Google redirect virus still there

Dell DIMENSION
December 29, 2008 at 20:15:50
Specs: XP Pro SP3, P4 2.80 GHz/ 512 MB
Hi everyone. I recently had the problem with the google redirecting virus, where my search results would get directed through an IP of 209.85.171.199 and all the results I would get would link to ads.

I ran Malwarebytes' and it found and deleted a rootkit, sysaudio.sys, and then I restarted the computer since it asked me to do so. However, since I restarted I'm still having the same problem but there is no more sysaudio.sys file in my systems32 folder (It wasn't in the system32/drivers/ folder, just /system32/).

And for some reason, the log isn't there on Malwarebytes' from when it removed the sysaudio.sys file. It has the log of the quickscan that I did after it. I've seen other threads where combofix has been recommended, but I don't want to do that until someone recommends it here. And I'll also post my HJT log if someone asks.


See More: Google redirect virus still there

Report •


#1
December 30, 2008 at 16:40:20
Once you get SDFix downloaded go offline, turn off your antivirus, and turn off any antispyware that you have, run SDFix from safe mode and restart the Antivirus before you get back on line to post the log.

Download SDFix.exe and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

1.Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
2. Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
3. Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
4. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt


Report •

#2
December 31, 2008 at 19:31:05

[b]SDFix: Version 1.240 [/b]
Run by anony2002 on Wed 12/31/2008 at 10:07 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found


Removing Temp Files

[b]ADS Check [/b]:


[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 22:17:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:de,a0,87,bf,d7,ca,8b,a5,7b,0e,e1,31,5d,fc,c2,8c,23,4b,b2,75,be,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,28,ad,f2,65,49,e9,4c,e5,a0,06,ca,b9,cc,ac,8c,3a,2e,..
"khjeh"=hex:56,51,17,a1,65,30,4b,2f,d6,41,ce,5c,3c,12,6c,53,0b,8d,a3,65,73,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,ff,9e,a0,8b,c1,7a,cf,76,93,0e,02,39,17,8a,71,d4,7d,71,ca,0a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:00,65,fb,2a,00,25,8a,70,3d,b1,fd,91,92,6d,49,95,00,34,d5,e0,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:de,a0,87,bf,d7,ca,8b,a5,7b,0e,e1,31,5d,fc,c2,8c,23,4b,b2,75,be,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,28,ad,f2,65,49,e9,4c,e5,a0,06,ca,b9,cc,ac,8c,3a,2e,..
"khjeh"=hex:56,51,17,a1,65,30,4b,2f,d6,41,ce,5c,3c,12,6c,53,0b,8d,a3,65,73,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:78,7f,ea,fa,ed,cf,f3,74,44,e2,a1,13,c8,06,b3,0d,1e,c8,6d,6e,f5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:00,65,fb,2a,00,25,8a,70,3d,b1,fd,91,92,6d,49,95,00,34,d5,e0,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:de,a0,87,bf,d7,ca,8b,a5,7b,0e,e1,31,5d,fc,c2,8c,23,4b,b2,75,be,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,28,ad,f2,65,49,e9,4c,e5,a0,06,ca,b9,cc,ac,8c,3a,2e,..
"khjeh"=hex:56,51,17,a1,65,30,4b,2f,d6,41,ce,5c,3c,12,6c,53,0b,8d,a3,65,73,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,ff,9e,a0,8b,c1,7a,cf,76,93,0e,02,39,17,8a,71,d4,7d,71,ca,0a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:00,65,fb,2a,00,25,8a,70,3d,b1,fd,91,92,6d,49,95,00,34,d5,e0,53,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:

[b]Files with Hidden Attributes [/b]:

Fri 16 Nov 2007 24 ..SH. --- "C:\WINDOWS\SBA693959.tmp"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Thu 14 Feb 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 4 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\anony2002\Application Data\U3\temp\Launchpad Removal.exe"
Sun 7 Sep 2008 4,918 A..H. --- "C:\Documents and Settings\Parents\Application Data\Microsoft\Office\Shortcut Bar\Acc2A.tmp"
Sat 6 Sep 2008 9,270 A..H. --- "C:\Documents and Settings\Parents\Application Data\Microsoft\Office\Shortcut Bar\Acc2Ah.tmp"
Sat 6 Sep 2008 9,270 A..H. --- "C:\Documents and Settings\Parents\Application Data\Microsoft\Office\Shortcut Bar\Acc2As.tmp"
Sun 7 Sep 2008 2,038 A..H. --- "C:\Documents and Settings\Parents\Application Data\Microsoft\Office\Shortcut Bar\Off26.tmp"
Fri 5 Sep 2008 8,246 A..H. --- "C:\Documents and Settings\Parents\Application Data\Microsoft\Office\Shortcut Bar\Off26h.tmp"
Fri 5 Sep 2008 8,246 A..H. --- "C:\Documents and Settings\Parents\Application Data\Microsoft\Office\Shortcut Bar\Off26s.tmp"
Fri 5 Sep 2008 9,270 A..H. --- "C:\Documents and Settings\Parents\Application Data\Microsoft\Office\Shortcut Bar\Qui27h.tmp"
Fri 5 Sep 2008 9,270 A..H. --- "C:\Documents and Settings\Parents\Application Data\Microsoft\Office\Shortcut Bar\Qui27s.tmp"
Sun 7 Sep 2008 9,270 A..H. --- "C:\Documents and Settings\Parents\Application Data\Microsoft\Office\Shortcut Bar\Qui2h.tmp"
Sun 7 Sep 2008 9,270 A..H. --- "C:\Documents and Settings\Parents\Application Data\Microsoft\Office\Shortcut Bar\Qui2s.tmp"

[b]Finished![/b]


Report •

#3
January 1, 2009 at 10:10:58
If you are using a router it will need to be reset. With the power on depress the reset button for 15 seconds then let go. If no reset button power down the router for 30 seconds the restart it.

Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This


1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


Report •

Related Solutions

#4
January 1, 2009 at 12:23:36
Thanks jabuck. I have reset the router. It looks like the problem's still there. It was normal the first time I tried searching after the reset, but the 2nd time the redirects came back.

Here's my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:57 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Harsh\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-343818398-1580436667-725345543-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Parents')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/active...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6850 bytes

Thanks!


Report •

#5
January 1, 2009 at 13:03:41
Go to start> control panel> java> about and make sure you have the newest java update which is version 6 update 11. If not click the update tab> update now.

This will be a very thorough scan and will take several post to get it all posted but needed to try to find the baddie. So post it in segments please.

