\docume~1\soltec~1\applic~1\Malwarebytes
2011-05-02 19:43:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-02 19:43:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-02 19:43:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 19:43:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-01 21:10:12 98304 ----a-w- c:\windows\DUMP49bb.tmp
2011-05-01 18:38:33 98304 ----a-w- c:\windows\DUMP5479.tmp
2011-04-30 18:44:12 90112 --sha-r- c:\windows\system32\cmmon32C.dll
2011-04-30 18:43:59 153600 ----a-w- c:\program files\updater.exe
2011-04-29 00:34:22 0 ----a-w- c:\windows\Hxexakenakohod.bin
2011-04-29 00:34:20 -------- d-----w- c:\docume~1\soltec~1\locals~1\applic~1\{AAB0E970-B64B-4D5F-B132-2EF4DAF208A9}
2011-04-28 19:57:26 -------- d-----w- c:\docume~1\soltec~1\locals~1\applic~1\Thunderbird
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHY2120BH rev.0040020B -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A9D2730]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a9d8a10]; MOV EAX, [0x8a9d8a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF09C] -> \Device\Harddisk0\DR0[0x8AA80AB8]
3 CLASSPNP[0xBA90905B] -> ntkrnlpa!IofCallDriver[0x804EF09C] -> \Device\00000070[0x8AA871E8]
5 ACPI[0xBA77F620] -> ntkrnlpa!IofCallDriver[0x804EF09C] -> [0x8AA85940]
\Driver\atapi[0x8AA1DB10] -> IRP_MJ_CREATE -> 0x8A9D2730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A9D257B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:43:21.34 ===============

Attached Files


Edited by Red2Black88, 04 May 2011 - 02:03 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:52 PM

Posted 10 May 2011 - 03:33 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Red2Black88

Red2Black88
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 10 May 2011 - 09:15 PM

Hi secret agent SweetTech, Nevermind the delay, I'm just thankful you're here! This has been driving me nuts! The log for TDSKiller is here, it did find that item and cured it. It tried to reboot but the computer would not shutdown - I just got the blank greenfields of Bill Gates' desktop without icons etc. I had to turn off using the power switch. Anyhows - I'm doing the next bit right now - thankyou again for your assistance!

51:43.0 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16 51:43.1 ================================================================================ 51:43.1 SystemInfo: 51:43.1
51:43.1 OS Version: 5.1.2600 ServicePack: 2.0 51:43.1 Product type: Workstation 51:43.1 ComputerName: P4-D6BAA28DAAD0 51:43.1 UserName: soltechWeb 51:43.1 Windows directory: C:\WINDOWS 51:43.1 System windows directory: C:\WINDOWS 51:43.1 Processor architecture: Intel x86 51:43.1 Number of processors: 2 51:43.1 Page size: 0x1000 51:43.1 Boot type: Normal boot 51:43.1 ================================================================================ 51:44.0 Initialize success 52:44.0 ================================================================================ 52:44.0 Scan started 52:44.0 Mode: Manual; 52:44.0 ================================================================================ 52:46.0 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 52:46.0 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 52:46.1 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 52:46.1 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys 52:46.1 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 52:47.0 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 52:47.0 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 52:47.0 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 52:47.1 ati2mtag (3b88b6466896cc1a3a7e3287d72aca85) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 52:47.1 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 52:48.0 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 52:48.0 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys 52:48.0 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys 52:48.0 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 52:48.0 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 52:48.0 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 52:48.1 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 52:48.1 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 52:48.1 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 52:48.1 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys 52:48.1 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 52:49.0 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 52:49.0 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 52:49.0 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 52:49.0 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 52:49.0 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 52:49.1 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 52:49.1 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 52:49.1 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 52:49.1 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 52:49.1 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 52:49.1 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 52:50.0 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 52:50.0 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 52:50.0 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 52:50.0 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 52:50.0 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 52:50.0 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 52:50.1 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 52:50.1 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys 52:50.1 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 52:50.1 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 52:51.0 IntcAzAudAddService (8c65fcf7ab3389e7c224ea2ec4456f2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys 52:51.1 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 52:51.1 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 52:51.1 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 52:51.1 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 52:52.0 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 52:52.0 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 52:52.0 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 52:52.0 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 52:52.0 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 52:52.0 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 52:52.1 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys 52:52.1 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 52:52.1 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 52:52.1 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 52:52.1 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 52:52.1 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 52:53.0 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 52:53.0 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 52:53.0 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 52:53.0 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 52:53.0 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 52:53.1 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 52:53.1 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 52:53.1 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 52:53.1 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 52:53.1 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 52:54.0 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 52:54.0 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 52:54.0 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 52:54.0 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 52:54.0 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 52:54.0 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 52:54.1 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 52:54.1 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 52:54.1 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 52:54.1 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 52:54.1 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 52:55.0 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 52:55.0 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys 52:55.0 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 52:55.0 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 52:55.0 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 52:55.0 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 52:55.0 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 52:55.1 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys 52:56.0 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 52:56.0 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys 52:56.0 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 52:56.0 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 52:56.0 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 52:56.0 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 52:56.0 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 52:56.1 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 52:56.1 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 52:56.1 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 52:56.1 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 52:56.1 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 52:56.1 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 52:57.0 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 52:57.0 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 52:57.0 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 52:57.0 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys 52:57.0 RTL8187B (fe999b16e967c84790be6dc1b4e78f2d) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys 52:57.1 RTLE8023xp (badabe0940c01619e8510b90fb314929) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 52:57.1 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys 52:57.1 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys 52:57.1 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys 52:57.1 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys 52:58.0 s116nd5 (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys 52:58.0 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys 52:58.0 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys 52:58.0 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 52:58.1 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 52:58.1 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys 52:58.1 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 52:58.1 Sentinel (b3c1b187fefc941f63ce0df93d02eb9f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS 52:58.1 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys 52:59.0 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys 52:59.0 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 52:59.0 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 52:59.0 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 52:59.0 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 52:59.0 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys 52:59.1 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 52:59.1 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 52:59.1 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 52:59.1 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys 53:00.0 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 53:00.0 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 53:00.0 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 53:00.0 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 53:00.1 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 53:00.1 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 53:00.1 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 53:00.1 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 53:00.1 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys 53:00.1 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 53:00.1 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 53:01.0 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 53:01.0 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 53:01.0 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 53:01.0 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 53:01.1 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 53:01.1 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 53:01.1 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 53:01.1 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 53:01.1 ================================================================================ 53:01.1 Scan finished 53:01.1 ================================================================================ 53:01.1 Detected object count: 1 53:16.0 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 53:16.0 \HardDisk0 - ok 53:16.0 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 53:31.1 Deinitialize success

#4 Red2Black88

Red2Black88
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 11 May 2011 - 02:02 AM

OTL logfile created on: 11/05/2011 03:59:49 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\soltechWeb\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 5750 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 0.17 Gb Free Space | 0.15% Space Free | Partition Type: NTFS

Computer Name: P4-D6BAA28DAAD0 | User Name: soltechWeb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/11 03:16:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\soltechWeb\Desktop\OTL.exe
PRC - [2011/05/01 22:43:54 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2011/02/15 02:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/08 16:14:37 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/06/01 10:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/03/16 10:52:02 | 000,055,016 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/08/17 13:11:00 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/17 13:10:42 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/07 17:06:54 | 000,380,928 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/05/07 16:50:24 | 001,089,536 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/02/23 14:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/02/28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/02/22 16:11:29 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/21 02:13:40 | 000,147,456 | ---- | M] () -- C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe
PRC - [2004/04/30 23:39:22 | 000,045,188 | ---- | M] () -- C:\Program Files\cebas\IP-Clamp\ipclamp.exe
PRC - [2003/01/27 17:16:58 | 000,376,912 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (SafeList) ==========

