Cincheetah
-
Content Count
2 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Cincheetah
-
-
Hi -
My issue started with Windows Antivirus 2010 installing itself. I removed the program. The other thing I noticed is whenver I use a search engine
I'm getting redirected on anything I click on - I do get pop up windows out of nowhere and it won't let me post to your site- lastly, windows update can't connect. User mode, start windows normally, user Cin.
For purposes of malware scanning - these logs were created in safe mode with networking/admin.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4717
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13
9/29/2010 6:23:14 PM
mbam-log-2010-09-29 (18-23-14).txt
Scan type: Quick scan
Objects scanned: 171280
Time elapsed: 11 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
################################
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 3, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[sharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 7.0.5730.13
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:228 Go - Free:113 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Removable]
.
Scan : 19:36.02
Path : C:\Documents and Settings\Administrator\Desktop\Rooter.exe
User : Administrator ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [system Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (952)
______ \??\C:\WINDOWS\system32\csrss.exe (1000)
______ \??\C:\WINDOWS\system32\winlogon.exe (1024)
______ C:\WINDOWS\system32\services.exe (1072)
______ C:\WINDOWS\system32\lsass.exe (1084)
______ C:\WINDOWS\system32\svchost.exe (1256)
______ C:\WINDOWS\system32\svchost.exe (1328)
______ C:\WINDOWS\system32\svchost.exe (1552)
______ C:\WINDOWS\system32\svchost.exe (1624)
______ C:\WINDOWS\Explorer.EXE (544)
______ C:\WINDOWS\system32\ctfmon.exe (984)
______ C:\Program Files\Internet Explorer\iexplore.exe (664)
______ C:\Program Files\Internet Explorer\iexplore.exe (1660)
______ C:\Documents and Settings\Administrator\Desktop\Rooter.exe (820)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:57544704)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:57576960 | Length:244948838400)
\Device\Harddisk0\Partition3 (Start_Offset:245006415360 | Length:4984519680)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3178570343-2686982665-4255511254-1006.job
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3178570343-2686982665-4255511254-1006.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\User_Feed_Synchronization-{9126A126-9FBD-4754-B7F4-B9FC53C8E989}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 19:36.03
.
C:\Rooter$\Rooter_1.txt - (29/09/2010 | 19:36.03)
###############################################################
LockSearch by jpshortstuff (05.11.09.1)
Log created at 19:37 on 29/09/2010 (Administrator)
Scanning C:\
C:\pagefile.sys
-------------------------
-=E.O.F=-
##############################################
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\cin\my documents\cincheetah.com\crackmfc.html
c:\documents and settings\cin\my documents\cincheetah.com\crackmfc.ram
c:\documents and settings\cin\my documents\cincheetah.com\web\crackmfc.rm
c:\documents and settings\cin\my documents\cincheetah.com\web1\crackmfc.rm
c:\documents and settings\cin\my documents\line 6\tones\guitarport\preset\bass\graham cracker bass.gpt
c:\documents and settings\cin\my documents\my music\itunes\itunes music\melissa ferrick\valentine heartache\04 crack the mirror 1.m4a
c:\documents and settings\cin\my documents\my music\itunes\itunes music\melissa ferrick\valentine heartache\04 crack the mirror.m4a
c:\program files\jasc software inc\paint shop pro studio\bump maps\cracked desert.pspimage
c:\program files\jasc software inc\paint shop pro studio\patterns\cracked paint.pspimage
c:\program files\line6\guitarport\data\factory\preset\bass\graham cracker bass.gpt
scanner sequence 3.CG.11
----- EOF -----
##########################################################################
Windows Validation Check
Version: 1.8.8.3
Log Created On: 1943_29-09-2010
-----------------------
Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Safe Mode with Networking
WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last success time for Automatic Updates for 'Detect', 'Download' and 'Install' could not be found.
WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------
WVCheck's File Dump
-----------------------
WVCheck found no known bad files.
WVCheck's Dir Dump
-----------------------
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
Size: 0 bytes
Matched: *Genuine?Advantage*
-----------------------
C:\Old Data\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage
Size: 0 bytes
Matched: *Genuine?Advantage*
-----------------------
WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.
WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.
WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.
WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b26b135ff1b9f60c9388b4a7d16f600b
-------- End of File, program close at 1946_29-09-2010 --------
######################################################
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-30 05:41:54
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwloqkob.sys
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D3000A
.text C:\WINDOWS\Explorer.EXE[544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D4000A
.text C:\WINDOWS\Explorer.EXE[544] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D2000C
.text C:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0111000A
.text C:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FE000C
.text C:\WINDOWS\system32\svchost.exe[1552] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00D3000A
.text C:\WINDOWS\system32\svchost.exe[1552] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0112000A
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{0588C38B-B085-80CE-5708-161854F73ED1}\InprocServer32@ C:\Program Files\Windows Media Components\Encoder\wmex.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{0588C38B-B085-80CE-5708-161854F73ED1}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\WINDOWS\system32\sysmon.ocx
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ C:\WINDOWS\system32\msvidctl.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\ProgID@ BDATuner.ChannelTuneRequest.1
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\TypeLib@ {9B085638-018E-11D3-9D8E-00C04F72D980}
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\VersionIndependentProgID@ BDATuner.ChannelTuneRequest
---- EOF - GMER 1.0.15 ----
############################################################
OTL logfile created on: 9/30/2010 5:59:14 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 5373 7373 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 113.08 Gb Free Space | 49.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CINCHEETAH
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc)
SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (dlbu_device) -- C:\WINDOWS\System32\dlbucoms.exe ( )
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (IAANTMon) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
========== Driver Services (SafeList) ==========
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not found
DRV - (BVRPMPR5) -- D:\INSTAL~E\Core\BVRPMPR5.SYS File not found
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (AMP) -- C:\WINDOWS\system32\drivers\amp.sys (Authentium, Inc)
DRV - (AMPSE) -- C:\WINDOWS\system32\drivers\ampse.sys (Authentium, Inc)
DRV - (McPvDrv) -- C:\WINDOWS\System32\drivers\McPvDrv.sys (McAfee)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (dvd43llh) -- C:\WINDOWS\system32\drivers\dvd43llh.sys (RIF)
DRV - (APLMp50) -- C:\WINDOWS\system32\drivers\APLMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (winusb) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (GPWADrv) Service for L6 GuitarPort Driver (WDM) -- C:\WINDOWS\system32\drivers\GPWADrv.sys (Line 6)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\Pfmodnt.sys (Creative Technology Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ADSEXPB) -- C:\WINDOWS\system32\drivers\adsexpb.sys (Cirrus Logic Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)