Download OTScanIt2 to your Desktop from the following link:

OTScanIt2 by oldtimer

Double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program. Make sure you close all other programs and don't use the PC while the scan runs.
Under File Age at the top, change it from 30 days to 90 days
Under Additional Scans check the boxes beside Reg - ColumnHandlers, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - NetSvcs, Reg - Protocol Filters, Reg - Protocol Handlers, Reg - SafeBoot Minimal, Reg - SafeBoot Network, Reg - Session Manager Settings, Reg - Winsock2 Catalogs, File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors).
Under Rootkit Search change it to Yes
Under the Custom Scans box at the bottom left paste the following in

%systemroot%\Prefetch\*.* /s
%systemroot%\system32\drivers\*.dat
%systemroot%\Temp\bca4e2da.$$$
%systemroot%\Temp\ed47fa.$
%systemroot%\Temp\fa56d7ec.$$$
%systemroot%\System32\antiwpa.dll
%PROGRAMFILES%\*crack*.
%PROGRAMFILES%\*keygen*.
%SYSTEMDRIVE%\*crack*.
%SYSTEMDRIVE%\*keygen*.
%SYSTEMDRIVE%\*.zip
%SYSTEMDRIVE%\*.rar
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\*.dll
%systemroot%\*.zip
%systemroot%\*.rar
%systemroot%\system32\*.zip
%systemroot%\system32\*.rar
%PROGRAMFILES%\*.zip
%PROGRAMFILES%\*.rar
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.dll
%DESKTOP%\*.zip
%DESKTOP%\*.rar
%DESKTOP%\*.exe
%PROGRAMFILES%\Common Files\*.*
%PROGRAMFILES%\Common Files\*bak*.
%systemroot%\SYSTEM32\*bak*.
%PROGRAMFILES%\*bak*.
%USERNAME%\*.zip
%USERNAME%\*.rar
%USERNAME%\*.exe
%USERPROFILE%\*.zip
%USERPROFILE%\*.rar
%USERPROFILE%\*.exe
%ALLUSERSPROFILE%\*.zip
%ALLUSERSPROFILE%\*.rar
%ALLUSERSPROFILE%\*.exe
%APPDATA%\*.zip
%APPDATA%\*.rar
%APPDATA%\*.exe
%ALLUSERSSTARTMENU%\*.zip
%ALLUSERSSTARTMENU%\*.rar
%ALLUSERSSTARTMENU%\*.exe
%ALLUSERSSTARTUP%\*.zip
%ALLUSERSSTARTUP%\*.rar
%ALLUSERSSTARTUP%\*.exe
%ALLUSERSPROGRAMS%\*.zip
%ALLUSERSPROGRAMS%\*.rar
%ALLUSERSPROGRAMS%\*.exe
%ALLUSERSAPPDATA%\*.zip
%ALLUSERSAPPDATA%\*.rar
%ALLUSERSAPPDATA%\*.exe
%APPDATA%\*.zip
%APPDATA%\*.rar
%APPDATA%\*.exe
%APPDATA%\*.dat
%APPDATA%\*.dll
%QUICKLAUNCH%\*.zip
%QUICKLAUNCH%\*.rar
%QUICKLAUNCH%\*.exe
%STARTUP%\*.zip
%STARTUP%\*.rar
%STARTUP%\*.exe
%STARTMENU%\*.zip
%STARTMENU%\*.rar
%STARTMENU%\*.exe
%MYDOCUMENTS%\*.zip
%MYDOCUMENTS%\*.rar
%MYDOCUMENTS%\*.exe
%PROGRAMFILES%\Mozilla Firefox\plugins\*.*
%PROGRAMFILES%\Internet Explorer\*.*
%PROGRAMFILES%\Mozilla Firefox\*.zip /s
%PROGRAMFILES%\Mozilla Firefox\*.rar /s
%PROGRAMFILES%\Mozilla Firefox\*.exe /s
%PROGRAMFILES%\Internet Explorer\*.zip /s
%PROGRAMFILES%\Internet Explorer\*.rar /s
%PROGRAMFILES%\Internet Explorer\*.exe /s
%SYSTEMDRIVE%\*.dat
%SYSTEMDRIVE%\*.sys
%SYSTEMROOT%\*.dat
%SYSTEMROOT%\*.sys
%systemroot%\system32\drivers\*.exe /s
%systemroot%\system32\drivers\*.zip /s
%systemroot%\system32\drivers\*.rar /s
%systemroot%\system\*.exe /s
%systemroot%\system\*.zip /s
%systemroot%\system\*.rar /s
%systemroot%\AppPatch\*.exe /s
%systemroot%\AppPatch\*.zip /s
%systemroot%\AppPatch\*.rar /s
%systemroot%\Cache\*.*
%systemroot%\Downloaded Program Files\*.*
%systemroot%\Fonts\*.exe /s
%systemroot%\Fonts\*.zip /s
%systemroot%\Fonts\*.rar /s
%systemroot%\Fonts\*.dll /s
%systemroot%\Help\*.exe /s
%systemroot%\Help\*.zip /s
%systemroot%\Help\*.rar /s
%systemroot%\Tasks\*.*
%APPDATA%\*.sys
%systemroot%\system32\serauth1.dll
%systemroot%\system32\serauth2.dll
%systemroot%\system32\sysaudio.sys
%PROGRAMFILES%\*TinyProxy*.
%PROGRAMFILES%\Bitlord\Downloads\*.zip /s
%PROGRAMFILES%\Bitlord\Downloads\*.rar /s
%PROGRAMFILES%\Bitlord\Downloads\*.exe /s
%PROGRAMFILES%\Bitlord\Downloads\*crack*.
%PROGRAMFILES%\Bitlord\Downloads\*keygen*.
%PROGRAMFILES%\eMule\Incoming\*.zip /s
%PROGRAMFILES%\eMule\Incoming\*.rar /s
%PROGRAMFILES%\eMule\Incoming\*.exe /s
%PROGRAMFILES%\eMule\Incoming\*crack*.
%PROGRAMFILES%\eMule\Incoming\*keygen*.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs


Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
When the scan is complete Notepad will open with the report file loaded in it.


Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

This will be a large file and may take several post to get it all posted.


Report •

#6
January 2, 2009 at 07:33:41
I checked my Java, and I already have the latest edition.

Alright, here's the first post from OTScanIt2, with word wrap unchecked:

[code]
OTScanIt2 logfile created on: 1/2/2009 9:14:00 AM - Run 1
OTScanIt2 by OldTimer - Version 1.0.4.2 Folder = C:\Documents and Settings\Anony2002\Desktop\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 330.25 Mb Available Physical Memory | 64.63% Memory free
1.22 Gb Paging File | 0.98 Gb Available in Paging File | 80.23% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 2.79 Gb Free Space | 7.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 128.00 Gb Total Space | 25.80 Gb Free Space | 20.16% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UNSAVORYBYTE
Current User Name: Anony2002
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 90 Days