MOD - [2011/05/11 03:16:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\soltechWeb\Desktop\OTL.exe
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SQLWriter)
SRV - File not found [Auto | Stopped] -- -- (Pixar License Server 5.0.2)
SRV - File not found [Auto | Stopped] -- -- (MSWA-238e286b)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/14 15:27:05 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Documents and Settings\soltechWeb\Application Data\Mikogo\B-Service.exe -- (B-Service)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/16 10:52:02 | 000,055,016 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/17 13:10:42 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/05/14 11:46:45 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/07 16:50:24 | 001,089,536 | ---- | M] () [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/01/28 17:47:45 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/22 16:11:29 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2004/04/30 23:39:22 | 000,045,188 | ---- | M] () [Auto | Running] -- C:\Program Files\cebas\IP-Clamp\ipclamp.exe -- (IPClampService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/17 13:11:00 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/17 13:11:00 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/02/22 16:11:29 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/22 16:03:59 | 002,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/02/22 15:48:14 | 004,611,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/02/22 15:32:41 | 000,098,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/12/13 11:22:24 | 000,264,576 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007/04/03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-963894560-682003330-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
IE - HKU\S-1-5-21-507921405-963894560-682003330-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-507921405-963894560-682003330-1013\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-507921405-963894560-682003330-1013\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-507921405-963894560-682003330-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: firefox@adhacker.com:0.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: duplicatecontent@seobook.com:0.7
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.2.1
FF - prefs.js..extensions.enabledItems: FirePHPExtension-Build@firephp.org:0.5.0
FF - prefs.js..extensions.enabledItems: {4093c4de-454a-4329-8aff-c6b0b123c386}:0.8.9
FF - prefs.js..extensions.enabledItems: beta@linkdiagnosis.com:2.2.42
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: toolbar@seomoz.org:0.52
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: {70a9aa80-d283-4eae-8a87-ee7b769edf53}:1.0
FF - prefs.js..extensions.enabledItems: pixelperfectplugin@openhouseconcepts.com:1.6.1
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.4.6
FF - prefs.js..extensions.enabledItems: seotoolbar@seobook.com:1.1.6
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: seoquake-plugin-yandex@seoquake.com:1.0.13
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: websitehealth@seobook.com:1.1.3
FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.1.0
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5.1
FF - prefs.js..extensions.enabledItems: rapportive@rapportive.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: domainlookup@qualitynonsense.com:1.3.1
FF - prefs.js..extensions.enabledItems: multilinks@plugin:3.0.0.16
FF - prefs.js..extensions.enabledItems: {65e41d20-f092-41b7-bb83-c6e8a9ab0f57}:0.9.3
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1
FF - prefs.js..extensions.enabledItems: BlekkoToolbar@blekko.com:1.0.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: kgen@elitwork.com:0.8.1
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.2.1.0
FF - prefs.js..extensions.enabledItems: {636fd8b0-ce2b-4e00-b812-2afbe77ee899}:1.4.5
FF - prefs.js..extensions.enabledItems: {AAB0E970-B64B-4D5F-B132-2EF4DAF208A9}:1.9.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc721db&v=6.103.018.001&i=29&tp=ab&iy=&ychte=uk&lng=en-GB&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 21:00:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2011/03/28 20:13:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011/01/11 23:52:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/02 23:45:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/02 23:45:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{AAB0E970-B64B-4D5F-B132-2EF4DAF208A9}: C:\Documents and Settings\soltechWeb\Local Settings\Application Data\{AAB0E970-B64B-4D5F-B132-2EF4DAF208A9} [2011/04/29 01:34:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 19:07:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 11:13:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/04/28 20:57:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/04/28 20:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Extensions
[2011/04/28 20:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/10/27 23:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/10 22:00:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions
[2011/04/22 23:05:04 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/10/12 14:16:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/09 20:34:08 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/04/22 23:05:08 | 000,000,000 | ---D | M] (HttpFox) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}
[2011/03/30 20:05:02 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2011/03/09 20:33:19 | 000,000,000 | ---D | M] ("OutWit Kernel") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}
[2011/03/09 20:34:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/29 00:16:59 | 000,000,000 | ---D | M] (XPather) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{636fd8b0-ce2b-4e00-b812-2afbe77ee899}
[2011/02/19 21:32:37 | 000,000,000 | ---D | M] ("Boomerang for GMail") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
[2011/03/24 21:18:07 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/07/27 20:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{6e67244f-d40b-492d-8eed-d0712bdf38bb}
[2010/02/03 22:47:15 | 000,000,000 | ---D | M] (Page Speed Closure Compiler Extension) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53}
[2011/02/07 00:28:58 | 000,000,000 | ---D | M] (XPath Checker) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{7eb3f691-25b4-4a85-9038-9e57e2bcd537}
[2011/05/10 21:59:27 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/02/21 21:05:41 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2011/05/02 17:58:18 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/03/09 20:34:04 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/11/24 09:54:43 | 000,000,000 | ---D | M] (Google Global) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
[2009/07/18 21:48:05 | 000,000,000 | ---D | M] ("NoDoFollow") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
[2011/01/14 05:14:29 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/04/11 22:06:37 | 000,000,000 | ---D | M] (dragdropupload) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}
[2011/02/03 20:48:39 | 000,000,000 | ---D | M] (SearchStatus) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2009/09/13 01:12:23 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/02/16 07:54:43 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/04/22 23:05:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/27 19:28:20 | 000,000,000 | ---D | M] (Aardvark) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\aardvark@rob.brown
[2011/05/10 21:59:27 | 000,000,000 | ---D | M] ("OutWit Hub") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\base-outfit@outwit.com
[2011/03/27 00:19:54 | 000,000,000 | ---D | M] ("LinkDiagnosis 2.2") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\beta@linkdiagnosis.com
[2011/02/11 03:19:41 | 000,000,000 | ---D | M] (BlekkoToolbar) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\BlekkoToolbar@blekko.com
[2011/04/11 22:06:40 | 000,000,000 | ---D | M] (CookieSwap) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\cookieSwap@cookieSwap.mozdev.org
[2011/04/11 22:06:37 | 000,000,000 | ---D | M] (Taskforce) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\developers@tyrantinc.com
[2010/12/06 18:09:41 | 000,000,000 | ---D | M] (Domain Lookup) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\domainlookup@qualitynonsense.com
[2010/11/18 02:36:56 | 000,000,000 | ---D | M] ("Duplicate Content") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\duplicatecontent@seobook.com
[2011/05/10 21:58:58 | 000,000,000 | ---D | M] ("Gist") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\ffplugin@gist.com
[2011/02/10 20:52:19 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\firebug@software.joehewitt.com
[2011/03/09 20:32:36 | 000,000,000 | ---D | M] (Firecookie) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\firecookie@janodvarko.cz
[2009/07/18 21:48:03 | 000,000,000 | ---D | M] (Ad Hacker) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\firefox@adhacker.com
[2010/11/03 22:12:31 | 000,000,000 | ---D | M] (FirePHP) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\FirePHPExtension-Build@firephp.org
[2009/06/27 00:39:00 | 000,000,000 | ---D | M] ("Link Diagnosis") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\info@linkdiagnosis.com
[2010/02/06 14:44:30 | 000,000,000 | ---D | M] (Jiffy) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\jiffy@billwscott.com
[2011/03/03 22:42:03 | 000,000,000 | ---D | M] ("KGen") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\kgen@elitwork.com
[2011/03/24 21:18:03 | 000,000,000 | ---D | M] (Multi Links) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\multilinks@plugin
[2011/02/03 20:48:42 | 000,000,000 | ---D | M] (Pixel Perfect) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\pixelperfectplugin@openhouseconcepts.com
[2011/05/10 21:59:28 | 000,000,000 | ---D | M] ("RankChecker") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\rankchecker@seobook.com
[2011/02/18 22:32:19 | 000,000,000 | ---D | M] (Rapportive) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\rapportive@rapportive.com
[2011/05/10 21:59:24 | 000,000,000 | ---D | M] (RequestPolicy) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\requestpolicy@requestpolicy.com
[2010/05/18 20:30:03 | 000,000,000 | ---D | M] (SEMToolbar) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\semtoolbar@bruceclay.com
[2011/03/31 23:44:04 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\seo4firefox@seobook.com
[2011/03/24 21:18:03 | 000,000,000 | ---D | M] (SEO Doctor) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\seodoctor@prelovac.com
[2009/06/23 22:01:37 | 000,000,000 | ---D | M] (SeoQuake Plugin - Ask.com) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\seoquake-plugin-ask@seoquake.com
[2009/06/23 22:01:37 | 000,000,000 | ---D | M] (SeoQuake Plugin - Baidu.com) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\seoquake-plugin-baidu@seoquake.com
[2009/06/23 22:01:37 | 000,000,000 | ---D | M] (SeoQuake Plugin - Del.icio.us) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\seoquake-plugin-delicious@seoquake.com
[2009/06/23 22:01:37 | 000,000,000 | ---D | M] (SeoQuake Plugin - Rambler.ru) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\seoquake-plugin-rambler@seoquake.com
[2009/06/23 22:01:37 | 000,000,000 | ---D | M] (SeoQuake Plugin - Technorati.com) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\seoquake-plugin-technorati@seoquake.com
[2010/06/06 15:37:54 | 000,000,000 | ---D | M] (SeoQuake Plugin - Yandex.ru) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\seoquake-plugin-yandex@seoquake.com
[2011/05/10 21:59:27 | 000,000,000 | ---D | M] ("Seo Toolbar") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\seotoolbar@seobook.com
[2011/03/30 20:04:40 | 000,000,000 | ---D | M] ("Alexa Toolbar") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\toolbar@alexa.com
[2010/09/21 19:49:10 | 000,000,000 | ---D | M] (Mozbar) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\toolbar@seomoz.org
[2011/03/30 20:05:00 | 000,000,000 | ---D | M] (TooManyTabs) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\TooManyTabs@visibotech.com
[2010/11/18 02:37:20 | 000,000,000 | ---D | M] ("Website Health Check Tool") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\websitehealth@seobook.com
[2011/04/22 23:04:59 | 000,000,000 | ---D | M] (WiseStamp) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\wisestamp@wisestamp.com
[2010/10/17 14:00:50 | 000,000,000 | ---D | M] (YSlow) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\yslow@yahoo-inc.com
[2010/10/22 01:19:57 | 000,000,000 | ---D | M] ("SEO Live YSRank - Unique live search ranking for any URL") -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\ysrank@predictad.com
[2010/11/03 22:12:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\FirePHPExtension-Build@firephp.org\__MACOSX
[2010/11/03 22:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\FirePHPExtension-Build@firephp.org\chrome
[2010/11/03 22:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\FirePHPExtension-Build@firephp.org\defaults
[2010/12/06 18:10:51 | 000,001,924 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\searchplugins\domain-lookup.xml
[2011/05/07 07:38:37 | 000,012,804 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\searchplugins\majestic-seo.xml
[2011/05/10 19:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/05 23:53:42 | 000,000,000 | ---D | M] (Project Whois) -- C:\Program Files\Mozilla Firefox\extensions\{10841c30-a967-11da-a746-0800200c9a66}
[2010/04/08 20:38:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/20 14:22:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/29 01:34:20 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\SOLTECHWEB\LOCAL SETTINGS\APPLICATION DATA\{AAB0E970-B64B-4D5F-B132-2EF4DAF208A9}
[2009/12/21 21:00:01 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
[2011/03/28 20:13:30 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/03/02 23:45:26 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/03/02 23:45:29 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/08/20 14:22:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/07/28 21:35:02 | 000,024,683 | ---- | M] (Ask.com) -- C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
[2010/08/20 14:22:02 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/05 11:13:11 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/05 11:13:11 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/05 11:13:11 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/05 11:13:11 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-507921405-963894560-682003330-1013\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-963894560-682003330-1013\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-507921405-963894560-682003330-1013\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-507921405-963894560-682003330-1013\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Ikenaqakoy] C:\WINDOWS\asofusizebazobif.dll (Wacom Technology)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [wmupdater] C:\Program Files\updater.exe ()
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-507921405-963894560-682003330-1013..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-507921405-963894560-682003330-1013..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-507921405-963894560-682003330-1013..\Run: [Mikogo] C:\Documents and Settings\soltechWeb\Application Data\Mikogo\Mikogo-Host.exe (Mikogo)
O4 - HKU\S-1-5-21-507921405-963894560-682003330-1013..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-507921405-963894560-682003330-1013..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\soltechWeb\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files\Digsby\digsby.exe ()
O4 - Startup: C:\Documents and Settings\soltechWeb\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\soltechWeb\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\soltechWeb\Start Menu\Programs\Startup\ProjectWhois.lnk = C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2011/03/01 21:53:17 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2011/03/01 21:53:17 | 000,000,000 | ---D | M]
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-963894560-682003330-1013\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-963894560-682003330-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-507921405-963894560-682003330-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-507921405-963894560-682003330-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O15 - HKU\S-1-5-21-507921405-963894560-682003330-1013\..Trusted Domains: google.co.uk ([adwords] https in Trusted sites)
O15 - HKU\S-1-5-21-507921405-963894560-682003330-1013\..Trusted Domains: google.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\refalag: DllName - C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\refalag.dll - C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\refalag.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/22 11:11:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (SDEarlyDelete) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 03:15:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\soltechWeb\Desktop\OTL.exe
[2011/05/09 19:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soltechWeb\Desktop\THE-PLAN
[2011/05/08 09:35:57 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/05/05 22:53:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soltechWeb\.linkassistant
[2011/05/02 20:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soltechWeb\Application Data\Malwarebytes