DRV - (L6DP) -- C:\WINDOWS\system32\drivers\l6dp.sys (Line 6)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/09/30 05:51:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/30 12:13:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/18 17:20:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/18 09:16:34 | 000,000,000 | ---D | M]
[2010/08/12 17:18:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/02 05:08:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2010/09/18 17:06:48 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2010/09/29 19:32:54 | 000,420,575 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14506 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Freecorder 3 Toolbar) - {c5d332f5-f6c8-4845-bd6c-937838ba907f} - C:\Program Files\Freecorder_3\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Freecorder 3 Toolbar) - {c5d332f5-f6c8-4845-bd6c-937838ba907f} - C:\Program Files\Freecorder_3\tbFre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell Photo AIO Printer 942] C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
O4 - HKLM..\Run: [DellMCM] C:\Program Files\Dell Photo AIO Printer 942\memcard.exe ()
O4 - HKLM..\Run: [DLBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.DLL ()
O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe (SanDisk)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146389966755 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Handler\bw+0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\offline-8876480 {99073E4F-F326-49C0-8A21-641556F5B9AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 17:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\Program Files\Replay AV 8\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== Files/Folders - Created Within 30 Days ==========
[2010/09/29 19:36:03 | 000,000,000 | ---D | C] -- C:\Rooter$
[2010/09/29 18:44:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/29 18:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/29 18:18:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/29 18:16:03 | 000,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe
[2010/09/29 18:14:59 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/09/29 18:14:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2010/09/29 18:07:03 | 009,458,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/09/29 18:06:22 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010/09/29 17:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/09/29 17:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/09/29 17:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/09/29 16:58:18 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/09/29 16:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2010/09/28 20:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/09/28 20:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/09/28 19:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/28 19:30:13 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/09/28 19:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/09/28 18:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\vmm32
[2010/09/28 18:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/27 17:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/27 17:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/09/22 18:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/09/18 18:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/09/18 18:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Authentium
[2010/09/18 18:16:35 | 000,118,784 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\iavlsp.dll
[2010/09/18 18:16:18 | 000,094,384 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/09/18 18:16:15 | 000,009,341 | ---- | C] (iolo technologies, LLC (based on original work by Bo Brantén)) -- C:\WINDOWS\System32\drivers\filedisk.sys
[2010/09/18 18:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2010/09/18 18:13:03 | 000,000,000 | ---D | C] -- C:\iolo
[2010/09/18 18:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/18 17:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/09/18 13:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/09/18 13:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/09/18 08:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/18 08:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(2)
[2010/09/18 08:15:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/09/16 18:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/16 18:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/16 18:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/09/08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/09/08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2007/08/18 09:14:23 | 000,411,248 | ---- | C] (Applian Technologies Inc.) -- C:\Program Files\FLV PlayerRCSetup.exe
[2007/01/30 09:47:52 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbupmui.dll
[2007/01/30 09:46:00 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuserv.dll
[2007/01/30 09:38:18 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbucomm.dll
[2007/01/30 09:36:30 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbulmpm.dll
[2007/01/30 09:36:30 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbulmpm(3).dll
[2007/01/30 09:36:30 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbulmpm(2).dll
[2007/01/30 09:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuiesc.dll
[2007/01/30 09:32:06 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbupplc.dll
[2007/01/30 09:31:08 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbucomc.dll
[2007/01/30 09:30:30 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuprox.dll
[2007/01/30 09:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuinpa.dll
[2007/01/30 09:21:46 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuusb1.dll
[2007/01/30 09:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuhbn3.dll
[2005/09/08 07:30:10 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2002/09/27 10:40:58 | 000,069,632 | ---- | C] (Smith Micro Software, Inc.) -- C:\Program Files\Start.exe
[8 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/09/30 05:55:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/30 05:55:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/30 05:54:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/30 05:47:13 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9126A126-9FBD-4754-B7F4-B9FC53C8E989}.job
[2010/09/30 05:45:43 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/09/30 05:44:53 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3178570343-2686982665-4255511254-1006.job
[2010/09/30 04:35:17 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/29 19:50:15 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/09/29 19:49:55 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WinZip.lnk
[2010/09/29 19:48:38 | 000,001,221 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/29 19:32:54 | 000,420,575 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/29 18:50:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/29 18:42:59 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/09/29 18:42:59 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/09/29 18:18:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/29 18:18:07 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/09/29 18:17:30 | 003,514,115 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WVCheck.exe
[2010/09/29 18:16:57 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CKScanner.exe
[2010/09/29 18:16:27 | 000,032,653 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LockSearch.exe
[2010/09/29 18:16:03 | 000,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe
[2010/09/29 18:15:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/09/29 18:14:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2010/09/29 18:07:13 | 009,458,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/09/29 18:06:22 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010/09/28 20:07:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/28 20:01:51 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/09/27 18:35:54 | 000,419,407 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100929-193254.backup
[2010/09/23 18:34:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/23 18:34:42 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2010/09/22 18:04:28 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2010/09/21 09:08:23 | 000,524,634 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/21 09:08:23 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/21 09:08:23 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/19 12:14:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3178570343-2686982665-4255511254-1006.job
[2010/09/18 18:25:15 | 000,000,406 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/09/18 18:13:46 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2010/09/18 18:00:15 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/18 09:12:50 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/09/08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[8 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/29 19:49:55 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WinZip.lnk
[2010/09/29 18:42:59 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/09/29 18:42:59 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/09/29 18:18:04 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/09/29 18:17:28 | 003,514,115 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WVCheck.exe
[2010/09/29 18:16:55 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CKScanner.exe
[2010/09/29 18:16:27 | 000,032,653 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LockSearch.exe
[2010/09/28 20:01:51 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/09/28 19:30:13 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/09/28 19:30:13 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2010/09/28 19:30:13 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/09/28 19:30:13 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/09/22 18:04:28 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2010/09/18 18:25:15 | 000,000,406 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/09/18 18:16:18 | 002,319,536 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/09/18 18:16:13 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2010/09/18 18:16:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2010/09/18 18:13:46 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/09/18 09:12:50 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/07 07:08:25 | 000,109,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/16 07:04:50 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2008/08/27 17:11:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2008/05/01 19:54:04 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2008/05/01 19:54:04 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2007/11/23 17:18:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Screen Saver
[2007/11/23 17:18:17 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2007/09/16 11:15:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2007/08/18 09:18:09 | 002,293,712 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2007/08/18 09:16:03 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/08/18 09:15:36 | 003,655,608 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe
[2007/07/16 12:58:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 12:58:00 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/09 03:12:32 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/06 05:14:48 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/03/06 05:14:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/02/19 02:32:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsr.dll
[2007/02/19 02:32:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2007/02/19 02:32:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2007/02/19 02:29:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsb.dll
[2007/02/19 02:29:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlbucub.dll
[2007/02/19 02:29:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2007/02/19 02:29:10 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlbuins.dll
[2007/02/19 02:28:10 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2007/01/22 02:19:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucfg.dll
[2006/08/05 08:45:23 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2006/05/30 14:50:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2006/05/05 18:49:45 | 000,002,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/15 12:54:34 | 000,005,482 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/11/27 13:31:47 | 000,000,205 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/09/14 11:24:44 | 000,000,716 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/09/08 08:06:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/08 07:56:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/08 07:54:47 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/09/08 07:54:38 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/09/08 07:54:38 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/09/08 07:54:33 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/09/08 07:30:12 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/09/08 07:30:12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/09/08 07:29:26 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/22 13:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 17:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 17:16:24 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2004/08/19 17:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/12/03 15:31:20 | 000,001,005 | ---- | C] () -- C:\Program Files\SMDesk.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/12 12:53:04 | 000,000,052 | ---- | C] () -- C:\Program Files\AUTORUN.INF
[2000/04/11 20:44:56 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2004/08/19 17:07:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/23 18:34:42 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2007/09/27 06:44:58 | 031,686,704 | ---- | M] () -- C:\buffer.wav
[2004/08/19 17:07:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/09/08 07:36:54 | 000,006,281 | RH-- | M] () -- C:\dell.sdr
[2010/07/09 14:04:10 | 000,000,522 | ---- | M] () -- C:\dlbu.log
[2010/04/17 15:23:41 | 000,006,434 | ---- | M] () -- C:\EyeCandyLog.txt
[2005/09/13 17:09:46 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/19 17:07:14 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/08/27 16:44:50 | 000,000,065 | ---- | M] () -- C:\jetscan.log
[2007/09/16 10:23:44 | 000,000,151 | ---- | M] () -- C:\liprefs.js
[2010/01/17 14:18:12 | 000,000,476 | ---- | M] () -- C:\LOG10F.log
[2008/11/26 15:43:14 | 000,000,476 | ---- | M] () -- C:\LOG24.log
[2008/11/29 08:17:30 | 000,000,476 | ---- | M] () -- C:\LOG5AC.log
[2010/01/25 07:51:19 | 000,000,476 | ---- | M] () -- C:\LOG966.log
[2007/08/20 18:21:10 | 000,002,082 | ---- | M] () -- C:\mmjb.DDF
[2004/08/19 17:07:14 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2009/07/11 18:53:54 | 000,000,571 | ---- | M] () -- C:\NTDClient.log
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/02 16:39:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/30 05:55:19 | 4293,918,720 | -HS- | M] () -- C:\pagefile.sys
[2007/09/03 12:21:46 | 000,000,184 | ---- | M] () -- C:\preview.avi_index
[2005/09/08 08:01:20 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2010/07/05 12:19:27 | 000,030,067 | ---- | M] () -- C:\winzip.log
[2010/01/16 10:20:20 | 000,004,794 | ---- | M] () -- C:\_AUDIT.LOG
[2007/01/06 10:38:47 | 000,001,269 | ---- | M] () -- C:\_DICOM.LOG
< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2004/08/19 17:06:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/07/31 01:00:00 | 000,022,528 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD7W.DLL
[2006/07/31 01:00:00 | 000,065,024 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP7W.DLL