[Processes - Safe List]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.)
ccsvchst.exe -> %ProgramFiles%\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe -> [2008/12/11 22:28:25 | 00,115,560 | R--- | M] (Symantec Corporation)
ccsvchst.exe -> %ProgramFiles%\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe -> [2008/12/11 22:28:25 | 00,115,560 | R--- | M] (Symantec Corporation)
diagent.exe -> %ProgramFiles%\Creative\SBLive\Diagnostics\diagent.exe -> [2002/04/03 01:01:00 | 00,135,264 | ---- | M] (Creative Technology Ltd)
e_fatiaca.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIACA.EXE -> [2005/02/08 04:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 09:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/29 14:23:14 | 00,477,696 | ---- | M] (OldTimer Tools)
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> [2003/10/31 18:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.)
(AVP) Kaspersky Internet Security 7.0 [Win32_Own | Auto | Stopped] -> -> File not found
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
(getPlus(R) Helper) getPlus(R) Helper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\NOS\bin\getPlus_HelperSvc.exe -> [2008/12/01 11:01:02 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 09:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation)
(Norton Internet Security) Norton Internet Security [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe -> [2008/12/11 22:28:25 | 00,115,560 | R--- | M] (Symantec Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 10:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 17:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> [2002/04/01 12:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation)
(BHDrvx86) Symantec Heuristics Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\NIS\1002000.007\BHDrvx86.sys -> [2008/12/11 22:29:18 | 00,255,536 | ---- | M] (Symantec Corporation)
(ccHP) Symantec Hash Provider [Kernel | System | Running] -> %SystemRoot%\system32\drivers\NIS\1002000.007\cchpx86.sys -> [2008/12/05 09:39:24 | 00,362,544 | ---- | M] (Symantec Corporation)
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctsfm2k.sys -> [2003/09/22 08:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2003/03/04 10:56:26 | 00,145,408 | ---- | M] (Intel Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> [2008/12/05 09:39:24 | 00,371,248 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2008/12/05 09:39:24 | 00,099,376 | ---- | M] (Symantec Corporation)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gameenum.sys -> [2008/04/13 14:45:30 | 00,010,624 | ---- | M] (Microsoft Corporation)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWBS2.sys -> [2003/11/17 14:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> [2003/11/17 14:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.)
(IDSxpx86) IDSxpx86 [Kernel | System | Running] -> %AllUsersProfile%\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20081220.001\IDSxpx86.sys -> [2008/12/05 09:39:25 | 00,274,808 | ---- | M] (Symantec Corporation)
(MCSTRM) MCSTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\mcstrm.sys -> [2008/01/21 13:19:00 | 00,008,413 | ---- | M] (RealNetworks, Inc.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2003/04/09 12:48:08 | 00,011,043 | ---- | M] (Conexant)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %AllUsersProfile%\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090101.041\naveng.sys -> [2008/12/27 10:28:26 | 00,089,104 | ---- | M] (Symantec Corporation)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %AllUsersProfile%\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090101.041\navex15.sys -> [2008/12/27 10:28:26 | 00,876,112 | ---- | M] (Symantec Corporation)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2007/06/28 23:43:00 | 06,807,328 | ---- | M] (NVIDIA Corporation)
(OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> [2001/08/22 07:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation)
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctoss2k.sys -> [2003/09/22 08:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.)
(P16X) Creative SB Live! Series (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\P16X.sys -> [2003/09/22 12:43:06 | 01,330,048 | ---- | M] (Creative Technology Ltd.)
(pavboot) pavboot [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\pavboot.sys -> [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.)
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pcouffin.sys -> [2008/02/10 00:04:33 | 00,047,360 | ---- | M] (VSO Software)
(PfModNT) PfModNT [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\PFMODNT.SYS -> [2003/03/05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2002/09/03 14:52:41 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2007/08/15 17:33:10 | 00,043,528 | ---- | M] (Sonic Solutions)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | R--- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> [2003/02/28 08:17:18 | 00,545,024 | ---- | M] (Analog Devices, Inc.)
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation)
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [2007/09/10 16:23:23 | 00,685,816 | ---- | M] ()
(SRTSP) Symantec Real Time Storage Protection [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\NIS\1002000.007\srtsp.sys -> [2008/12/11 22:29:18 | 00,306,736 | ---- | M] (Symantec Corporation)
(SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Running] -> %SystemRoot%\system32\drivers\NIS\1002000.007\srtspx.sys -> [2008/12/11 22:29:18 | 00,043,696 | ---- | M] (Symantec Corporation)
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NIS\1002000.007\symdns.sys -> [2008/12/11 22:29:18 | 00,012,976 | ---- | M] (Symantec Corporation)
(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\NIS\1002000.007\SymEFA.sys -> [2008/12/11 22:29:19 | 00,309,296 | ---- | M] (Symantec Corporation)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SYMEVENT.SYS -> [2008/12/05 09:39:35 | 00,124,464 | ---- | M] (Symantec Corporation)
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NIS\1002000.007\symfw.sys -> [2008/12/11 22:29:19 | 00,089,904 | ---- | M] (Symantec Corporation)
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NIS\1002000.007\symids.sys -> [2008/12/11 22:29:19 | 00,034,608 | ---- | M] (Symantec Corporation)
(SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SymIM.sys -> [2008/12/11 22:28:28 | 00,036,272 | R--- | M] (Symantec Corporation)
(SymIMMP) SymIMMP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SymIM.sys -> [2008/12/11 22:28:28 | 00,036,272 | R--- | M] (Symantec Corporation)
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NIS\1002000.007\symndis.sys -> [2008/12/11 22:29:20 | 00,037,424 | ---- | M] (Symantec Corporation)
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NIS\1002000.007\symredrv.sys -> [2008/12/11 22:29:20 | 00,024,624 | ---- | M] (Symantec Corporation)
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\NIS\1002000.007\symtdi.sys -> [2008/12/11 22:29:20 | 00,198,192 | ---- | M] (Symantec Corporation)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> [2003/11/17 14:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.)
(ZD1211BU(WLAN)) IEEE 802.11g USB Wireless LAN(WLAN) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ZD1211BU.sys -> [2005/10/28 10:38:18 | 00,402,432 | ---- | M] (ZyDAS Technology Corporation)
(ZDPSp50) ZDPSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ZDPSp50.sys -> [2004/10/25 12:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))


Report •

#7
January 2, 2009 at 07:42:26
Post 2:

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?Lin... ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?Lin... ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?Lin... ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?Lin... ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC17... ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC17... ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redi... ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> about:blank ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Anony2002\Application Data\Mozilla\FireFox\Profiles\97psd9vk.default\prefs.js ->
browser.startup.homepage -> "http://www.resultsjunkies.com/blog/some-lessons-i-wish-i-learned-earlier-in-life/" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.5" ->
extensions.enabledItems -> {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.19.1 ->
extensions.enabledItems -> {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:3.5.1 ->
extensions.enabledItems -> {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20081203 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.4.2.2 ->
extensions.enabledItems -> {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0 ->
extensions.enabledItems -> {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.0 ->
extensions.enabledItems -> {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5 ->
< HOSTS File > (686 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2006/01/12 19:38:22 | 00,063,128 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> %ProgramFiles%\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll [Symantec NCO BHO] -> [2008/12/11 22:28:18 | 00,344,944 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> %ProgramFiles%\Norton Internet Security\Engine\16.2.0.7\IPSBHO.dll [Symantec Intrusion Prevention] -> [2008/12/05 09:39:15 | 00,107,896 | R--- | M] (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/11/10 05:43:31 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/11/10 05:43:16 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/11/10 05:43:17 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> %ProgramFiles%\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll [Norton Toolbar] -> [2008/12/11 22:28:18 | 00,344,944 | R--- | M] (Symantec Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> %ProgramFiles%\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll [Norton Toolbar] -> [2008/12/11 22:28:18 | 00,344,944 | R--- | M] (Symantec Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"diagent" -> %ProgramFiles%\Creative\SBLive\Diagnostics\diagent.exe ["C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup] -> [2002/04/03 01:01:00 | 00,135,264 | ---- | M] (Creative Technology Ltd)
"EPSON Stylus CX3800 Series" -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIACA.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"] -> [2005/02/08 04:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION)
"NeroFilterCheck" -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2006/01/12 15:40:44 | 00,155,648 | ---- | M] (Nero AG)
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> [2007/06/28 23:43:00 | 08,466,432 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> [2007/06/28 23:43:00 | 00,081,920 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2007/06/28 23:43:00 | 01,626,112 | ---- | M] ()
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/03/28 22:37:20 | 00,413,696 | ---- | M] (Apple Inc.)
"RemoteControl" -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> [2003/10/31 18:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"UpdReg" -> %SystemRoot%\Updreg.EXE [C:\WINDOWS\UpdReg.EXE] -> [2000/05/11 01:00:00 | 00,090,112 | ---- | M] (Creative Technology Ltd.)
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"FlashPlayerUpdate" -> %ProgramFiles%\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe [C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p] -> [2008/03/24 19:21:00 | 00,218,496 | ---- | M] (Adobe Systems, Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 21:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 00:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)
< Anony2002 Startup Folder > -> C:\Documents and Settings\Anony2002\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/contro... ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5248 domain(s) found. ->
52 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5247 domain(s) found. ->
51 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} [HKLM] -> http://www.pandasecurity.com/active... 2.0 Installer Class] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/win... Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Plug-in 1.6.0_11] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/ji... Plug-in 1.6.0_11] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pu... Flash Object] ->
DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{829D8316-C954-4F55-A07C-D677C04F2CC8} -> (Intel(R) PRO/100 VE Network Connection) ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\uTorrent\utorrent.exe" -> C:\Program Files\uTorrent\utorrent.exe [C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent] -> [2008/01/29 09:13:16 | 00,219,952 | ---- | M] ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/08/30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007/09/05 15:42:14 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->


Report •

#8
January 2, 2009 at 07:43:35
Post 3:

[Registry - Additional Scans - Safe List]
< ColumnHandlers - Folder [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ ->
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> [2004/12/14 01:20:02 | 00,110,592 | ---- | M] (Adobe Systems, Inc.)
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->
"bootini" -> 0 ->
"services" -> 0 ->
"startup" -> 0 ->
"system.ini" -> 0 ->
"win.ini" -> 0 ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2008/04/13 19:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation)
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2002/09/03 15:03:12 | 00,008,192 | ---- | M] (Microsoft Corporation)
.hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2006/10/17 10:56:10 | 00,045,568 | ---- | M] (Microsoft Corporation)
.html [@ = FirefoxHTML] -> ->
.inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
.ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
.js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* ->
.reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2008/04/13 19:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation)
.scr [@ = scrfile] -> "%1" /S ->
.txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
.vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
.wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> [] ->
HidServ -> C:\WINDOWS\System32\hidserv.dll [C:\WINDOWS\System32\hidserv.dll] -> File not found
Ias -> [] ->
Iprip -> [] ->
Irmon -> [] ->
NWCWorkstation -> [] ->
Nwsapagent -> [] ->
WmdmPmSp -> [] ->
helpsvc -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll] -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Folders\PKMCDO.DLL[Microsoft PKM KnowledgePluggable Class] -> [2001/01/22 02:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation)
ipp: [HKLM] -> No CLSID value
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2001/02/12 02:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation)
msdaipp: [HKLM] -> No CLSID value
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2001/02/12 02:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2001/02/12 02:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation)
ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Information Retrieval\MSITSS.DLL[Microsoft Infotech Storage Protocol for IE 4.0] -> [2000/04/19 17:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation)
symres:{AA1061FE-6C41-421f-9344-69640C9732AB} [HKLM] -> %ProgramFiles%\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll[Reg Error: Value does not exist or could not be read.] -> [2008/12/11 22:28:18 | 00,344,944 | R--- | M] (Symantec Corporation)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
aawservice -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft)
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
aawservice -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft)
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
rdpdd.sys -> %SystemRoot%\System32\rdpdd.dll -> [2008/04/13 19:13:22 | 00,092,424 | ---- | M] (Microsoft Corporation)
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
UploadMgr -> Service
vga.sys -> Driver
< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
"BootExecute" -> autocheck autochk *;lsdelete; ->
"ExcludeFromKnownDlls" -> ->
*ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories ->
\Windows -> -> File not found
\RPC Control -> -> File not found
*MultiFile Done* -> ->
< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
"ComSpec" -> C:\WINDOWS\system32\cmd.exe -> [2008/04/13 19:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation)
"TEMP" -> %SystemRoot%\TEMP ->
"TMP" -> %SystemRoot%\TEMP ->
"windir" -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%SystemRoot%\system32 -> %SystemRoot%\system32 -> [2008/12/31 23:27:18 | 00,000,000 | ---D | M]
%SystemRoot% -> %SystemRoot% -> [2008/12/31 22:04:05 | 00,000,000 | ---D | M]
%SystemRoot%\System32\Wbem -> %SystemRoot%\system32\wbem -> [2008/09/04 09:04:47 | 00,000,000 | ---D | M]
C:\Program Files\QuickTime\QTSystem\ -> %ProgramFiles%\QuickTime\QTSystem -> [2008/04/10 09:33:29 | 00,000,000 | ---D | M]
*MultiFile Done* -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> -> File not found
.EXE -> -> File not found
.BAT -> -> File not found
.CMD -> -> File not found
.VBS -> -> File not found
.VBE -> -> File not found
.JS -> -> File not found
.JSE -> -> File not found
.WSF -> -> File not found
.WSH -> -> File not found
*MultiFile Done* -> ->
< Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations ->
< Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls ->
"advapi32" -> C:\WINDOWS\system32\advapi32.dll -> [2008/04/13 19:11:48 | 00,617,472 | ---- | M] (Microsoft Corporation)
"comdlg32" -> C:\WINDOWS\system32\comdlg32.dll -> [2008/04/13 19:11:51 | 00,276,992 | ---- | M] (Microsoft Corporation)
"DllDirectory" -> C:\WINDOWS\system32 -> [2008/12/31 23:27:18 | 00,000,000 | ---D | M]
"gdi32" -> C:\WINDOWS\system32\gdi32.dll -> [2008/10/23 07:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation)
"imagehlp" -> C:\WINDOWS\system32\imagehlp.dll -> [2008/04/13 19:11:54 | 00,144,384 | ---- | M] (Microsoft Corporation)
"kernel32" -> C:\WINDOWS\system32\kernel32.dll -> [2008/04/13 19:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation)
"lz32" -> C:\WINDOWS\system32\lz32.dll -> [2002/09/03 14:42:37 | 00,002,560 | ---- | M] (Microsoft Corporation)
"ole32" -> C:\WINDOWS\system32\ole32.dll -> [2008/04/13 19:12:02 | 01,287,168 | ---- | M] (Microsoft Corporation)
"oleaut32" -> C:\WINDOWS\system32\oleaut32.dll -> [2008/04/13 19:12:02 | 00,551,936 | ---- | M] (Microsoft Corporation)
"olecli32" -> C:\WINDOWS\system32\olecli32.dll -> [2008/04/13 19:12:02 | 00,074,752 | ---- | M] (Microsoft Corporation)
"olecnv32" -> C:\WINDOWS\system32\olecnv32.dll -> [2008/04/13 19:12:02 | 00,037,376 | ---- | M] (Microsoft Corporation)
"olesvr32" -> C:\WINDOWS\system32\olesvr32.dll -> [2002/09/03 14:51:15 | 00,022,016 | ---- | M] (Microsoft Corporation)
"olethk32" -> C:\WINDOWS\system32\olethk32.dll -> [2002/09/03 14:51:15 | 00,069,120 | ---- | M] (Microsoft Corporation)
"rpcrt4" -> C:\WINDOWS\system32\rpcrt4.dll -> [2008/04/13 19:12:04 | 00,584,704 | ---- | M] (Microsoft Corporation)
"shell32" -> C:\WINDOWS\system32\shell32.dll -> [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)
"url" -> C:\WINDOWS\system32\url.dll -> [2008/10/16 15:38:39 | 00,105,984 | ---- | M] (Microsoft Corporation)
"urlmon" -> C:\WINDOWS\system32\urlmon.dll -> [2008/10/16 15:38:39 | 01,160,192 | ---- | M] (Microsoft Corporation)
"user32" -> C:\WINDOWS\system32\user32.dll -> [2008/04/13 19:12:08 | 00,578,560 | ---- | M] (Microsoft Corporation)
"version" -> C:\WINDOWS\system32\version.dll -> [2008/04/13 19:12:08 | 00,018,944 | ---- | M] (Microsoft Corporation)
"wininet" -> C:\WINDOWS\system32\wininet.dll -> [2008/10/16 15:38:40 | 00,826,368 | ---- | M] (Microsoft Corporation)
"wldap32" -> C:\WINDOWS\system32\wldap32.dll -> [2008/04/13 19:12:09 | 00,172,032 | ---- | M] (Microsoft Corporation)
< Session Manager SFC Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC ->
"CommonFilesDir" -> C:\Program Files\Common Files -> [2008/12/05 09:39:35 | 00,000,000 | ---D | M]
"ProgramFilesDir" -> C:\Program Files -> [2008/12/29 21:49:51 | 00,000,000 | ---D | M]
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> [2007/07/24 15:17:08 | 00,147,456 | ---- | M] (Apple Inc.)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 6/20/2008 2:48:50 PM Computer Name = UNSAVORYBYTE | Source = Application Error | ID = 1000 -> Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting module firefox.exe, version 1.8.20080.40413, fault address 0x0026965a.
Application [ Error ] 6/25/2008 9:18:31 AM Computer Name = UNSAVORYBYTE | Source = Application Error | ID = 1000 -> Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting module quicktime.qts, version 7.4.5.67, fault address 0x00151844.
Application [ Error ] 7/2/2008 5:36:01 PM Computer Name = UNSAVORYBYTE | Source = Application Error | ID = 1000 -> Description = Faulting application dvdfab.exe, version 5.0.3.0, faulting module dvdfab.exe, version 5.0.3.0, fault address 0x0009174d.
Application [ Error ] 7/2/2008 5:44:25 PM Computer Name = UNSAVORYBYTE | Source = Application Hang | ID = 1002 -> Description = Hanging application DVD Shrink 3.2.exe, version 3.2.0.15, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 7/2/2008 10:51:38 PM Computer Name = UNSAVORYBYTE | Source = Application Error | ID = 1000 -> Description = Faulting application wlanutil.exe, version 2.22.0.0, faulting module wlanutil.exe, version 2.22.0.0, fault address 0x0000a9eb.
Application [ Error ] 7/9/2008 10:45:18 PM Computer Name = UNSAVORYBYTE | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.8.20080.62306, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 7/9/2008 10:45:21 PM Computer Name = UNSAVORYBYTE | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.8.20080.62306, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 7/9/2008 10:48:04 PM Computer Name = UNSAVORYBYTE | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.8.20080.62306, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 7/13/2008 12:24:15 AM Computer Name = UNSAVORYBYTE | Source = Application Error | ID = 1000 -> Description = Faulting application firefox.exe, version 1.8.20080.62306, faulting module quicktime.qts, version 7.4.5.67, fault address 0x00151844.
Application [ Error ] 7/14/2008 6:55:12 AM Computer Name = UNSAVORYBYTE | Source = Application Error | ID = 1000 -> Description = Faulting application firefox.exe, version 1.8.20080.62306, faulting module quicktime.qts, version 7.4.5.67, fault address 0x00151844.
System [ Error ] 12/31/2008 11:03:12 PM Computer Name = UNSAVORYBYTE | Source = Service Control Manager | ID = 7001 -> Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31
System [ Error ] 12/31/2008 11:03:12 PM Computer Name = UNSAVORYBYTE | Source = Service Control Manager | ID = 7001 -> Description = The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31
System [ Error ] 12/31/2008 11:03:12 PM Computer Name = UNSAVORYBYTE | Source = Service Control Manager | ID = 7001 -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31
System [ Error ] 12/31/2008 11:03:12 PM Computer Name = UNSAVORYBYTE | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm IPSec MRxSmb NetBIOS NetBT OMCI pavboot RasAcd Rdbss SRTSPX SYMTDI Tcpip
System [ Error ] 12/31/2008 11:03:37 PM Computer Name = UNSAVORYBYTE | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
System [ Error ] 12/31/2008 11:13:52 PM Computer Name = UNSAVORYBYTE | Source = Service Control Manager | ID = 7000 -> Description = The Kaspersky Internet Security 7.0 service failed to start due to the following error: %%3
System [ Error ] 1/1/2009 3:57:32 PM Computer Name = UNSAVORYBYTE | Source = Service Control Manager | ID = 7000 -> Description = The Kaspersky Internet Security 7.0 service failed to start due to the following error: %%3
System [ Error ] 1/1/2009 4:12:02 PM Computer Name = UNSAVORYBYTE | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.96 for the Network Card with network address 0007E9568F0C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 1/1/2009 4:17:07 PM Computer Name = UNSAVORYBYTE | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.100 for the Network Card with network address 0007E9568F0C has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 1/2/2009 9:42:14 AM Computer Name = UNSAVORYBYTE | Source = Service Control Manager | ID = 7000 -> Description = The Kaspersky Internet Security 7.0 service failed to start due to the following error: %%3


Report •

#9
January 2, 2009 at 07:45:10
Post 4:

[Files/Folders - Created Within 90 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/01/02 08:57:26 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/02 08:56:04 | 00,648,611 | ---- | C] ()
user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2008/12/31 22:06:34 | 00,578,560 | ---- | C] (Microsoft Corporation)
ERUNT -> %SystemRoot%\ERUNT -> [2008/12/31 22:04:05 | 00,000,000 | ---D | C]
SDFix -> %SystemDrive%\SDFix -> [2008/12/31 21:58:54 | 00,000,000 | ---D | C]
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [2008/12/30 22:38:25 | 01,529,241 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> %AppData%\GDIPFONTCACHEV1.DAT -> [2008/12/30 22:27:11 | 00,033,928 | ---- | C] ()
pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> [2008/12/29 21:50:17 | 00,028,544 | ---- | C] (Panda Security, S.L.)
Panda Security -> %ProgramFiles%\Panda Security -> [2008/12/29 21:49:51 | 00,000,000 | ---D | C]
NOS -> %ProgramFiles%\NOS -> [2008/12/28 16:07:54 | 00,000,000 | ---D | C]
NOS -> %AllUsersProfile%\Application Data\NOS -> [2008/12/28 16:07:54 | 00,000,000 | ---D | C]
PCFriendly -> %ProgramFiles%\PCFriendly -> [2008/12/27 11:47:59 | 00,000,000 | ---D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2008/12/26 11:32:16 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/12/26 11:32:07 | 00,000,696 | ---- | C] ()
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/26 11:32:06 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/26 11:32:03 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2008/12/26 11:32:00 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/12/26 11:31:59 | 00,000,000 | ---D | C]
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> [2008/12/25 20:00:52 | 00,401,720 | ---- | C] (Trend Micro Inc.)
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/12/25 12:54:21 | 00,000,793 | ---- | C] ()
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/12/25 12:54:21 | 00,000,793 | ---- | C] ()
Lavasoft -> %ProgramFiles%\Lavasoft -> [2008/12/25 12:54:07 | 00,000,000 | ---D | C]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [2008/12/25 12:54:06 | 00,000,000 | ---D | C]
Recent -> %UserProfile%\Recent -> [2008/12/20 00:09:31 | 00,000,000 | RH-D | C]
Cat.DB -> %SystemRoot%\System32\drivers\NIS\1002000.007\Cat.DB -> [2008/12/18 09:45:02 | 00,733,668 | ---- | C] ()
symtdi.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\symtdi.sys -> [2008/12/18 09:15:47 | 00,198,192 | ---- | C] (Symantec Corporation)
symredrv.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\symredrv.sys -> [2008/12/18 09:15:47 | 00,024,624 | ---- | C] (Symantec Corporation)
symndisv.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\symndisv.sys -> [2008/12/18 09:15:46 | 00,040,496 | ---- | C] (Symantec Corporation)
SymNet.cat -> %SystemRoot%\System32\drivers\NIS\1002000.007\SymNet.cat -> [2008/12/18 09:15:46 | 00,010,858 | ---- | C] ()
SymNet.inf -> %SystemRoot%\System32\drivers\NIS\1002000.007\SymNet.inf -> [2008/12/18 09:15:46 | 00,001,609 | ---- | C] ()
symndis.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\symndis.sys -> [2008/12/18 09:15:45 | 00,037,424 | ---- | C] (Symantec Corporation)
SymEFA.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\SymEFA.sys -> [2008/12/18 09:15:44 | 00,309,296 | ---- | C] (Symantec Corporation)
symfw.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\symfw.sys -> [2008/12/18 09:15:44 | 00,089,904 | ---- | C] (Symantec Corporation)
symids.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\symids.sys -> [2008/12/18 09:15:44 | 00,034,608 | ---- | C] (Symantec Corporation)
srtspx.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\srtspx.sys -> [2008/12/18 09:15:43 | 00,043,696 | ---- | C] (Symantec Corporation)
symdns.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\symdns.sys -> [2008/12/18 09:15:43 | 00,012,976 | ---- | C] (Symantec Corporation)
SymEFA.cat -> %SystemRoot%\System32\drivers\NIS\1002000.007\SymEFA.cat -> [2008/12/18 09:15:43 | 00,008,428 | ---- | C] ()
SymEFA.inf -> %SystemRoot%\System32\drivers\NIS\1002000.007\SymEFA.inf -> [2008/12/18 09:15:43 | 00,003,373 | ---- | C] ()
srtsp.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\srtsp.sys -> [2008/12/18 09:15:42 | 00,306,736 | ---- | C] (Symantec Corporation)
srtspx.cat -> %SystemRoot%\System32\drivers\NIS\1002000.007\srtspx.cat -> [2008/12/18 09:15:42 | 00,008,390 | ---- | C] ()
srtspx.inf -> %SystemRoot%\System32\drivers\NIS\1002000.007\srtspx.inf -> [2008/12/18 09:15:42 | 00,001,388 | ---- | C] ()
srtsp.inf -> %SystemRoot%\System32\drivers\NIS\1002000.007\srtsp.inf -> [2008/12/18 09:15:42 | 00,001,382 | ---- | C] ()
cchpx86.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\cchpx86.sys -> [2008/12/18 09:15:41 | 00,362,544 | ---- | C] (Symantec Corporation)
srtsp.cat -> %SystemRoot%\System32\drivers\NIS\1002000.007\srtsp.cat -> [2008/12/18 09:15:41 | 00,008,386 | ---- | C] ()
ccHPx86.cat -> %SystemRoot%\System32\drivers\NIS\1002000.007\ccHPx86.cat -> [2008/12/18 09:15:40 | 00,010,609 | ---- | C] ()
ccHPx86.inf -> %SystemRoot%\System32\drivers\NIS\1002000.007\ccHPx86.inf -> [2008/12/18 09:15:40 | 00,001,754 | ---- | C] ()
BHDrvx86.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\BHDrvx86.sys -> [2008/12/18 09:15:34 | 00,255,536 | ---- | C] (Symantec Corporation)
BHDrvx86.inf -> %SystemRoot%\System32\drivers\NIS\1002000.007\BHDrvx86.inf -> [2008/12/18 09:15:33 | 00,000,640 | ---- | C] ()
BHDrvx86.CAT -> %SystemRoot%\System32\drivers\NIS\1002000.007\BHDrvx86.CAT -> [2008/12/18 09:15:31 | 00,008,382 | ---- | C] ()
isolate.ini -> %SystemRoot%\System32\drivers\NIS\1002000.007\isolate.ini -> [2008/12/18 09:13:22 | 00,000,172 | ---- | C] ()
1002000.007 -> %SystemRoot%\System32\drivers\NIS\1002000.007 -> [2008/12/18 09:13:21 | 00,000,000 | ---D | C]