[2011/05/02 20:43:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/02 20:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/02 20:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/02 20:43:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/02 20:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/02 11:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soltechWeb\Desktop\BleepingComputer
[2011/05/01 14:21:34 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\soltechWeb\Desktop\TDSSKiller.exe
[2011/04/29 01:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soltechWeb\Local Settings\Application Data\{AAB0E970-B64B-4D5F-B132-2EF4DAF208A9}
[2011/04/29 00:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soltechWeb\Desktop\dougal
[2011/04/28 20:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Thunderbird
[2011/04/28 20:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soltechWeb\Application Data\Thunderbird
[2011/04/28 20:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird
[2011/04/28 20:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2011/04/13 21:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soltechWeb\Desktop\images4directory
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\Documents and Settings\soltechWeb\Desktop\*.tmp files -> C:\Documents and Settings\soltechWeb\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/11 04:49:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/11 03:16:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\soltechWeb\Desktop\OTL.exe
[2011/05/11 03:01:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Hxexakenakohod.bin
[2011/05/11 02:59:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/11 02:59:50 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/11 02:59:38 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\THQYVO.job
[2011/05/11 02:59:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 01:42:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/11 00:00:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/10 21:49:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rdecoceqoz.dat
[2011/05/10 21:40:24 | 000,040,550 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\V7NScrapeExampleCSV.csv
[2011/05/10 21:16:14 | 000,050,161 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\V7NScrapeExampleXML.xml
[2011/05/09 20:07:34 | 000,445,050 | ---- | M] () -- C:\Documents and Settings\soltechWeb\My Documents\anarchy-thumb.bmp
[2011/05/09 19:22:55 | 001,475,378 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\wmg-logos.psd
[2011/05/09 19:00:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/05/08 11:24:53 | 008,490,421 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\DPEMAILFORNEWSITELISTS.xch
[2011/05/08 10:05:41 | 000,551,730 | ---- | M] () -- C:\Documents and Settings\soltechWeb\.linkassistant.properties
[2011/05/08 01:30:48 | 000,000,484 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for soltechWeb.job
[2011/05/07 15:23:58 | 000,229,230 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\dp2.com.xch
[2011/05/07 15:08:05 | 000,018,901 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\DP Emails2ndStag.csv
[2011/05/07 09:19:29 | 000,465,920 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\GS-Query Logo.psd
[2011/05/06 04:02:35 | 000,292,702 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\DPEMAILFORNEWSITELISTS.xch.bak
[2011/05/06 01:32:34 | 000,181,982 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\projectedpricemodels.jpg
[2011/05/06 01:19:37 | 001,683,972 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\stats.psd
[2011/05/05 22:47:52 | 000,004,772 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\me.jpg
[2011/05/04 22:58:58 | 000,020,407 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\DP Emails.csv
[2011/05/04 19:44:10 | 075,294,527 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/05/03 19:09:40 | 000,007,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2011/05/02 21:54:45 | 001,251,701 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\EU Directives.pdf
[2011/05/02 16:28:14 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\njT27y.dat
[2011/05/02 14:54:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/02 11:25:41 | 000,293,176 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\gmer.zip
[2011/05/02 11:21:26 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\dds.scr
[2011/05/02 11:14:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\soltechWeb\defogger_reenable
[2011/05/02 11:14:05 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\Defogger.exe
[2011/05/01 17:22:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\soltechWeb\č;č;
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\soltechWeb\Desktop\TDSSKiller.exe
[2011/04/30 19:44:12 | 000,090,112 | RHS- | M] () -- C:\WINDOWS\System32\cmmon32C.dll
[2011/04/30 18:06:58 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\Internet.lnk
[2011/04/29 12:45:36 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\gmer.exe
[2011/04/28 20:57:09 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/04/28 20:57:09 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2011/04/27 23:20:38 | 001,601,654 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\excel-for-seos.pdf
[2011/04/26 21:31:24 | 000,747,520 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\5C342700
[2011/04/26 20:02:04 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/26 18:40:18 | 000,153,600 | ---- | M] () -- C:\Program Files\updater.exe
[2011/04/26 08:11:55 | 000,375,447 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\DP-Sites.com.xch
[2011/04/25 16:11:10 | 000,018,968 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\airmatic backlinks.csv
[2011/04/22 22:38:19 | 000,070,185 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\Car Parking Internet VAT Receipt.pdf
[2011/04/22 22:22:46 | 004,180,922 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\www.SimpsonMillar-HolidayClaims-1.xch
[2011/04/19 19:23:11 | 007,654,488 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\www.sightstation.co.uk2isit.xch
[2011/04/19 19:21:40 | 000,362,425 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\DP-Sites.com.xch.bak
[2011/04/18 22:42:51 | 000,009,137 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\mummyblogs.csv
[2011/04/14 23:45:13 | 000,083,608 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\hda.org.csv
[2011/04/14 23:29:55 | 000,035,684 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\staffnurse.csv
[2011/04/14 22:31:30 | 000,047,101 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\priorygroup.csv
[2011/04/14 21:17:15 | 000,020,458 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\craegmoor.csv
[2011/04/12 21:14:10 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\soltechWeb\My Documents\CF516E20
[2011/04/11 22:05:27 | 000,017,293 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\gardenandhomedirectory.csv
[2011/04/11 22:02:21 | 000,017,144 | R--- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\links-domain-www.garden-and-home-directory.co.uk.csv
[2011/04/11 21:58:57 | 000,057,664 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\garden-marketplacecouk backlinks.csv
[2011/04/11 21:39:01 | 000,035,980 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\UK Childrens Dir Backlinks.csv
[2011/04/11 20:39:48 | 000,016,051 | ---- | M] () -- C:\Documents and Settings\soltechWeb\Desktop\sitemap.xml
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\Documents and Settings\soltechWeb\Desktop\*.tmp files -> C:\Documents and Settings\soltechWeb\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/10 21:39:11 | 000,050,161 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\V7NScrapeExampleXML.xml
[2011/05/10 21:16:02 | 000,040,550 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\V7NScrapeExampleCSV.csv
[2011/05/09 20:07:22 | 000,445,050 | ---- | C] () -- C:\Documents and Settings\soltechWeb\My Documents\anarchy-thumb.bmp
[2011/05/07 15:22:49 | 000,229,230 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\dp2.com.xch
[2011/05/07 15:08:04 | 000,018,901 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\DP Emails2ndStag.csv
[2011/05/06 21:03:50 | 000,465,920 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\GS-Query Logo.psd
[2011/05/06 01:44:57 | 008,490,421 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\DPEMAILFORNEWSITELISTS.xch
[2011/05/06 01:44:57 | 000,292,702 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\DPEMAILFORNEWSITELISTS.xch.bak
[2011/05/06 01:32:33 | 000,181,982 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\projectedpricemodels.jpg
[2011/05/06 00:50:27 | 001,683,972 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\stats.psd
[2011/05/05 22:47:44 | 000,004,772 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\me.jpg
[2011/05/04 22:50:06 | 000,020,407 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\DP Emails.csv
[2011/05/03 19:09:40 | 000,007,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2011/05/02 21:54:05 | 001,251,701 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\EU Directives.pdf
[2011/05/02 16:24:52 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\njT27y.dat
[2011/05/02 11:25:28 | 000,293,176 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\gmer.zip
[2011/05/02 11:20:52 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\dds.scr
[2011/05/02 11:14:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\soltechWeb\defogger_reenable
[2011/05/02 11:13:48 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\Defogger.exe
[2011/05/01 17:22:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\soltechWeb\č;č;
[2011/04/30 19:44:13 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\THQYVO.job
[2011/04/30 19:44:12 | 000,090,112 | RHS- | C] () -- C:\WINDOWS\System32\cmmon32C.dll
[2011/04/30 19:43:59 | 000,153,600 | ---- | C] () -- C:\Program Files\updater.exe
[2011/04/30 18:06:58 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\Internet.lnk
[2011/04/29 12:45:36 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\gmer.exe
[2011/04/29 01:34:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hxexakenakohod.bin
[2011/04/29 01:34:21 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rdecoceqoz.dat
[2011/04/28 20:57:09 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/04/28 20:57:09 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2011/04/27 23:20:33 | 001,601,654 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\excel-for-seos.pdf
[2011/04/26 21:31:06 | 000,747,520 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\5C342700
[2011/04/25 16:11:10 | 000,018,968 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\airmatic backlinks.csv
[2011/04/22 22:38:16 | 000,070,185 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\Car Parking Internet VAT Receipt.pdf
[2011/04/19 19:20:47 | 000,375,447 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\DP-Sites.com.xch
[2011/04/19 19:20:47 | 000,362,425 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\DP-Sites.com.xch.bak
[2011/04/19 19:20:18 | 004,180,922 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\www.SimpsonMillar-HolidayClaims-1.xch
[2011/04/18 22:42:51 | 000,009,137 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\mummyblogs.csv
[2011/04/14 23:45:13 | 000,083,608 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\hda.org.csv
[2011/04/14 23:29:55 | 000,035,684 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\staffnurse.csv
[2011/04/14 22:31:30 | 000,047,101 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\priorygroup.csv
[2011/04/14 21:17:15 | 000,020,458 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\craegmoor.csv
[2011/04/12 21:14:10 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\soltechWeb\My Documents\CF516E20
[2011/04/11 22:05:27 | 000,017,293 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\gardenandhomedirectory.csv
[2011/04/11 22:02:21 | 000,017,144 | R--- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\links-domain-www.garden-and-home-directory.co.uk.csv
[2011/04/11 21:58:57 | 000,057,664 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\garden-marketplacecouk backlinks.csv
[2011/04/11 21:39:00 | 000,035,980 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\UK Childrens Dir Backlinks.csv
[2011/04/11 20:22:18 | 000,016,051 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Desktop\sitemap.xml
[2011/03/02 23:39:40 | 000,160,523 | ---- | C] () -- C:\WINDOWS\hpoins27.dat
[2011/03/02 23:39:40 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat
[2010/12/02 16:12:18 | 000,062,448 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/17 23:19:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/16 23:45:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Local Settings\Application Data\housecall.guid.cache
[2010/06/16 20:36:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/08 20:42:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/29 16:49:57 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{47FB62DF-832D-485F-95FC-C93BB08B8FE3}_WiseFW.ini
[2009/07/04 19:54:14 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\regddlc.DAT
[2009/06/18 10:09:51 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\soltechWeb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/28 04:02:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/28 04:02:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/28 04:02:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/25 07:47:22 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/01/17 20:56:00 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\3DXCT.BIN
[2008/08/06 11:26:20 | 000,005,087 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
[2008/06/23 22:29:29 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2008/06/23 19:15:30 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/06/23 19:15:29 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/06/23 19:15:29 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/06/23 19:15:29 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/06/12 20:43:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2008/06/12 16:09:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/09 20:01:47 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2008/06/09 20:01:47 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2008/06/09 20:01:46 | 000,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2008/06/09 20:01:46 | 000,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2008/06/09 20:01:46 | 000,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2008/05/08 17:59:11 | 000,001,409 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/27 19:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/11 19:03:54 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/04/04 23:26:16 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2008/04/04 23:17:07 | 000,000,528 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2008/03/23 15:25:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ldf.dat
[2008/03/12 15:57:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/03/12 15:55:17 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/03/08 12:38:53 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/03/02 00:24:15 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2008/03/02 00:24:08 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2008/02/22 16:23:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/22 16:16:50 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{ABF81D02-E51F-416A-AE10-0EBBC967CA01}.dat
[2008/02/22 16:16:50 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{209C03C3-6440-414A-BFF2-2CCC69B42118}.dat
[2008/02/22 16:11:47 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008/02/22 16:11:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008/02/22 16:11:47 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008/02/22 16:11:47 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008/02/22 15:50:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/02/22 15:49:14 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2008/02/22 15:49:14 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2008/02/22 15:37:04 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/02/22 11:13:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/02/22 11:08:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/02/22 10:57:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/22 10:56:24 | 001,580,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/14 12:32:52 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2007/10/23 01:28:22 | 001,260,072 | ---- | C] () -- C:\WINDOWS\System32\libtiff-3.dll
[2007/07/27 13:01:18 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/07/27 13:01:18 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/07/27 13:01:18 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/07/25 15:24:30 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/12 03:30:04 | 000,151,367 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/03/19 14:34:58 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SerialCE.dll
[2006/03/19 14:34:42 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SerialXP.dll
[2006/02/28 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 13:00:00 | 000,590,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 13:00:00 | 000,114,016 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/02/28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/26 16:08:28 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/03 12:03:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\WB3.dll
[2001/10/28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[1996/08/20 18:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >



OTL Extras logfile created on: 11/05/2011 03:59:49 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\soltechWeb\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 5750 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 0.17 Gb Free Space | 0.15% Space Free | Partition Type: NTFS

Computer Name: P4-D6BAA28DAAD0 | User Name: soltechWeb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-507921405-963894560-682003330-1013\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1 -- [2011/03/01 21:53:17 | 000,000,000 | ---D | M]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1 -- [2011/03/01 21:53:17 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1 -- [2011/03/01 21:53:17 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1 -- [2011/03/01 21:53:17 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1 -- [2011/03/01 21:53:17 | 000,000,000 | ---D | M]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Disabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Disabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Disabled:Autodesk 3ds Max 2009 32-bit
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Disabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Autodesk\Maya2008\bin\maya.exe" = C:\Program Files\Autodesk\Maya2008\bin\maya.exe:*:Disabled:Maya
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:ÁTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Disabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
"{2023D8DE-CD8E-4958-B831-9DB3166D1B07}" = Swift 3D v5.00
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2349E6AA-CFCA-4D17-B633-3ECDA92E38CD}" = Internet Information Services (IIS) 7.0 Manager
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8
"{3F7D7ED5-979A-4F96-AE25-DDA54B3E2D2B}" = Microsoft SQL Server 2008 Setup Support Files
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46686D99-56BE-413F-835B-9C61C8145AB4}" = Microsoft Web Platform Installer 2.0 Beta
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{476E9A2B-7A33-4634-9B39-815B7C376F8E}" = Avid DIO Runtime
"{47FB62DF-832D-485F-95FC-C93BB08B8FE3}" = LeapFrog Connect
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{58C19BBD-4D08-6835-A608-27A2B568A7F6}" = TweetDeck
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A750221-B84D-419D-B11C-5F597FDBA826}" = Movavi Video Converter 6
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.1.0.26
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CBD8A89-45F4-4203-9923-673F72603747}" = Adobe Photoshop Lightroom 2.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4394612-D02F-11DC-9BFF-D18556D89593}" = Microsoft ASP.NET MVC 1.0
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Franšais, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Franšais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE3E90F6-C1B1-406C-89DD-D375BA03FB1F}" = TwiPing
"{AF389E8E-B02F-4F0B-AD02-C5123DA92584}" = finalRender for CINEMA 4D Stage-2 SP3a
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E1ED34-EF54-43D4-B634-8C76B15CFF18}" = iClone v3.1 PRO
"{C4421C89-1F2F-479D-AED1-27ACBF1310E8}" = BTOffer
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C813D39B-7F9A-4070-992B-7E4DDD0FBC6A}" = LeapFrog My Pals Plugin
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC8B84F2-9878-11DC-8B4E-656655D89593}" = Microsoft ASP.NET 2.0 AJAX Templates for Visual Studio 2008
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = SkypeÖ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{EAFC0CD9-FE4B-ED2D-84DD-C0DBA0229ED9}" = Market Samurai
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Anim-FX" = Anim-FX
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.5
"AVI DivX to DVD SVCD VCD Converter_is1" = AVI DivX to DVD SVCD VCD Converter 2.2.2
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19
"AVS Video Tools 5_is1" = AVS Video Tools 5.6
"BroadJump Client Foundation" = BroadJump Client Foundation
"cebas IP-Clamp License Manager" = cebas IP-Clamp License Manager
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CINEMA 4D Release 11" = CINEMA 4D Release 11
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cucusoft MPEG/MOV/RM/AVI to DVD/VCD/SVCD/MPEG Co~546FA5AA_is1" = Cucusoft MPEG/MOV/RM/AVI to DVD/VCD/SVCD/MPEG Converter Pro 7.0
"Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
"Digsby" = Digsby
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"FileZilla Client" = FileZilla Client 3.2.0
"gmailbackup" = Gmail Backup
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{C2E1ED34-EF54-43D4-B634-8C76B15CFF18}" = iClone v3.1 PRO
"Magic ISO Maker v5.5 (build 0261)" = Magic ISO Maker v5.5 (build 0261)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MagicDisc 2.7.97" = MagicDisc 2.7.97
"MailNavigator v.1.12" = MailNavigator v.1.12
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Maxwell" = Maxwell
"MessageSave" = MessageSave (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"Mikogo" = Mikogo
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"Pacific Poker" = Pacific Poker
"ProjectWhois" = ProjectWhois
"Screaming Frog SEO Spider" = Screaming Frog SEO Spider
"seopowersuite" = SEO SpyGlass
"Shop for HP Supplies" = Shop for HP Supplies
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"UPCShell" = LeapFrog Connect
"VIGOS Gsitemap_is1" = VIGOS Gsitemap 0.97a
"VIGOS Website Analyzer_is1" = VIGOS Website Analyzer
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xenu's Link Sleuth" = Xenu's Link Sleuth
"XobniMain" = Xobni
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507921405-963894560-682003330-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"uTorrent" = ÁTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/05/2011 17:48:21 | Computer Name = P4-D6BAA28DAAD0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/05/2011 17:48:25 | Computer Name = P4-D6BAA28DAAD0 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/05/2011 17:48:25 | Computer Name = P4-D6BAA28DAAD0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/05/2011 17:58:37 | Computer Name = P4-D6BAA28DAAD0 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00021260.

Error - 10/05/2011 18:06:18 | Computer Name = P4-D6BAA28DAAD0 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00021260.

Error - 10/05/2011 18:43:51 | Computer Name = P4-D6BAA28DAAD0 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00021260.

Error - 10/05/2011 19:56:59 | Computer Name = P4-D6BAA28DAAD0 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00021260.

Error - 10/05/2011 21:04:04 | Computer Name = P4-D6BAA28DAAD0 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00021260.

Error - 10/05/2011 22:02:25 | Computer Name = P4-D6BAA28DAAD0 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module asofusizebazobif.dll, version 0.0.0.0, fault address 0x00025e4b.

Error - 10/05/2011 22:58:24 | Computer Name = P4-D6BAA28DAAD0 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.22.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 10/05/2011 17:48:21 | Computer Name = P4-D6BAA28DAAD0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/05/2011 17:48:25 | Computer Name = P4-D6BAA28DAAD0 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/05/2011 17:48:25 | Computer Name = P4-D6BAA28DAAD0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/05/2011 17:58:37 | Computer Name = P4-D6BAA28DAAD0 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00021260.