[2007/01/30 04:53:40 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlbuPP5C(2).DLL
[2007/01/30 04:53:40 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlbuPP5C(3).DLL
[2007/01/30 04:53:40 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlbuPP5C.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
[2007/08/11 08:09:11 | 000,045,811 | ---- | M] () -- C:\WINDOWS\system32\awakening.jpg
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2002/08/12 12:53:04 | 000,000,052 | ---- | M] () -- C:\Program Files\AUTORUN.INF
[2007/08/18 09:18:13 | 002,293,712 | ---- | M] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2007/08/18 09:15:42 | 003,655,608 | ---- | M] () -- C:\Program Files\FLV PlayerRCATSetup.exe
[2007/08/18 09:14:24 | 000,411,248 | ---- | M] (Applian Technologies Inc.) -- C:\Program Files\FLV PlayerRCSetup.exe
[2003/12/03 15:31:20 | 000,001,005 | ---- | M] () -- C:\Program Files\SMDesk.ini
[2002/09/27 10:40:58 | 000,069,632 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Start.exe
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2004/08/19 16:56:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/19 16:56:28 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/19 16:56:28 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/02 16:45:43 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/08/19 17:14:12 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/19 17:14:12 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2010/09/29 18:06:22 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010/09/29 18:16:57 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CKScanner.exe
[2010/09/29 18:14:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2010/09/29 18:16:27 | 000,032,653 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LockSearch.exe
[2010/09/29 18:18:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/29 18:16:03 | 000,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe
[2010/09/29 18:07:13 | 009,458,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010/09/29 18:15:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/09/29 18:17:30 | 003,514,115 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WVCheck.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2004/08/10 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2004/08/19 17:14:12 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/30 05:58:12 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.exe >
[2008/04/13 20:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
[1999/09/10 08:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\wowpost.exe
< %USERPROFILE%\Templates\*.tmp >
< %SYSTEMDRIVE%\explorexxx.exe\*.* >
< %Windir%\Installer\*.tmp >
< %systemroot%\System32\*.xco >
< %ProgramFiles%\system32\*.* >
< %systemroot%\System32\windos\*.* >
< %SystemRoot%\system32\sandbox\*.* >
< %SystemRoot%\system32\*.amo >
< %SystemRoot%\system32\Windows Live\*.* >
< %ProgramFiles%\logs\*.* >
< %ProgramFiles%\Bifrost\*.* >
< %SystemRoot%\system32\*.goo >
< %systemroot%\system32\IME\*.* >
< %systemroot%\BackUp\*.* >
< %systemroot%\system32\*.ico >
< %systemroot%\system\*.dat >
< %systemroot%\system\*.exe >
[1999/09/10 08:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\wowpost.exe
< %AppData%\Macromedia\Common\*.* >
< %SYSTEMDRIVE%\dir\*.* /s >
< %systemroot%\system32\ras\*.exe >
< %SYSTEMDRIVE%\MFILES\*.* >
< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >
< %systemroot%\system32\services\*.* >
< %systemroot%\Spooler\*.* >
< %ProgramFiles%\system32\*.* >
< %systemroot%\system32\Setup\*.dll /x >
< %systemroot%\system32\*.mine >
< %SYSTEMDRIVE%\cleansweep.exe\*.* >
< %systemroot%\system32\ras\*.dll >
< %systemroot%\system32\ras\*.drv >
< %systemroot%\*.iq >
< %systemroot%\system32\XP\*.* >
< %SYSTEMDRIVE%\Extracted\*.* >
< %systemroot%\system32\windows\*.* >
< %systemroot%\logs\*.* >
< %SYSTEMDRIVE%\Win.Msi\*.* >
< %systemroot%\regedit\*.* >
< %systemroot%\system32\skype\*.* >
< %AppData%\Adobe\dlluplwin25\*.* >
< %UserProfile%\*.dat >
[2010/09/29 19:50:15 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
< %UserProfile%\*.dll >
< %systemroot%\system32\*.sxo >
< %SYSTEMDRIVE%\Gazma\*.* /s >
< %systemroot%\system32\spynet\*.* >
< %systemroot%\system32\System\*.* >
< %appdata%\Microsoft\Windows\*.* >
< %systemroot%\system32\WinDir\*.* >
< %systemroot%\_\*.* >
< %systemroot%\system32\windows32\*.* >
< %ProgramFiles%\win\*.* >
< %AppData%\Microsoft\CD Burning\*.* >
< %systemroot%\*.cab >
< %systemroot%\K.Backup\*.* >
< %ProgramFiles%\Massenger\*.* >
< %systemroot%\System32\*.doc >
< %systemroot%\Office12\*.* >
< %systemroot%\System32\Rundl32.exe\*.* >
< %ProgramFiles%\yahoo.net\*.* >
< %systemroot%\system32\*.igo >
< %systemroot%\*.rew >
< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2006/07/31 01:00:00 | 000,006,144 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSE7W.EXE
[2007/02/28 18:38:20 | 000,214,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbujswx.exe
[2007/02/28 18:38:24 | 000,189,936 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbupswx.exe
[2007/02/28 18:38:26 | 000,062,960 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbuserv.exe
[2007/02/28 18:38:28 | 000,058,864 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbutime.exe
[2007/02/28 18:38:30 | 000,058,864 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbuupld.exe
[2007/02/28 18:38:32 | 000,058,864 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbuview.exe
< %USERPROFILE%\.COMMgr\*.* >
< %USERPROFILE%\Desktop\*.bat >
< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >
[2010/05/30 12:13:34 | 000,043,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Annabelle.rpv
[2010/05/30 12:13:34 | 000,080,384 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\CosmicBelt.rpv
[2010/05/30 12:13:34 | 000,007,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Fire.rpv
[2010/05/30 12:13:34 | 000,007,680 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\FreqBands.rpv
[2010/05/30 12:13:35 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\Nebula.rpv
< %PROGRAMFILES%\Internet Explorer\*.Jmp >
< %PROGRAMFILES%\Windows NT\system\*.dll >
< %systemroot%\system32\*.ext >
< %systemroot%\system32\Com\*.cfg >
< %systemroot%\system32\btz\*.* >
< %systemroot%\system32\EMP\*.* >
< %systemroot%\system32\expo\*.* >
< %systemroot%\system32\inet2\*.* >
< %systemroot%\system32\xrem\*.* >
< %ProgramFiles%\Microsoft\*.* >
< %systemroot%\usgwmt\*.* >
< %ProgramFiles%\B\*.* >
< %SYSTEMDRIVE%\lspp\*.* >
< %systemroot%\Kral\*.* >
< %SYSTEMDRIVE%\windowsdvd.exe\*.* >
< %systemroot%\system32\*.ipo >
< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >
< %systemroot%\system32\*.mof >
< %systemroot%\*.atm >
< %systemroot%\system32\svhost\*.* >
< %ProgramFiles%\system32\*.* >
< %ProgramFiles%\Docmentt\*.* >
< %systemroot%\Help\*.vbs >
< %ProgramFiles%\Windows WinSxs\*.* /s >
< %ProgramFiles%\Outlook Express\IDT\*.* /s >
< %ProgramFiles%\Microsoft Office\365\*.* /s >
< %ProgramFiles%\Windows Live\*.* >
< %systemroot%\system32\win32\*.* >
< %SYSTEMDRIVE%\RECYCLER\*.* >
< %systemroot%\Fresh1\*.* >
< %ProgramFiles%\Kekj\*.* /s >
< %systemroot%\GDU\*.* >
< %systemroot%\KA\*.* >
< %systemroot%\R\*.* >
< %systemroot%\system32\*.fyo >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
#########################################################
OTL Extras logfile created on: 9/30/2010 5:59:14 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 5373 7373 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 113.08 Gb Free Space | 49.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CINCHEETAH
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"62515:UDP" = 62515:UDP:*:Enabled:Cisco VPN Serivice
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Old Data\Program Files\Macromedia\Flash MX\Flash.exe" = C:\Old Data\Program Files\Macromedia\Flash MX\Flash.exe:*:Enabled:Flash 6.0 r25 -- (Macromedia, Inc.)
"C:\Old Data\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Old Data\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX -- (Macromedia, Inc.)