Symantec -> %AllUsersProfile%\Application Data\Symantec -> [2008/12/05 22:40:52 | 00,000,000 | ---D | C]
dec 08 research sch draft - Anony2002.doc -> %UserProfile%\Desktop\dec 08 research sch draft - Anony2002.doc -> [2008/12/05 14:06:04 | 00,087,040 | ---- | C] ()
Symantec -> %UserProfile%\My Documents\Symantec -> [2008/12/05 09:40:55 | 00,000,000 | ---D | C]
SymIM.sys -> %SystemRoot%\System32\drivers\SymIM.sys -> [2008/12/05 09:39:41 | 00,036,272 | R--- | C] (Symantec Corporation)
SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> [2008/12/05 09:39:36 | 00,124,464 | ---- | C] (Symantec Corporation)
S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> [2008/12/05 09:39:36 | 00,060,808 | ---- | C] (Symantec Corporation)
SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [2008/12/05 09:39:36 | 00,010,635 | ---- | C] ()
SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [2008/12/05 09:39:36 | 00,000,806 | ---- | C] ()
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [2008/12/05 09:39:35 | 00,000,000 | ---D | C]
Symantec -> %ProgramFiles%\Symantec -> [2008/12/05 09:39:35 | 00,000,000 | ---D | C]
Norton Internet Security.lnk -> %AllUsersProfile%\Desktop\Norton Internet Security.lnk -> [2008/12/05 09:39:27 | 00,001,964 | ---- | C] ()
NIS -> %SystemRoot%\System32\drivers\NIS -> [2008/12/05 09:38:54 | 00,000,000 | ---D | C]
Windows Sidebar -> %ProgramFiles%\Windows Sidebar -> [2008/12/05 09:38:52 | 00,000,000 | ---D | C]
Norton Internet Security -> %ProgramFiles%\Norton Internet Security -> [2008/12/05 09:38:52 | 00,000,000 | ---D | C]
Norton -> %AllUsersProfile%\Application Data\Norton -> [2008/12/05 09:38:52 | 00,000,000 | ---D | C]
NortonInstaller -> %ProgramFiles%\NortonInstaller -> [2008/12/05 09:37:44 | 00,000,000 | ---D | C]
NortonInstaller -> %AllUsersProfile%\Application Data\NortonInstaller -> [2008/12/05 09:37:44 | 00,000,000 | ---D | C]
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/13 09:10:05 | 00,455,296 | ---- | C] (Microsoft Corporation)
msxml3.dll -> %SystemRoot%\System32\dllcache\msxml3.dll -> [2008/11/13 09:09:40 | 01,106,944 | ---- | C] (Microsoft Corporation)
CTDEVCTRL.HLP -> %SystemRoot%\System32\CTDEVCTRL.HLP -> [2008/11/07 18:00:31 | 00,014,273 | ---- | C] ()
ctdevctrl.CNT -> %SystemRoot%\System32\ctdevctrl.CNT -> [2008/11/07 18:00:31 | 00,000,274 | ---- | C] ()
SBWIN.INI -> %SystemRoot%\SBWIN.INI -> [2008/11/07 18:00:31 | 00,000,066 | ---- | C] ()
CTDevctrl.gid -> %SystemRoot%\System32\CTDevctrl.gid -> [2008/11/07 18:00:31 | 00,000,000 | ---- | C] ()
CTDevctrl.fts -> %SystemRoot%\System32\CTDevctrl.fts -> [2008/11/07 18:00:31 | 00,000,000 | ---- | C] ()
CTDevctrl.ftg -> %SystemRoot%\System32\CTDevctrl.ftg -> [2008/11/07 18:00:31 | 00,000,000 | ---- | C] ()
gameenum.sys -> %SystemRoot%\System32\drivers\gameenum.sys -> [2008/11/07 18:00:22 | 00,010,624 | ---- | C] (Microsoft Corporation)
gameenum.sys -> %SystemRoot%\System32\dllcache\gameenum.sys -> [2008/11/07 18:00:22 | 00,010,624 | ---- | C] (Microsoft Corporation)
settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm -> [2008/11/07 18:00:13 | 00,000,588 | ---- | C] ()
settings.sfm -> %SystemRoot%\System32\settings.sfm -> [2008/11/07 18:00:13 | 00,000,588 | ---- | C] ()
P16X.ini -> %SystemRoot%\System32\P16X.ini -> [2008/11/07 17:59:51 | 00,002,516 | ---- | C] ()
ctzapxx.ini -> %SystemRoot%\System32\ctzapxx.ini -> [2008/11/07 17:59:51 | 00,000,026 | ---- | C] ()
Data -> %SystemRoot%\System32\Data -> [2008/11/07 17:59:51 | 00,000,000 | ---D | C]
Ct1mgm.rom -> %SystemRoot%\System32\Ct1mgm.rom -> [2008/11/07 17:59:50 | 01,048,576 | ---- | C] ()
MIXDEF.INI -> %SystemRoot%\MIXDEF.INI -> [2008/11/07 17:59:50 | 00,002,696 | ---- | C] ()
default8.sfm -> %SystemRoot%\System32\default8.sfm -> [2008/11/07 17:59:50 | 00,000,059 | ---- | C] ()
default4.sfm -> %SystemRoot%\System32\default4.sfm -> [2008/11/07 17:59:50 | 00,000,059 | ---- | C] ()
Default.sfm -> %SystemRoot%\System32\Default.sfm -> [2008/11/07 17:59:50 | 00,000,059 | ---- | C] ()
Creative -> %ProgramFiles%\Creative -> [2008/11/07 17:58:45 | 00,000,000 | ---D | C]
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/24 08:28:39 | 00,337,408 | ---- | C] (Microsoft Corporation)
gdi32.dll -> %SystemRoot%\System32\dllcache\gdi32.dll -> [2008/10/23 07:36:14 | 00,286,720 | ---- | C] (Microsoft Corporation)
WebEx -> %ProgramFiles%\WebEx -> [2008/10/21 11:02:43 | 00,000,000 | ---D | C]
CanonBJ -> %AllUsersProfile%\Application Data\CanonBJ -> [2008/10/18 10:53:58 | 00,000,000 | -H-D | C]
CanonIJ Uninstaller Information -> %SystemRoot%\System32\CanonIJ Uninstaller Information -> [2008/10/18 10:53:34 | 00,000,000 | -H-D | C]
CNCC160.DLL -> %SystemRoot%\System32\CNCC160.DLL -> [2008/10/18 10:53:25 | 01,302,528 | ---- | C] (CANON INC.)
CNCI160.DLL -> %SystemRoot%\System32\CNCI160.DLL -> [2008/10/18 10:53:25 | 00,069,632 | ---- | C] (CANON INC.)
CanonBJ -> %ProgramFiles%\CanonBJ -> [2008/10/18 10:52:39 | 00,000,000 | -H-D | C]
srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/10/14 21:03:26 | 00,333,824 | ---- | C] (Microsoft Corporation)
win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/10/14 21:02:37 | 01,846,400 | ---- | C] (Microsoft Corporation)
ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/10/14 21:02:24 | 02,145,280 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/10/14 21:02:23 | 02,189,184 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/10/14 21:02:22 | 02,066,048 | ---- | C] (Microsoft Corporation)
ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/10/14 21:02:22 | 02,023,936 | ---- | C] (Microsoft Corporation)
WB_MIU -> %UserProfile%\Desktop\WB_MIU -> [2008/10/14 13:12:21 | 00,000,000 | ---D | C]
Netflix -> %ProgramFiles%\Netflix -> [2008/10/04 12:44:53 | 00,000,000 | ---D | C]