Error - 10/05/2011 18:06:18 | Computer Name = P4-D6BAA28DAAD0 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00021260.

Error - 10/05/2011 18:43:51 | Computer Name = P4-D6BAA28DAAD0 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00021260.

Error - 10/05/2011 19:56:59 | Computer Name = P4-D6BAA28DAAD0 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00021260.

Error - 10/05/2011 21:04:04 | Computer Name = P4-D6BAA28DAAD0 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00021260.

Error - 10/05/2011 22:02:25 | Computer Name = P4-D6BAA28DAAD0 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module asofusizebazobif.dll, version 0.0.0.0, fault address 0x00025e4b.

Error - 10/05/2011 22:58:24 | Computer Name = P4-D6BAA28DAAD0 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.22.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/05/2011 17:46:48 | Computer Name = P4-D6BAA28DAAD0 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/05/2011 17:46:48 | Computer Name = P4-D6BAA28DAAD0 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SABKUTIL SDManager

Error - 10/05/2011 21:54:19 | Computer Name = P4-D6BAA28DAAD0 | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.

Error - 10/05/2011 22:00:03 | Computer Name = P4-D6BAA28DAAD0 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/05/2011 22:00:03 | Computer Name = P4-D6BAA28DAAD0 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/05/2011 22:01:02 | Computer Name = P4-D6BAA28DAAD0 | Source = Service Control Manager | ID = 7000
Description = The Sentinel service failed to start due to the following error: %%20

Error - 10/05/2011 22:01:02 | Computer Name = P4-D6BAA28DAAD0 | Source = Service Control Manager | ID = 7000
Description = The Pixar License Server 5.0.2 service failed to start due to the
following error: %%2

Error - 10/05/2011 22:01:02 | Computer Name = P4-D6BAA28DAAD0 | Source = Service Control Manager | ID = 7000
Description = The SQL Server VSS Writer service failed to start due to the following
error: %%2

Error - 10/05/2011 22:01:27 | Computer Name = P4-D6BAA28DAAD0 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/05/2011 22:01:28 | Computer Name = P4-D6BAA28DAAD0 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SABKUTIL SDManager

[ System Events ]
Error - 10/05/2011 17:46:48 | Computer Name = P4-D6BAA28DAAD0 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/05/2011 17:46:48 | Computer Name = P4-D6BAA28DAAD0 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SABKUTIL SDManager

Error - 10/05/2011 21:54:19 | Computer Name = P4-D6BAA28DAAD0 | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.

Error - 10/05/2011 22:00:03 | Computer Name = P4-D6BAA28DAAD0 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/05/2011 22:00:03 | Computer Name = P4-D6BAA28DAAD0 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/05/2011 22:01:02 | Computer Name = P4-D6BAA28DAAD0 | Source = Service Control Manager | ID = 7000
Description = The Sentinel service failed to start due to the following error: %%20

Error - 10/05/2011 22:01:02 | Computer Name = P4-D6BAA28DAAD0 | Source = Service Control Manager | ID = 7000
Description = The Pixar License Server 5.0.2 service failed to start due to the
following error: %%2

Error - 10/05/2011 22:01:02 | Computer Name = P4-D6BAA28DAAD0 | Source = Service Control Manager | ID = 7000
Description = The SQL Server VSS Writer service failed to start due to the following
error: %%2

Error - 10/05/2011 22:01:27 | Computer Name = P4-D6BAA28DAAD0 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/05/2011 22:01:28 | Computer Name = P4-D6BAA28DAAD0 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SABKUTIL SDManager


< End of report >

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:52 PM

Posted 11 May 2011 - 08:18 AM

Hi!

Do you recongize this file?

C:\Documents and Settings\soltechWeb\My Documents\CF516E20


The main infection that you were infected with is called TDL4.

See the snippet of text below:

53:01.1 Detected object count: 1
53:16.0 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
53:16.0 \HardDisk0 - ok 53:16.0 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
53:31.1 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



GooredFix
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (SQLWriter)
    SRV - File not found [Auto | Stopped] -- -- (Pixar License Server 5.0.2)
    SRV - File not found [Auto | Stopped] -- -- (MSWA-238e286b)
    O3 - HKU\S-1-5-21-507921405-963894560-682003330-1013\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O20 - Winlogon\Notify\refalag: DllName - C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\refalag.dll - C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\refalag.dll ()
    [2011/04/29 01:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soltechWeb\Local Settings\Application Data\{AAB0E970-B64B-4D5F-B132-2EF4DAF208A9}
    [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [32 C:\Documents and Settings\soltechWeb\Desktop\*.tmp files -> C:\Documents and Settings\soltechWeb\Desktop\*.tmp -> ]
    [2011/05/11 03:01:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Hxexakenakohod.bin
    [2011/05/11 02:59:38 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\THQYVO.job
    [2011/05/10 21:49:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rdecoceqoz.dat
    [2011/05/02 16:28:14 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\njT27y.dat
    [2011/05/01 17:22:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\soltechWeb\č;č;
    [2011/04/30 19:44:12 | 000,090,112 | RHS- | M] () -- C:\WINDOWS\System32\cmmon32C.dll
    [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [32 C:\Documents and Settings\soltechWeb\Desktop\*.tmp files -> C:\Documents and Settings\soltechWeb\Desktop\*.tmp -> ]
    [2011/05/01 17:22:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\soltechWeb\č;č;
    [2011/04/30 19:44:13 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\THQYVO.job
    [2011/04/30 19:44:12 | 000,090,112 | RHS- | C] () -- C:\WINDOWS\System32\cmmon32C.dll
    [2011/04/29 01:34:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hxexakenakohod.bin
    [2011/04/29 01:34:21 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rdecoceqoz.dat
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 Red2Black88

Red2Black88
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 11 May 2011 - 01:15 PM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:12 on 11/05/2011 (soltechWeb)
Firefox version 3.6.15 (en-GB)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{AAB0E970-B64B-4D5F-B132-2EF4DAF208A9} -> Success!
Deleting C:\Documents and Settings\soltechWeb\Local Settings\Application Data\{AAB0E970-B64B-4D5F-B132-2EF4DAF208A9} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{10841c30-a967-11da-a746-0800200c9a66} [22:53 05/08/2009]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:41 27/04/2008]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [19:38 08/04/2010]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [20:38 28/07/2008]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [13:22 20/08/2010]

C:\Documents and Settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\extensions\
aardvark@rob.brown [18:28 27/07/2010]
base-outfit@outwit.com [20:59 10/05/2011]
beta@linkdiagnosis.com [23:19 26/03/2011]
BlekkoToolbar@blekko.com [02:19 11/02/2011]
cookieSwap@cookieSwap.mozdev.org [21:06 11/04/2011]
developers@tyrantinc.com [21:06 11/04/2011]
domainlookup@qualitynonsense.com [17:09 06/12/2010]
duplicatecontent@seobook.com [01:36 18/11/2010]
ffplugin@gist.com [20:58 10/05/2011]
firebug@software.joehewitt.com [19:52 10/02/2011]
firecookie@janodvarko.cz [19:32 09/03/2011]
firefox@adhacker.com [20:48 18/07/2009]
FirePHPExtension-Build@firephp.org [21:12 03/11/2010]
info@linkdiagnosis.com [23:39 26/06/2009]
jiffy@billwscott.com [13:44 06/02/2010]
kgen@elitwork.com [21:42 03/03/2011]
multilinks@plugin [20:18 24/03/2011]
pixelperfectplugin@openhouseconcepts.com [19:48 03/02/2011]
rankchecker@seobook.com [20:59 10/05/2011]
rapportive@rapportive.com [21:32 18/02/2011]
requestpolicy@requestpolicy.com [20:59 10/05/2011]
semtoolbar@bruceclay.com [19:29 18/05/2010]
seo4firefox@seobook.com [22:44 31/03/2011]
seodoctor@prelovac.com [20:18 24/03/2011]
seoquake-plugin-ask@seoquake.com [21:01 23/06/2009]
seoquake-plugin-baidu@seoquake.com [21:01 23/06/2009]
seoquake-plugin-delicious@seoquake.com [21:01 23/06/2009]
seoquake-plugin-rambler@seoquake.com [21:01 23/06/2009]
seoquake-plugin-technorati@seoquake.com [21:01 23/06/2009]
seoquake-plugin-yandex@seoquake.com [14:37 06/06/2010]
seotoolbar@seobook.com [20:59 10/05/2011]
toolbar@alexa.com [19:04 30/03/2011]
toolbar@seomoz.org [18:49 21/09/2010]
TooManyTabs@visibotech.com [19:05 30/03/2011]
websitehealth@seobook.com [01:37 18/11/2010]
wisestamp@wisestamp.com [22:04 22/04/2011]
yslow@yahoo-inc.com [13:00 17/10/2010]
ysrank@predictad.com [00:19 22/10/2010]
{1018e4d6-728f-4b20-ad56-37578a4de76b} [22:05 22/04/2011]
{3112ca9c-de6d-4884-a869-9855de68056c} [13:16 12/10/2010]
{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [19:34 09/03/2011]
{4093c4de-454a-4329-8aff-c6b0b123c386} [22:05 22/04/2011]
{582195F5-92E7-40a0-A127-DB71295901D7} [19:05 30/03/2011]
{5fb1186a-3398-4c47-b579-0f2eee222ad1} [19:33 09/03/2011]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [19:34 09/03/2011]
{636fd8b0-ce2b-4e00-b812-2afbe77ee899} [23:16 28/04/2011]
{65e41d20-f092-41b7-bb83-c6e8a9ab0f57} [20:32 19/02/2011]
{6AC85730-7D0F-4de0-B3FA-21142DD85326} [20:18 24/03/2011]
{6e67244f-d40b-492d-8eed-d0712bdf38bb} [19:28 27/07/2010]
{70a9aa80-d283-4eae-8a87-ee7b769edf53} [21:47 03/02/2010]
{7eb3f691-25b4-4a85-9038-9e57e2bcd537} [23:28 06/02/2011]
{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [20:59 10/05/2011]
{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [20:05 21/02/2010]
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [16:58 02/05/2011]
{AE93811A-5C9A-4d34-8462-F7B864FC4696} [19:34 09/03/2011]
{B97F57B9-1B42-4aed-9475-0022600C62DC} [08:54 24/11/2010]
{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} [20:48 18/07/2009]
{c45c406e-ab73-11d8-be73-000a95be3b12} [04:14 14/01/2011]
{CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9} [21:06 11/04/2011]
{d57c9ff1-6389-48fc-b770-f78bd89b6e8a} [19:48 03/02/2011]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [00:12 13/09/2009]
{e3f6c2cc-d8db-498c-af6c-499fb211db97} [06:54 16/02/2011]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [22:05 22/04/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [14:41 11/01/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [21:58 17/04/2009]
"avg@igeared"="C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared" [12:21 27/03/2011]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [13:22 20/08/2010]
"{000a9d1c-beef-4f90-9363-039d445309b8}"="C:\Program Files\Google\Google Gears\Firefox\" [22:52 11/01/2011]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video" [22:45 02/03/2011]
"{6904342A-8307-11DF-A508-4AE2DFD72085}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa" [22:45 02/03/2011]