"C:\Old Data\Program Files\WS_FTP\WS_FTP95.exe" = C:\Old Data\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 10 Maguire Road. Lexington, MA 02421)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Old Data\Program Files\Macromedia\Fireworks MX\Fireworks.exe" = C:\Old Data\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX -- (Macromedia Inc.)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Parallels\Parallels Transporter\ParallelsTransporter.exe" = C:\Program Files\Parallels\Parallels Transporter\ParallelsTransporter.exe:*:Enabled:Parallels Transporter -- File not found
"C:\Program Files\Parallels\Parallels Transporter Agent\ParallelsTransporterAgent.exe" = C:\Program Files\Parallels\Parallels Transporter Agent\ParallelsTransporterAgent.exe:*:Enabled:Parallels Transporter Agent -- File not found
"C:\WINDOWS\system32\dlbucoms.exe" = C:\WINDOWS\system32\dlbucoms.exe:*:Enabled:Photo AIO Printer 942 Server -- ( )
"C:\Program Files\Parallels\Parallels Transporter\Parallels Transporter\ParallelsTransporter.exe" = C:\Program Files\Parallels\Parallels Transporter\Parallels Transporter\ParallelsTransporter.exe:*:Enabled:ParallelsTransporter -- ()
"C:\Program Files\Parallels\Parallels Transporter\Parallels Transporter Agent\ParallelsTransporterAgent.exe" = C:\Program Files\Parallels\Parallels Transporter\Parallels Transporter Agent\ParallelsTransporterAgent.exe:*:Enabled:ParallelsTransporterAgent -- ()
"C:\Program Files\Verizon\FiOS\ihs\web100clt.exe" = C:\Program Files\Verizon\FiOS\ihs\web100clt.exe:*:Disabled:web100clt -- File not found
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Replay AV 8\Replay Player\Replay Player.exe" = C:\Program Files\Replay AV 8\Replay Player\Replay Player.exe:*:Enabled:Replay Player -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:realplay -- (RealNetworks, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\iolo\System Mechanic Professional\SysMech.exe" = C:\Program Files\iolo\System Mechanic Professional\SysMech.exe:*:Enabled:iolo System Shield® -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700" = Canon iP1700
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13768624-13E9-4A9D-BF5B-6DB72FFFD954}" = Eudora
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{232EF9A7-CCB1-416E-BC15-E6AA5D17F434}" = AmpliTube LE
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 21
"{2746B4DE-A2EE-4B33-A7CE-B33BAD5EF6FE}" = Vz In Home Agent
"{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{3884FCC0-9E16-423B-959A-FD77DD2F39E6}" = GuitarVision
"{39A908FD-7322-41AE-B374-C7A076B2FC97}" = Memeo AutoBackup
"{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}" = YouSendIt Application Plug-in SDK
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}" = SanDisk TransferMate
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{82E63B84-5A8B-4839-A6E1-B326CC31CD33}" = Parallels Transporter
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2C1E44-7685-4D05-8342-B0DC6422FA47}" = Ulead Straight-to-Disc SDK
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A26FA58F-0AD6-4F9C-A134-FE2CFB2EAE97}" = McAfee Anti-Theft
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD55377-3FEA-4A93-A877-DB87B6C6C990}" = Logitech Harmony Remote Software 7
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{E901C3E0-E37C-4645-9906-718C3A5FE59F}" = SnapAPI
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.5
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FD29EB58-CF8D-4BE9-9AE8-8EE4FEF6D2E0}" = Memeo AutoSync
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1st Page 2000 2.00 Free" = 1st Page 2000 2.00 Free
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ADS Tech V3.5 DVD Xpress CapWiz" = ADS Tech V3.5 DVD Xpress CapWiz
"America Online us" = America Online (Choose which version to remove)
"Anfy" = Anfy
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19
"AVS Video Tools 5_is1" = AVS Video Tools 5.6
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"bitRipper" = bitRipper
"CAL" = Canon Camera Access Library
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon iP1700 User Registration" = Canon iP1700 User Registration
"CanonMyPrinter" = Canon My Printer
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CopyToDVD_is1" = CopyToDVD
"Crystal Button 2008 InMotion! Pack_is1" = Crystal Button 2008 InMotion! (v.3.2)
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD43_is1" = DVD43 v3.9.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"ESCD_6.0" = Enhanced Sound Card Driver 8.0
"FadeToBlack" = FadeToBlack
"Flash News Scroller Wizard" = Flash News Scroller Wizard 1.7
"FLV Player1.33 FC" = FLV Player
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.3
"Freecorder Toolbar3.03" = Freecorder Toolbar 3.03 Application
"Freecorder_3 Toolbar" = Freecorder_3 Toolbar
"GuitarPort 2.51.0" = GuitarPort 2.51.0 (Remove Only)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}" = YouSendIt Application Plug-in SDK
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"IObit Security 360_is1" = IObit Security 360
"Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch" = Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
"LG USB Drivers" = LG USB Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11
"Radio_Wizard_1" = Radio Wizard 1.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.2
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Replay Media Catcher 3.0" = Replay Media Catcher 3.0
"Replay Media Catcher2.10" = Replay Media Catcher
"Replay_AV_807" = Replay AV 8
"Replay_Converter_1" = Replay Converter 2.8
"Replay_Media_Splitter_1.2" = Replay Media Splitter 1.4
"Replay_Screencast_1.0" = Replay Screencast 1.21
"RER Video Converter_is1" = RER Video Converter
"RiffWorks Standard" = RiffWorks Standard
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Uninstall_is1" = Uninstall 1.0.0.1
"Verizon Help and Support" = Verizon Help and Support Tool
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WETCable" = Windows Easy Transfer
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/30/2010 5:44:54 AM | Computer Name = CINCHEETAH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 9/30/2010 5:44:54 AM | Computer Name = CINCHEETAH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 9/30/2010 5:44:54 AM | Computer Name = CINCHEETAH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 9/30/2010 5:46:43 AM | Computer Name = CINCHEETAH | Source = Application Error | ID = 1000
Description = Faulting application dlbubmon.exe, version 1.0.10.0, faulting module
hid.dll, version 5.1.2600.5512, fault address 0x00001ab4.
Error - 9/30/2010 5:47:47 AM | Computer Name = CINCHEETAH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 9/30/2010 5:47:47 AM | Computer Name = CINCHEETAH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 9/30/2010 5:55:45 AM | Computer Name = CINCHEETAH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 9/30/2010 5:55:45 AM | Computer Name = CINCHEETAH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 9/30/2010 5:55:45 AM | Computer Name = CINCHEETAH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 9/30/2010 5:55:45 AM | Computer Name = CINCHEETAH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
[ iolo Applications Events ]
Error - 9/23/2010 3:16:16 PM | Computer Name = CINCHEETAH | Source = System Shield | ID = 17
Description =
[ System Events ]
Error - 9/30/2010 5:47:52 AM | Computer Name = CINCHEETAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}
Error - 9/30/2010 5:48:36 AM | Computer Name = CINCHEETAH | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 9/30/2010 5:48:58 AM | Computer Name = CINCHEETAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}
Error - 9/30/2010 5:48:58 AM | Computer Name = CINCHEETAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}
Error - 9/30/2010 5:48:58 AM | Computer Name = CINCHEETAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}
Error - 9/30/2010 5:54:24 AM | Computer Name = CINCHEETAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}
Error - 9/30/2010 5:56:04 AM | Computer Name = CINCHEETAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 9/30/2010 5:57:11 AM | Computer Name = CINCHEETAH | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058
Error - 9/30/2010 5:57:11 AM | Computer Name = CINCHEETAH | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058
Error - 9/30/2010 5:57:11 AM | Computer Name = CINCHEETAH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FileDisk Fips intelppm
< End of report >
Browser being Hijacked
in Malware Removal
Posted
Since I use my computer for work - I read through a few threads to see if I could get some fixes on my own - you guys are a wealth of knowledge! I've made a little progress (the hijacking seems to have ceased) - however it appears the registry has a few problems. I'll post 2 GMER report after combo fix log/TDSSKiller logs.
I did run combo fix (as I saw this on another thread) - and TDSSKiller afterwards which did find something (I assume that is what was causing the highjacks)
ComboFix 10-09-30.03 - Administrator 10/01/2010 10:37:34.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3297 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: System Shield *On-access scanning enabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\autorun.inf
c:\windows\settings.reg
c:\windows\system32\Data
----- BITS: Possible infected sites -----
hxxp://download.iolo.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2010-09-01 to 2010-10-01 )))))))))))))))))))))))))))))))
.
2010-09-29 23:36 . 2010-09-29 23:36 -------- d-----w- C:\Rooter$
2010-09-29 22:42 . 2010-09-29 22:43 -------- d-----w- c:\program files\ERUNT
2010-09-29 21:31 . 2010-09-29 21:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-29 20:57 . 2010-09-29 20:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo
2010-09-29 00:01 . 2010-09-29 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-09-29 00:01 . 2010-09-29 00:01 -------- d-----w- c:\program files\IObit
2010-09-28 23:31 . 2010-09-28 23:31 -------- d-----w- c:\program files\Trend Micro
2010-09-28 23:30 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-09-28 23:30 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-09-28 23:30 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-09-28 23:30 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-09-28 23:30 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-09-28 23:30 . 2010-09-28 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-09-28 22:26 . 2010-09-28 22:26 -------- d-----w- c:\windows\system32\vmm32
2010-09-28 22:26 . 2010-09-28 22:26 -------- d-----w- c:\program files\CCleaner
2010-09-27 21:30 . 2010-09-28 22:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-27 21:30 . 2010-09-28 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-22 22:06 . 2010-09-28 22:26 -------- d-----w- c:\program files\Common Files\Motive
2010-09-18 22:16 . 2010-09-18 22:16 -------- d-----w- c:\program files\Common Files\Authentium
2010-09-18 22:16 . 2009-11-11 23:46 118784 ----a-w- c:\windows\system32\iavlsp.dll
2010-09-18 22:16 . 2010-07-06 19:44 94384 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-09-18 22:16 . 2010-07-06 19:44 2319536 ----a-w- c:\windows\system32\Incinerator.dll
2010-09-18 22:16 . 2010-06-29 22:30 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys
2010-09-18 22:16 . 2010-09-07 13:37 41957480 ----a-w- c:\documents and settings\All Users\Application Data\iolo\System Shield\smsysshieldinstaller.exe
2010-09-18 22:16 . 2010-02-03 14:21 12288 ----a-w- c:\windows\system32\smrgdf.exe
2010-09-18 22:16 . 2010-02-03 14:21 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-09-18 22:16 . 2010-09-18 22:16 -------- d-----w- c:\program files\iolo
2010-09-18 22:13 . 2010-09-18 22:13 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-09-18 22:13 . 2010-09-18 22:13 -------- d-----w- C:\iolo
2010-09-18 21:50 . 2010-09-18 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-09-18 17:56 . 2010-09-18 17:56 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-09-18 17:55 . 2010-09-18 17:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-18 13:21 . 2010-09-18 13:21 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe
2010-09-18 13:10 . 2010-09-18 13:10 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-18 12:51 . 2010-09-18 13:12 -------- d-----w- c:\program files\iTunes
2010-09-18 12:51 . 2010-09-18 12:51 -------- d-----w- c:\program files\iTunes(2)
2010-09-16 22:47 . 2010-09-16 22:47 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 13:41 . 2007-09-05 12:31 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-28 22:26 . 2009-10-04 23:18 -------- d-----w- c:\program files\Verizon
2010-09-24 00:11 . 2008-05-01 23:58 -------- d-----w- c:\program files\dl_Cats
2010-09-22 23:11 . 2005-09-08 11:53 -------- d-----w- c:\program files\Dell
2010-09-22 22:17 . 2009-07-11 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-09-21 21:56 . 2009-11-28 15:26 -------- d-----w- c:\program files\Common Files\McAfee
2010-09-21 21:53 . 2006-04-21 10:48 -------- d-----w- c:\program files\Lavasoft
2010-09-21 21:40 . 2009-10-03 12:03 -------- d-----w- c:\program files\Uniblue
2010-09-21 13:42 . 2008-12-27 16:26 -------- d-----w- c:\program files\DoremiSoft
2010-09-21 13:39 . 2009-03-02 14:28 -------- d-----w- c:\program files\SpreadsheetConverter
2010-09-21 13:39 . 2008-12-26 16:20 -------- d-----w- c:\program files\Show.kit 2.1
2010-09-21 13:38 . 2008-08-16 11:12 -------- d-----w- c:\program files\Flash Website Design
2010-09-21 13:37 . 2008-10-12 13:12 -------- d-----w- c:\program files\AnvSoft Flash to Video Converter
2010-09-18 21:48 . 2005-10-13 21:43 -------- d-----w- c:\program files\Google
2010-09-18 13:22 . 2008-07-16 20:58 -------- d-----w- c:\program files\Safari
2010-09-18 13:16 . 2009-12-16 23:11 -------- d-----w- c:\program files\QuickTime
2010-09-18 13:11 . 2007-07-10 00:35 -------- d-----w- c:\program files\Common Files\Apple
2010-09-18 12:51 . 2005-10-03 15:42 -------- d-----w- c:\program files\iPod
2010-09-07 21:31 . 2008-08-09 15:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-21 14:53 . 2010-08-21 14:53 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-21 14:52 . 2010-08-21 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-21 14:37 . 2010-08-21 14:37 -------- d-----w- c:\program files\Bonjour
2010-08-21 14:31 . 2010-08-21 14:31 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-17 13:17 . 2004-08-19 20:49 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2004-08-19 20:49 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 10:03 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 09:00 . 2010-08-02 09:08 423656 ----a-w- c:\windows\system32\deployJava1.dll
2007-08-18 13:18 . 2007-08-18 13:18 2293712 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2007-08-18 13:15 . 2007-08-18 13:15 3655608 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-08-18 13:14 . 2007-08-18 13:14 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2003-12-03 19:31 . 2003-12-03 19:31 1005 ----a-w- c:\program files\SMDesk.ini
2002-09-27 14:40 . 2002-09-27 14:40 69632 ----a-w- c:\program files\Start.exe
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5d332f5-f6c8-4845-bd6c-937838ba907f}]
2010-09-05 17:18 2735200 ----a-w- c:\program files\Freecorder_3\tbFre1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c5d332f5-f6c8-4845-bd6c-937838ba907f}"= "c:\program files\Freecorder_3\tbFre1.dll" [2010-09-05 2735200]
[HKEY_CLASSES_ROOT\clsid\{c5d332f5-f6c8-4845-bd6c-937838ba907f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-30 202256]
"DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2007-02-12 73728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-9-1 114688]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-1-25 6144]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Cin^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Cin^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2006-05-22 18:26 694272 ----a-w- c:\program files\dvd43\DVD43_Tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 09:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-08-09 09:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2008-01-01 14:03 36864 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McPvTray]
2008-05-28 14:33 655360 ----a-w- c:\program files\McAfee\Anti-Theft\McPvTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Old Data\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\Old Data\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Old Data\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Old Data\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\WINDOWS\\system32\\dlbucoms.exe"=
"c:\\Program Files\\Parallels\\Parallels Transporter\\Parallels Transporter\\ParallelsTransporter.exe"=
"c:\\Program Files\\Parallels\\Parallels Transporter\\Parallels Transporter Agent\\ParallelsTransporterAgent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Replay AV 8\\Replay Player\\Replay Player.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\SysMech.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"62515:UDP"= 62515:UDP:Cisco VPN Serivice
R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [5/28/2008 10:32 AM 61688]
S2 AMP;AMP;c:\windows\system32\drivers\amp.sys [1/19/2010 6:53 PM 127016]
S2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [1/19/2010 6:53 PM 1118248]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/18/2010 6:16 PM 711352]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/18/2010 6:16 PM 711352]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [9/28/2010 8:01 PM 312152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/28/2009 11:28 AM 93320]
S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [1/19/2010 6:46 PM 121384]
S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [1/19/2010 6:46 PM 117288]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [12/9/2005 8:06 PM 393216]
S3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [7/15/2002 11:39 PM 26496]
S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [1/19/2010 6:46 PM 158248]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2010-05-04 17:20 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-10-01 c:\windows\Tasks\User_Feed_Synchronization-{9126A126-9FBD-4754-B7F4-B9FC53C8E989}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\iavlsp.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
ActiveSetup-{FDC32A47-A70D-4F9E-97DD-7E08EA9C6BF8} - c:\documents and settings\Cin\Application Data\Bitrix Security\fadosvlk.dll