-=E.O.F=-

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:52 PM

Posted 11 May 2011 - 01:30 PM

:thumbsup:

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 Red2Black88

Red2Black88
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 11 May 2011 - 01:36 PM

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service SQLWriter stopped successfully!
Service SQLWriter deleted successfully!
Service Pixar License Server 5.0.2 stopped successfully!
Service Pixar License Server 5.0.2 deleted successfully!
Service MSWA-238e286b stopped successfully!
Service MSWA-238e286b deleted successfully!
Registry value HKEY_USERS\S-1-5-21-507921405-963894560-682003330-1013\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\refalag\ deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\refalag.dll moved successfully.
Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\{AAB0E970-B64B-4D5F-B132-2EF4DAF208A9}\ not found.
C:\WINDOWS\C813D39B7F9A4070992B7E4DDD0FBC6A.TMP\WiseCustomCall.dll deleted successfully.
C:\WINDOWS\C813D39B7F9A4070992B7E4DDD0FBC6A.TMP\WiseCustomCalla.exe deleted successfully.
C:\WINDOWS\C813D39B7F9A4070992B7E4DDD0FBC6A.TMP\WiseData.ini deleted successfully.
C:\WINDOWS\C813D39B7F9A4070992B7E4DDD0FBC6A.TMP folder deleted successfully.
C:\WINDOWS\DUMP49bb.tmp deleted successfully.
C:\WINDOWS\DUMP5479.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SDEAF080C.tmp deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET172.tmp deleted successfully.
C:\WINDOWS\System32\SET176.tmp deleted successfully.
C:\WINDOWS\System32\SET177.tmp deleted successfully.
C:\WINDOWS\System32\SET17E.tmp deleted successfully.
C:\WINDOWS\System32\SET1C5.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL0236.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL0363.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL0382.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL0522.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL0556.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL0571.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL0668.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL0967.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL1105.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL1222.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL1570.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL1571.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL1697.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL1739.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL1753.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL1770.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL1825.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL1856.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL1899.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL2004.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL2174.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL2738.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL2751.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL2771.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL2776.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL3004.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL3326.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL3500.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL3749.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL3899.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL3992.tmp deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\~WRL3996.tmp deleted successfully.
C:\WINDOWS\Hxexakenakohod.bin moved successfully.
C:\WINDOWS\tasks\THQYVO.job moved successfully.
C:\WINDOWS\Rdecoceqoz.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\njT27y.dat moved successfully.
C:\Documents and Settings\soltechWeb\č;č; moved successfully.
C:\WINDOWS\system32\cmmon32C.dll moved successfully.
File C:\Documents and Settings\soltechWeb\č;č; not found.
File C:\WINDOWS\tasks\THQYVO.job not found.
File C:\WINDOWS\System32\cmmon32C.dll not found.
File C:\WINDOWS\Hxexakenakohod.bin not found.
File C:\WINDOWS\Rdecoceqoz.dat not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\soltechWeb\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\soltechWeb\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator.P4-D6BAA28DAAD0
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 274292 bytes
->Flash cache emptied: 1165 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 275286 bytes
->Temporary Internet Files folder emptied: 24747368 bytes
->Java cache emptied: 21796 bytes
->Flash cache emptied: 18233 bytes

User: soltechWeb
->Temp folder emptied: 9377109362 bytes
->Temporary Internet Files folder emptied: 64806676 bytes
->Java cache emptied: 298413 bytes
->FireFox cache emptied: 63099059 bytes
->Google Chrome cache emptied: 1642864 bytes
->Apple Safari cache emptied: 1205248 bytes
->Flash cache emptied: 209598 bytes

User: User

User: User.P4-D6BAA28DAAD0
->Temp folder emptied: 616681 bytes
->Temporary Internet Files folder emptied: 308478 bytes
->FireFox cache emptied: 5981446 bytes
->Flash cache emptied: 0 bytes

User: Wards
->Temp folder emptied: 26069452584 bytes
->Temporary Internet Files folder emptied: 62354096 bytes
->Java cache emptied: 4752720 bytes
->FireFox cache emptied: 35735957 bytes
->Apple Safari cache emptied: 43996160 bytes
->Flash cache emptied: 1929614 bytes

User: WENDY
->Temp folder emptied: 7382472 bytes
->Temporary Internet Files folder emptied: 33978583 bytes
->Java cache emptied: 838322 bytes
->FireFox cache emptied: 89575164 bytes
->Flash cache emptied: 2249 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 231878902 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 4688 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2006582 bytes
RecycleBin emptied: 15360 bytes

Total Files Cleaned = 34,451.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.P4-D6BAA28DAAD0

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY
->Flash cache emptied: 0 bytes

User: soltechWeb
->Flash cache emptied: 0 bytes

User: User

User: User.P4-D6BAA28DAAD0
->Flash cache emptied: 0 bytes

User: Wards
->Flash cache emptied: 0 bytes

User: WENDY
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05112011_191654

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\aim_bubble_close[94].jpg not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\aim_bubble_right[97].gif not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\aim_left_anchor_bubble_bot[98].gif not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\aim_left_anchor_bubble_top[100].gif not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\aim_no_anchor_bubble_bot[101].gif not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\aim_no_anchor_bubble_top[102].gif not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\aim_right_anchor_bubble_bot[103].gif not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\aim_right_anchor_bubble_top[105].gif not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\arrow-balance-menu[106].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\arrows-following[215].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\bubble_closebox[118].gif not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\call_button_default[113].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\closed-comments[221].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\dasher-attribution[204].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\delete_bg_transparent[121].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\eventheader_border[130].gif not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\following-check[231].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\keypad_press_bg[142].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\lightbox-sprite3[233].gif not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\like-deselected[235].gif not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\media-caption-background[248].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\media-external-icon[251].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\muc_bubble_left[144].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\muc_bubble_right[146].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\muc_left_anchor_bubble_bot[148].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\muc_left_anchor_bubble_top[150].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\muc_no_anchor_bubble_bot[152].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\muc_no_anchor_bubble_top[154].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\muc_right_anchor_bubble_bot[156].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\muc_right_anchor_bubble_top[157].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\presence_greenrobot_available[48].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\presence_greenrobot_away[49].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\presence_greenrobot_busy[50].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\priority_inbox_small_video_thumbnail[165].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\reshare-deselected[263].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\reshare-disabled[265].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\reshare-selected[267].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\shadow-bottom-border[169].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\shadow-bottom-left[171].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\shadow-bottom-right[173].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\shadow-left-side[174].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\shadow-right-side[176].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\shadow-top-left[178].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\shadow-top-right[180].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\sharebox-triangle[269].png not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\subscribe-disabled[273].gif not found!
File\Folder C:\Documents and Settings\soltechWeb\Local Settings\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-red2black88@googlemail.com-GoogleMail[8]#localserver\voice-recording[196].png not found!
File move failed. C:\Documents and Settings\WENDY\Local Settings\Temp\hsperfdata_WENDY\3548 scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:52 PM

Posted 11 May 2011 - 02:03 PM

Okay.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 Red2Black88

Red2Black88
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 11 May 2011 - 03:37 PM

Hello again - sorry for the slight interval...I had a few complications and had to download AppRemover by Opswat and remove AVG 8.5.
Whilst running combofix 2 pop ups occurred. One said something like:
The Master boot record is infected

and then another saying Combofix has detected rootkit activity and needs to reboot the machine. I have posted the final combofix log below here, hope that helps!