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-01 10:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\WININET.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\AC3ACM.acm
- - - - - - - > 'lsass.exe'(1088)
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(1444)
c:\windows\system32\WININET.dll
c:\windows\system32\iavlsp.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-10-01 11:01:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-01 15:00
Pre-Run: 121,264,717,824 bytes free
Post-Run: 121,148,014,592 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - 190ADA934C68BC9D018B44EFEFA76D8D
####################################################################################
2010/10/01 11:07:14.0843 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/10/01 11:07:14.0843 ================================================================================
2010/10/01 11:07:14.0843 SystemInfo:
2010/10/01 11:07:14.0843
2010/10/01 11:07:14.0843 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/01 11:07:14.0843 Product type: Workstation
2010/10/01 11:07:14.0843 ComputerName: CINCHEETAH
2010/10/01 11:07:14.0843 UserName: Administrator
2010/10/01 11:07:14.0843 Windows directory: C:\WINDOWS
2010/10/01 11:07:14.0843 System windows directory: C:\WINDOWS
2010/10/01 11:07:14.0843 Processor architecture: Intel x86
2010/10/01 11:07:14.0843 Number of processors: 2
2010/10/01 11:07:14.0843 Page size: 0x1000
2010/10/01 11:07:14.0843 Boot type: Safe boot with network
2010/10/01 11:07:14.0843 ================================================================================
2010/10/01 11:07:15.0125 Initialize success
2010/10/01 11:07:21.0500 ================================================================================
2010/10/01 11:07:21.0500 Scan started
2010/10/01 11:07:21.0500 Mode: Manual;
2010/10/01 11:07:21.0500 ================================================================================
2010/10/01 11:07:24.0468 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/01 11:07:24.0625 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/01 11:07:24.0687 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/01 11:07:24.0718 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/01 11:07:24.0796 ADSEXPB (d08916e4579f64af0844ca2c283573a6) C:\WINDOWS\system32\Drivers\adsexpb.sys
2010/10/01 11:07:24.0875 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/01 11:07:24.0968 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/01 11:07:25.0062 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/01 11:07:25.0093 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/01 11:07:25.0125 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/01 11:07:25.0171 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/01 11:07:25.0218 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/01 11:07:25.0312 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/01 11:07:25.0375 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/01 11:07:25.0421 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/01 11:07:25.0546 AMP (182806937f4af5cc0f3c65b4d68b051e) C:\WINDOWS\system32\DRIVERS\amp.sys
2010/10/01 11:07:25.0640 AMPSE (b95101fbceb2ae4873e3bc38460f5568) C:\WINDOWS\system32\DRIVERS\ampse.sys
2010/10/01 11:07:25.0718 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/01 11:07:25.0812 APLMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\Drivers\APLMp50.sys
2010/10/01 11:07:25.0875 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/01 11:07:25.0921 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/01 11:07:25.0968 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/01 11:07:26.0093 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/10/01 11:07:26.0234 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/01 11:07:26.0421 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/01 11:07:26.0625 ati2mtag (b8142104502f794689c1c0bcbfb53b98) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/01 11:07:26.0859 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/01 11:07:26.0984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/01 11:07:27.0062 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/01 11:07:27.0296 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/01 11:07:27.0328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/01 11:07:27.0390 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/01 11:07:27.0437 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/01 11:07:27.0531 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/01 11:07:27.0625 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/01 11:07:27.0765 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/01 11:07:27.0859 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/01 11:07:27.0953 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2010/10/01 11:07:28.0031 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2010/10/01 11:07:28.0125 CVPNDRVA (26deef07394624247d1f549bd94f0b15) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2010/10/01 11:07:28.0234 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/01 11:07:28.0375 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/01 11:07:28.0484 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/01 11:07:28.0593 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/01 11:07:28.0703 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/01 11:07:28.0734 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/01 11:07:28.0781 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/01 11:07:28.0859 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2010/10/01 11:07:28.0906 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/01 11:07:28.0968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/01 11:07:29.0031 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/10/01 11:07:29.0109 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/10/01 11:07:29.0234 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2010/10/01 11:07:29.0265 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/01 11:07:29.0328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/01 11:07:29.0359 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/01 11:07:29.0421 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\WINDOWS\system32\drivers\FileDisk.sys
2010/10/01 11:07:29.0453 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/01 11:07:29.0515 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/01 11:07:29.0609 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/01 11:07:29.0671 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/01 11:07:29.0750 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/01 11:07:29.0875 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/01 11:07:29.0984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/01 11:07:30.0093 GPWADrv (7c7da88e6d3b3fac62bbffc4d938d0c7) C:\WINDOWS\system32\Drivers\GPWADrv.sys
2010/10/01 11:07:30.0171 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/01 11:07:30.0218 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/01 11:07:30.0281 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/10/01 11:07:30.0343 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/10/01 11:07:30.0453 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/01 11:07:30.0515 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/01 11:07:30.0562 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/01 11:07:30.0640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/01 11:07:30.0750 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys
2010/10/01 11:07:30.0984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/01 11:07:31.0062 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/01 11:07:31.0125 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/01 11:07:31.0171 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/01 11:07:31.0218 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/01 11:07:31.0265 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/01 11:07:31.0296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/01 11:07:31.0343 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/01 11:07:31.0390 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/01 11:07:31.0453 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/01 11:07:31.0546 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/01 11:07:31.0562 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/01 11:07:31.0609 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/01 11:07:31.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/01 11:07:31.0765 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/01 11:07:31.0828 L6DP (4b0dc386061dc7276eafb24cff641ded) C:\WINDOWS\system32\Drivers\l6dp.sys
2010/10/01 11:07:31.0937 McPvDrv (436966e5f96ea810a8a80a5fb41b63ad) C:\WINDOWS\system32\drivers\McPvDrv.sys