ComboFix 11-05-11.01 - soltechWeb 11/05/2011 20:59:24.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1918.1470 [GMT 1:00]
Running from: c:\documents and settings\soltechWeb\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\asfd23f.BIN
c:\asfd23f.bin\config.bin
c:\documents and settings\soltechWeb\g2mdlhlpx.exe
c:\documents and settings\soltechWeb\Local Settings\Application Data\{36C34739-5B1C-4B66-9429-84D301FD8626}
c:\documents and settings\soltechWeb\Local Settings\Application Data\{36C34739-5B1C-4B66-9429-84D301FD8626}\chrome.manifest
c:\documents and settings\soltechWeb\Local Settings\Application Data\{36C34739-5B1C-4B66-9429-84D301FD8626}\chrome\content\_cfg.js
c:\documents and settings\soltechWeb\Local Settings\Application Data\{36C34739-5B1C-4B66-9429-84D301FD8626}\chrome\content\overlay.xul
c:\documents and settings\soltechWeb\Local Settings\Application Data\{36C34739-5B1C-4B66-9429-84D301FD8626}\install.rdf
c:\windows\asofusizebazobif.dll
c:\windows\Temp\tmp3.tmp
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-11 18:16 . 2011-05-11 18:16 -------- d-----w- C:\_OTL
2011-05-09 01:57 . 2011-05-09 01:57 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2011-05-09 01:57 . 2011-05-09 01:57 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Apple Computer
2011-05-08 08:35 . 2011-05-08 08:35 -------- d-----w- C:\found.001
2011-05-07 17:11 . 2011-05-07 17:11 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Identities
2011-05-05 21:57 . 2011-05-05 21:57 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Yahoo!
2011-05-05 21:53 . 2011-05-07 14:08 -------- d-----w- c:\documents and settings\soltechWeb\.linkassistant
2011-05-02 19:46 . 2011-05-02 19:46 -------- d-----w- c:\documents and settings\soltechWeb\Application Data\Malwarebytes
2011-05-02 19:43 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-02 19:43 . 2011-05-02 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-02 19:43 . 2011-05-02 23:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-02 19:43 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 16:17 . 2011-05-01 16:18 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Temp
2011-04-30 18:45 . 2011-04-30 18:45 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Yahoo
2011-04-30 18:45 . 2011-04-30 18:50 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\HPAppData
2011-04-30 18:43 . 2011-04-26 17:40 153600 ----a-w- c:\program files\updater.exe
2011-04-29 00:43 . 2011-04-29 00:44 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-04-28 19:57 . 2011-04-28 20:05 -------- d-----w- c:\documents and settings\soltechWeb\Application Data\Thunderbird
2011-04-28 19:57 . 2011-04-28 19:57 -------- d-----w- c:\documents and settings\soltechWeb\Local Settings\Application Data\Thunderbird
2011-04-28 19:56 . 2011-04-28 19:57 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-05-22 2356088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-02 2423752]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Mikogo"="c:\documents and settings\soltechWeb\Application Data\Mikogo\Mikogo-Host.exe" [2010-08-16 2748416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-22 16841216]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-05-07 380928]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"wmupdater"="c:\program files\updater.exe" [2011-04-26 153600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\soltechWeb\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-3-1 576000]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
ProjectWhois.lnk - c:\program files\Domain Tools\ProjectWhois\ProjectWhois.exe [2006-11-21 147456]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [16/03/2010 10:52 55016]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [26/12/2007 03:20 264576]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S1 SDManager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]
S2 gupdate1ca1080423c5599;Google Update Service (gupdate1ca1080423c5599);c:\program files\Google\Update\GoogleUpdate.exe [29/07/2009 20:10 133104]
S2 IPClampService;IPCLAMP by cebas Computer GmbH;c:\progra~1\cebas\ip-clamp\ipclamp.exe [25/01/2009 07:31 45188]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
S3 B-Service;B-Service;c:\documents and settings\soltechWeb\Application Data\Mikogo\B-Service.exe [14/11/2010 15:27 185640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/07/2009 20:10 133104]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 01:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10/07/2008 02:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11/07/2008 01:28 369688]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 19:10]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 19:10]
.
2011-05-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-05-08 c:\windows\Tasks\Norton Security Scan for soltechWeb.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-26 10:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://uk.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.webceo.com/cgi-bin/goto.pl?unin&user=&cr=FFFFFFFF&revision=0
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: google.co.uk\adwords
Trusted Zone: google.com\www
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc721db&v=6.103.018.001&i=29&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Duplicate Content: duplicatecontent@seobook.com - %profile%\extensions\duplicatecontent@seobook.com
FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com
FF - Ext: SEO For Firefox: seo4firefox@seobook.com - %profile%\extensions\seo4firefox@seobook.com
FF - Ext: Website Health Check Tool: websitehealth@seobook.com - %profile%\extensions\websitehealth@seobook.com
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: SeoQuake Plugin - Yandex.ru: seoquake-plugin-yandex@seoquake.com - %profile%\extensions\seoquake-plugin-yandex@seoquake.com
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Pixel Perfect: pixelperfectplugin@openhouseconcepts.com - %profile%\extensions\pixelperfectplugin@openhouseconcepts.com
FF - Ext: Ad Hacker: firefox@adhacker.com - %profile%\extensions\firefox@adhacker.com
FF - Ext: LinkDiagnosis 2.2: beta@linkdiagnosis.com - %profile%\extensions\beta@linkdiagnosis.com
FF - Ext: Mozbar: toolbar@seomoz.org - %profile%\extensions\toolbar@seomoz.org
FF - Ext: HttpFox: {4093c4de-454a-4329-8aff-c6b0b123c386} - %profile%\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Page Speed Closure Compiler Extension: {70a9aa80-d283-4eae-8a87-ee7b769edf53} - %profile%\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: YSlow: yslow@yahoo-inc.com - %profile%\extensions\yslow@yahoo-inc.com
FF - Ext: Firecookie: firecookie@janodvarko.cz - %profile%\extensions\firecookie@janodvarko.cz
FF - Ext: FirePHP: FirePHPExtension-Build@firephp.org - %profile%\extensions\FirePHPExtension-Build@firephp.org
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: Rapportive: rapportive@rapportive.com - %profile%\extensions\rapportive@rapportive.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Domain Lookup: domainlookup@qualitynonsense.com - %profile%\extensions\domainlookup@qualitynonsense.com
FF - Ext: Multi Links: multilinks@plugin - %profile%\extensions\multilinks@plugin
FF - Ext: Boomerang for GMail: {65e41d20-f092-41b7-bb83-c6e8a9ab0f57} - %profile%\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
FF - Ext: Gmail Manager: {582195F5-92E7-40a0-A127-DB71295901D7} - %profile%\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
FF - Ext: BlekkoToolbar: BlekkoToolbar@blekko.com - %profile%\extensions\BlekkoToolbar@blekko.com
FF - Ext: KGen: kgen@elitwork.com - %profile%\extensions\kgen@elitwork.com
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: XPather: {636fd8b0-ce2b-4e00-b812-2afbe77ee899} - %profile%\extensions\{636fd8b0-ce2b-4e00-b812-2afbe77ee899}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
HKLM-Run-Ikenaqakoy - c:\windows\asofusizebazobif.dll
Notify-avgrsstarter - (no file)
AddRemove-FBX Plugin 2009.0 for Max 2009 - c:\program files\Autodesk\FBX\FbxPlugins\2009.0\Max2009\Uninstall.exe
AddRemove-Maxwell - c:\program files\Next Limit\Maxwell\uninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 21:13
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
wmupdater = "c:\program files\updater.exe" -update??wmupdater???????if \(M
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-05-11 21:16:02
ComboFix-quarantined-files.txt 2011-05-11 20:15
ComboFix2.txt 2010-06-17 06:28
.
Pre-Run: 40,432,758,784 bytes free
Post-Run: 40,403,415,040 bytes free
.
Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - FE684D269F4874FAE6839587B05CA213

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:52 PM

Posted 11 May 2011 - 04:06 PM

Hi!

Please let me know how things are running in your next reply.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic395299.html/page__view__findpost__p__2243610
Suspect::[102]
c:\program files\updater.exe

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Red2Black88

Red2Black88
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 11 May 2011 - 05:57 PM

ok - I have still been hearing the occassional strange noise in the background - like a chat opening or something - but there is nothing visual on screen...

I ran combo fix just as you said. All antivirus turned off and exited.

I got the same 2 pop ups as before.

"The master boot record is infected" and the next one "Combofix has detected the presence of rootkit activity and needs to reboot the machine"

Then said "The process cannot access the file because its being used by another process"
Re. The process cannot access the file because it is being used by another process


It backed up the registry and then rebooted.
On restart - Combofix loaded again and did it's scan. I also ran MalwareBytes according to your instructions and it finished saying:

"No malicious items found"

I will now run the next process but here are the logs:

ComboFix 11-05-11.01 - soltechWeb 11/05/2011 23:21:36.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1918.1468 [GMT 1:00]
Running from: c:\documents and settings\soltechWeb\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\soltechWeb\Desktop\CFScript.txt
.
file zipped: c:\program files\updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Temp\tmp3.tmp
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-11 18:16 . 2011-05-11 18:16 -------- d-----w- C:\_OTL
2011-05-09 01:57 . 2011-05-09 01:57 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2011-05-09 01:57 . 2011-05-09 01:57 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Apple Computer
2011-05-08 08:35 . 2011-05-08 08:35 -------- d-----w- C:\found.001
2011-05-07 17:11 . 2011-05-07 17:11 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Identities
2011-05-05 21:57 . 2011-05-05 21:57 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Yahoo!
2011-05-05 21:53 . 2011-05-07 14:08 -------- d-----w- c:\documents and settings\soltechWeb\.linkassistant
2011-05-02 19:46 . 2011-05-02 19:46 -------- d-----w- c:\documents and settings\soltechWeb\Application Data\Malwarebytes
2011-05-02 19:43 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-02 19:43 . 2011-05-02 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-02 19:43 . 2011-05-02 23:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-02 19:43 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 16:17 . 2011-05-01 16:18 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Temp
2011-04-30 18:45 . 2011-04-30 18:45 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Yahoo
2011-04-30 18:45 . 2011-04-30 18:50 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\HPAppData
2011-04-30 18:43 . 2011-04-26 17:40 153600 ----a-w- c:\program files\updater.exe
2011-04-29 00:43 . 2011-04-29 00:44 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-04-28 19:57 . 2011-04-28 20:05 -------- d-----w- c:\documents and settings\soltechWeb\Application Data\Thunderbird
2011-04-28 19:57 . 2011-04-28 19:57 -------- d-----w- c:\documents and settings\soltechWeb\Local Settings\Application Data\Thunderbird
2011-04-28 19:56 . 2011-04-28 19:57 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-11_20.13.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-11 22:17 . 2011-05-11 22:17 16384 c:\windows\temp\Perflib_Perfdata_6e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-05-22 2356088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-02 2423752]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Mikogo"="c:\documents and settings\soltechWeb\Application Data\Mikogo\Mikogo-Host.exe" [2010-08-16 2748416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-22 16841216]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-05-07 380928]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"wmupdater"="c:\program files\updater.exe" [2011-04-26 153600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\soltechWeb\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-3-1 576000]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
ProjectWhois.lnk - c:\program files\Domain Tools\ProjectWhois\ProjectWhois.exe [2006-11-21 147456]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [16/03/2010 10:52 55016]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [26/12/2007 03:20 264576]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S1 SDManager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]
S2 gupdate1ca1080423c5599;Google Update Service (gupdate1ca1080423c5599);c:\program files\Google\Update\GoogleUpdate.exe [29/07/2009 20:10 133104]
S2 IPClampService;IPCLAMP by cebas Computer GmbH;c:\progra~1\cebas\ip-clamp\ipclamp.exe [25/01/2009 07:31 45188]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
S3 B-Service;B-Service;c:\documents and settings\soltechWeb\Application Data\Mikogo\B-Service.exe [14/11/2010 15:27 185640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/07/2009 20:10 133104]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 01:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10/07/2008 02:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11/07/2008 01:28 369688]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 19:10]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 19:10]
.
2011-05-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-05-08 c:\windows\Tasks\Norton Security Scan for soltechWeb.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-26 10:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://uk.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.webceo.com/cgi-bin/goto.pl?unin&user=&cr=FFFFFFFF&revision=0
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: google.co.uk\adwords
Trusted Zone: google.com\www
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\soltechWeb\Application Data\Mozilla\Firefox\Profiles\igi54jh4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc721db&v=6.103.018.001&i=29&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Duplicate Content: duplicatecontent@seobook.com - %profile%\extensions\duplicatecontent@seobook.com
FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com
FF - Ext: SEO For Firefox: seo4firefox@seobook.com - %profile%\extensions\seo4firefox@seobook.com
FF - Ext: Website Health Check Tool: websitehealth@seobook.com - %profile%\extensions\websitehealth@seobook.com
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: SeoQuake Plugin - Yandex.ru: seoquake-plugin-yandex@seoquake.com - %profile%\extensions\seoquake-plugin-yandex@seoquake.com
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Pixel Perfect: pixelperfectplugin@openhouseconcepts.com - %profile%\extensions\pixelperfectplugin@openhouseconcepts.com
FF - Ext: Ad Hacker: firefox@adhacker.com - %profile%\extensions\firefox@adhacker.com
FF - Ext: LinkDiagnosis 2.2: beta@linkdiagnosis.com - %profile%\extensions\beta@linkdiagnosis.com
FF - Ext: Mozbar: toolbar@seomoz.org - %profile%\extensions\toolbar@seomoz.org
FF - Ext: HttpFox: {4093c4de-454a-4329-8aff-c6b0b123c386} - %profile%\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Page Speed Closure Compiler Extension: {70a9aa80-d283-4eae-8a87-ee7b769edf53} - %profile%\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: YSlow: yslow@yahoo-inc.com - %profile%\extensions\yslow@yahoo-inc.com
FF - Ext: Firecookie: firecookie@janodvarko.cz - %profile%\extensions\firecookie@janodvarko.cz
FF - Ext: FirePHP: FirePHPExtension-Build@firephp.org - %profile%\extensions\FirePHPExtension-Build@firephp.org
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: Rapportive: rapportive@rapportive.com - %profile%\extensions\rapportive@rapportive.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Domain Lookup: domainlookup@qualitynonsense.com - %profile%\extensions\domainlookup@qualitynonsense.com
FF - Ext: Multi Links: multilinks@plugin - %profile%\extensions\multilinks@plugin
FF - Ext: Boomerang for GMail: {65e41d20-f092-41b7-bb83-c6e8a9ab0f57} - %profile%\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
FF - Ext: Gmail Manager: {582195F5-92E7-40a0-A127-DB71295901D7} - %profile%\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
FF - Ext: BlekkoToolbar: BlekkoToolbar@blekko.com - %profile%\extensions\BlekkoToolbar@blekko.com
FF - Ext: KGen: kgen@elitwork.com - %profile%\extensions\kgen@elitwork.com
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: XPather: {636fd8b0-ce2b-4e00-b812-2afbe77ee899} - %profile%\extensions\{636fd8b0-ce2b-4e00-b812-2afbe77ee899}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 23:35
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
wmupdater = "c:\program files\updater.exe" -update??wmupdater???????if \(M
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-05-11 23:37:24
ComboFix-quarantined-files.txt 2011-05-11 22:37
ComboFix2.txt 2011-05-11 20:16
ComboFix4.txt 2010-06-17 06:28
.
Pre-Run: 40,414,117,888 bytes free
Post-Run: 40,385,310,720 bytes free
.
Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 1F9776B566B3B0A11A96A955B1055C4C
Upload was successful




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6557

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11/05/2011 23:47
mbam-log-2011-05-11 (23-47-27).txt

Scan type: Quick scan
Objects scanned: 231072
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:52 PM

Posted 11 May 2011 - 06:44 PM

Can you also run a new scan with TDSSKiller and post the log it produces? Be sure to reboot after it's run. I'm thinking we may need to fix this issue old school (fixing MBR in the Recovery Console). But I'd like to see if it's removed by TDSSKiller again.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Red2Black88

Red2Black88
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 12 May 2011 - 01:51 AM

ESETScan:

ram Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
C:\Qoobox\Quarantine\C\WINDOWS\asofusizebazobif.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\CbaHPXyb.ini.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\CbaHPXyb.ini2.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\KnmSstwa.ini.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\KnmSstwa.ini2.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\SsDNmUtv.ini.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\SsDNmUtv.ini2.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\tCbbayxx.ini.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\tCbbayxx.ini2.vir
C:\_OTL\MovedFiles\05112011_191654\C_WINDOWS\system32\cmmon32C.dll




-------------------------------------------------------------------------------------------------------------------------


Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Adobe After Effects CS3 Presets
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 20
Java™ 6 Update 3
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.15) Firefox Out of Date!
Mozilla Thunderbird (3.1.10) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#15 Red2Black88

Red2Black88
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 12 May 2011 - 02:12 AM

A TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
52:55.0 ================================================================================
52:55.0 SystemInfo:
52:55.0
52:55.0 OS Version: 5.1.2600 ServicePack: 2.0
52:55.0 Product type: Workstation
52:55.0 ComputerName: P4-D6BAA28DAAD0
52:55.0 UserName: soltechWeb
52:55.0 Windows directory: C:\WINDOWS
52:55.0 System windows directory: C:\WINDOWS
52:55.0 Processor architecture: Intel x86
52:55.0 Number of processors: 2
52:55.0 Page size: 0x1000
52:55.0 Boot type: Normal boot
52:55.0 ================================================================================
52:55.1 Initialize success
53:00.0 ================================================================================
53:00.0 Scan started
53:00.0 Mode: Manual;
53:00.0 ================================================================================
53:01.1 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
53:02.0 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
53:02.0 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
53:02.0 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
53:02.0 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
53:02.0 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
53:02.1 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
53:02.1 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
53:02.1 ati2mtag (3b88b6466896cc1a3a7e3287d72aca85) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
53:02.1 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
53:02.1 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
53:02.1 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
53:03.0 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
53:03.0 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
53:03.0 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
53:03.0 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
53:03.0 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
53:03.0 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
53:03.1 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
53:03.1 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
53:03.1 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
53:03.1 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
53:03.1 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
53:03.1 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
53:03.1 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
53:04.0 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
53:04.0 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
53:04.0 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
53:04.0 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
53:04.0 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
53:04.0 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
53:04.0 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
53:04.0 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
53:04.0 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
53:04.0 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
53:04.1 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
53:04.1 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
53:04.1 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
53:04.1 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
53:04.1 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
53:05.0 IntcAzAudAddService (8c65fcf7ab3389e7c224ea2ec4456f2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
53:05.0 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
53:05.0 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
53:05.0 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
53:05.0 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
53:05.1 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
53:05.1 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
53:05.1 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
53:05.1 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
53:05.1 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
53:05.1 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
53:05.1 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
53:06.0 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
53:06.0 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
53:06.0 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
53:06.0 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
53:06.0 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
53:06.0 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
53:06.0 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
53:06.0 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
53:06.0 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
53:06.1 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
53:06.1 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
53:06.1 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
53:06.1 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
53:06.1 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
53:06.1 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
53:06.1 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
53:06.1 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
53:06.1 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
53:06.1 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
53:06.1 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
53:07.0 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
53:07.0 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
53:07.0 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
53:07.0 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
53:07.0 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
53:07.0 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
53:07.0 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
53:07.0 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
53:07.1 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
53:07.1 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
53:07.1 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
53:07.1 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
53:07.1 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
53:07.1 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
53:07.1 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
53:08.0 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
53:08.0 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
53:08.0 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
53:08.0 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
53:08.0 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
53:08.0 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
53:08.0 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
53:08.0 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
53:08.0 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
53:08.0 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
53:08.1 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
53:08.1 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
53:08.1 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
53:08.1 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
53:08.1 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
53:08.1 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
53:08.1 RTL8187B (fe999b16e967c84790be6dc1b4e78f2d) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
53:09.0 RTLE8023xp (badabe0940c01619e8510b90fb314929) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
53:09.0 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
53:09.0 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
53:09.0 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
53:09.0 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
53:09.0 s116nd5 (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys
53:09.0 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
53:09.0 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys
53:09.1 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
53:09.1 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
53:09.1 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
53:09.1 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
53:09.1 Sentinel (b3c1b187fefc941f63ce0df93d02eb9f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
53:09.1 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
53:10.0 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
53:10.0 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
53:10.0 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
53:10.0 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
53:10.0 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
53:10.0 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
53:10.0 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
53:10.0 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
53:10.1 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
53:10.1 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys
53:10.1 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
53:10.1 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
53:10.1 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
53:10.1 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
53:11.0 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
53:11.0 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
53:11.0 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
53:11.0 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
53:11.0 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
53:11.0 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
53:11.0 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
53:11.0 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
53:11.1 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
53:11.1 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
53:11.1 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
53:11.1 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
53:11.1 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
53:12.0 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
53:12.0 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
53:12.0 ================================================================================
53:12.0 Scan finished
53:12.0 ================================================================================
53:12.0 Detected object count: 1
53:46.1 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
53:46.1 \HardDisk0 - ok
53:46.1 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
53:57.0 Deinitialize success




I ran TDSS Killer - it found Malicious Objects

Rootkit.Win32.TDSS.kdl4


I selected cure and the system rebooted.
On reboot I got a popup stating

"NMIndexStoreSvr.exe has encountered a problem and needs to close"

I get the impression that it's a nasty one, hey?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users