2010/10/01 11:07:32.0000 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/01 11:07:32.0062 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/10/01 11:07:32.0078 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/01 11:07:32.0140 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/01 11:07:32.0171 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/10/01 11:07:32.0234 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/01 11:07:32.0296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/01 11:07:32.0484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/01 11:07:32.0562 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/01 11:07:32.0703 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/10/01 11:07:32.0828 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/10/01 11:07:32.0906 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/01 11:07:33.0031 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/01 11:07:33.0125 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/01 11:07:33.0218 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/01 11:07:33.0265 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/01 11:07:33.0312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/01 11:07:33.0390 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/01 11:07:33.0468 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/01 11:07:33.0546 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/01 11:07:33.0718 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/01 11:07:33.0765 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/01 11:07:33.0812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/01 11:07:33.0875 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/01 11:07:33.0968 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/01 11:07:34.0062 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/01 11:07:34.0218 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/10/01 11:07:34.0265 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/01 11:07:34.0328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/01 11:07:34.0375 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/01 11:07:34.0625 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/01 11:07:34.0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/01 11:07:34.0875 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/01 11:07:35.0015 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/10/01 11:07:35.0265 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2010/10/01 11:07:35.0343 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
2010/10/01 11:07:35.0609 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/01 11:07:35.0859 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/01 11:07:35.0921 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/01 11:07:36.0000 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/01 11:07:36.0125 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/01 11:07:36.0203 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/01 11:07:36.0281 Pcouffin (5b68c60b01dac03d895ec1ca0a0365da) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2010/10/01 11:07:36.0500 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/01 11:07:36.0546 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/01 11:07:36.0656 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys
2010/10/01 11:07:36.0750 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/01 11:07:36.0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/01 11:07:36.0843 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/01 11:07:36.0906 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/01 11:07:36.0953 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/01 11:07:36.0984 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/01 11:07:37.0031 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/01 11:07:37.0078 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/01 11:07:37.0109 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/01 11:07:37.0156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/01 11:07:37.0250 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/01 11:07:37.0312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/01 11:07:37.0343 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/01 11:07:37.0437 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/01 11:07:37.0593 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/01 11:07:37.0703 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/01 11:07:37.0750 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/01 11:07:37.0859 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/01 11:07:38.0046 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/01 11:07:38.0156 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/01 11:07:38.0203 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/01 11:07:38.0312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/01 11:07:38.0468 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/01 11:07:38.0515 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/01 11:07:38.0578 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/01 11:07:38.0687 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/01 11:07:38.0765 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/01 11:07:38.0843 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/10/01 11:07:38.0906 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/10/01 11:07:38.0953 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/01 11:07:39.0015 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/01 11:07:39.0109 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/01 11:07:39.0140 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/01 11:07:39.0296 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/01 11:07:39.0375 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/01 11:07:39.0437 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/01 11:07:39.0593 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/01 11:07:39.0656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/01 11:07:39.0703 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/01 11:07:39.0781 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/01 11:07:39.0875 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/10/01 11:07:39.0953 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/10/01 11:07:39.0984 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/10/01 11:07:40.0046 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
2010/10/01 11:07:40.0078 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/10/01 11:07:40.0125 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/10/01 11:07:40.0156 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/10/01 11:07:40.0203 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/10/01 11:07:40.0250 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/10/01 11:07:40.0343 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/01 11:07:40.0421 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/01 11:07:40.0468 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/01 11:07:40.0546 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/01 11:07:40.0687 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/01 11:07:40.0765 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2010/10/01 11:07:40.0828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/01 11:07:40.0906 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2010/10/01 11:07:41.0046 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/01 11:07:41.0125 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/01 11:07:41.0171 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2010/10/01 11:07:41.0234 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/01 11:07:41.0281 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/01 11:07:41.0312 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/01 11:07:41.0375 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/01 11:07:41.0437 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/01 11:07:41.0500 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/01 11:07:41.0546 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/01 11:07:41.0640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/01 11:07:41.0734 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2010/10/01 11:07:41.0906 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/01 11:07:41.0984 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/10/01 11:07:42.0078 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/10/01 11:07:42.0203 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/01 11:07:42.0296 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/01 11:07:42.0531 winusb (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.SYS
2010/10/01 11:07:42.0687 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/10/01 11:07:42.0765 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/01 11:07:42.0859 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/01 11:07:43.0031 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/01 11:07:43.0171 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/01 11:07:43.0187 ================================================================================
2010/10/01 11:07:43.0187 Scan finished
2010/10/01 11:07:43.0187 ================================================================================
2010/10/01 11:07:43.0234 Detected object count: 1
2010/10/01 11:07:55.0343 \HardDisk0\MBR - will be cured after reboot
2010/10/01 11:07:55.0343 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/01 11:07:59.0734 Deinitialize success
###################################################################################
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-01 11:39:59
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwloqkob.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{0588C38B-B085-80CE-5708-161854F73ED1}\InprocServer32@ C:\Program Files\Windows Media Components\Encoder\wmex.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{0588C38B-B085-80CE-5708-161854F73ED1}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\WINDOWS\system32\sysmon.ocx
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ C:\WINDOWS\system32\msvidctl.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\ProgID@ BDATuner.ChannelTuneRequest.1
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\TypeLib@ {9B085638-018E-11D3-9D8E-00C04F72D980}
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\VersionIndependentProgID@ BDATuner.ChannelTuneRequest
---- EOF - GMER 1.0.15 ----