[Files/Folders - Modified Within 90 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/01/02 08:57:36 | 08,126,464 | -H-- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/02 08:56:07 | 00,648,611 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/01/02 08:43:32 | 00,002,206 | ---- | M] ()
Perflib_Perfdata_45c.dat -> %SystemRoot%\Temp\Perflib_Perfdata_45c.dat -> [2009/01/02 08:42:38 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_2c4.dat -> %SystemRoot%\Temp\Perflib_Perfdata_2c4.dat -> [2009/01/02 08:42:02 | 00,016,384 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/01/02 08:41:55 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/01/02 08:41:46 | 00,002,048 | --S- | M] ()
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> [2009/01/01 15:19:18 | 00,401,720 | ---- | M] (Trend Micro Inc.)
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [2008/12/31 22:07:57 | 00,000,686 | ---- | M] ()
user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2008/12/31 22:06:34 | 00,578,560 | ---- | M] (Microsoft Corporation)
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [2008/12/31 21:53:42 | 01,529,241 | ---- | M] ()
wklntsk.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntsk.dat -> [2008/12/30 22:27:11 | 00,720,312 | ---- | M] ()
wklntnts.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntnts.dat -> [2008/12/30 22:27:11 | 00,720,312 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> %AppData%\GDIPFONTCACHEV1.DAT -> [2008/12/30 22:27:11 | 00,033,928 | ---- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2008/12/29 22:56:41 | 00,000,202 | ---- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/12/28 17:36:30 | 04,254,514 | -H-- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/12/26 12:02:43 | 00,058,880 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/12/26 11:32:07 | 00,000,696 | ---- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2008/12/26 11:15:45 | 00,000,178 | -HS- | M] ()
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2008/12/26 10:40:44 | 00,001,602 | ---- | M] ()
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/12/25 12:54:21 | 00,000,793 | ---- | M] ()
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/12/25 12:54:21 | 00,000,793 | ---- | M] ()
hosts.20081225-122234.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081225-122234.backup -> [2008/12/24 23:19:39 | 00,291,585 | R--- | M] ()
index.dat -> %SystemRoot%\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008/12/22 07:30:31 | 00,049,152 | -HS- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/12/22 07:30:24 | 00,000,284 | ---- | M] ()
index.dat -> %SystemRoot%\Temp\History\History.IE5\index.dat -> [2008/12/22 07:30:23 | 00,016,384 | -HS- | M] ()
index.dat -> %SystemRoot%\Temp\Cookies\index.dat -> [2008/12/22 07:30:23 | 00,016,384 | -HS- | M] ()
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/12/20 00:33:48 | 00,054,156 | -H-- | M] ()
Cat.DB -> %SystemRoot%\System32\drivers\NIS\1002000.007\Cat.DB -> [2008/12/18 09:45:16 | 00,733,668 | ---- | M] ()
Norton Internet Security.lnk -> %AllUsersProfile%\Desktop\Norton Internet Security.lnk -> [2008/12/18 09:30:45 | 00,001,964 | ---- | M] ()
isolate.ini -> %SystemRoot%\System32\drivers\NIS\1002000.007\isolate.ini -> [2008/12/18 09:13:22 | 00,000,172 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/18 09:04:34 | 00,004,646 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/18 09:04:34 | 00,004,232 | ---- | M] ()
mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation)
mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation)
symtdi.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\symtdi.sys -> [2008/12/11 22:29:20 | 00,198,192 | ---- | M] (Symantec Corporation)
symndisv.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\symndisv.sys -> [2008/12/11 22:29:20 | 00,040,496 | ---- | M] (Symantec Corporation)
symndis.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\symndis.sys -> [2008/12/11 22:29:20 | 00,037,424 | ---- | M] (Symantec Corporation)
symredrv.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\symredrv.sys -> [2008/12/11 22:29:20 | 00,024,624 | ---- | M] (Symantec Corporation)
SymEFA.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\SymEFA.sys -> [2008/12/11 22:29:19 | 00,309,296 | ---- | M] (Symantec Corporation)
symfw.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\symfw.sys -> [2008/12/11 22:29:19 | 00,089,904 | ---- | M] (Symantec Corporation)
symids.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\symids.sys -> [2008/12/11 22:29:19 | 00,034,608 | ---- | M] (Symantec Corporation)
srtsp.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\srtsp.sys -> [2008/12/11 22:29:18 | 00,306,736 | ---- | M] (Symantec Corporation)
BHDrvx86.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\BHDrvx86.sys -> [2008/12/11 22:29:18 | 00,255,536 | ---- | M] (Symantec Corporation)
srtspx.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\srtspx.sys -> [2008/12/11 22:29:18 | 00,043,696 | ---- | M] (Symantec Corporation)
symdns.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\symdns.sys -> [2008/12/11 22:29:18 | 00,012,976 | ---- | M] (Symantec Corporation)
SymEFA.inf -> %SystemRoot%\System32\drivers\NIS\1002000.007\SymEFA.inf -> [2008/12/11 22:28:51 | 00,003,373 | ---- | M] ()
ccHPx86.inf -> %SystemRoot%\System32\drivers\NIS\1002000.007\ccHPx86.inf -> [2008/12/11 22:28:51 | 00,001,754 | ---- | M] ()
SymNet.inf -> %SystemRoot%\System32\drivers\NIS\1002000.007\SymNet.inf -> [2008/12/11 22:28:51 | 00,001,609 | ---- | M] ()
srtspx.inf -> %SystemRoot%\System32\drivers\NIS\1002000.007\srtspx.inf -> [2008/12/11 22:28:51 | 00,001,388 | ---- | M] ()
srtsp.inf -> %SystemRoot%\System32\drivers\NIS\1002000.007\srtsp.inf -> [2008/12/11 22:28:51 | 00,001,382 | ---- | M] ()
BHDrvx86.inf -> %SystemRoot%\System32\drivers\NIS\1002000.007\BHDrvx86.inf -> [2008/12/11 22:28:51 | 00,000,640 | ---- | M] ()
SymNet.cat -> %SystemRoot%\System32\drivers\NIS\1002000.007\SymNet.cat -> [2008/12/11 22:28:35 | 00,010,858 | ---- | M] ()
ccHPx86.cat -> %SystemRoot%\System32\drivers\NIS\1002000.007\ccHPx86.cat -> [2008/12/11 22:28:35 | 00,010,609 | ---- | M] ()
SymEFA.cat -> %SystemRoot%\System32\drivers\NIS\1002000.007\SymEFA.cat -> [2008/12/11 22:28:35 | 00,008,428 | ---- | M] ()
srtspx.cat -> %SystemRoot%\System32\drivers\NIS\1002000.007\srtspx.cat -> [2008/12/11 22:28:35 | 00,008,390 | ---- | M] ()
srtsp.cat -> %SystemRoot%\System32\drivers\NIS\1002000.007\srtsp.cat -> [2008/12/11 22:28:35 | 00,008,386 | ---- | M] ()
BHDrvx86.CAT -> %SystemRoot%\System32\drivers\NIS\1002000.007\BHDrvx86.CAT -> [2008/12/11 22:28:35 | 00,008,382 | ---- | M] ()
SymIM.sys -> %SystemRoot%\System32\drivers\SymIM.sys -> [2008/12/11 22:28:28 | 00,036,272 | R--- | M] (Symantec Corporation)
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/12/09 19:56:13 | 00,001,374 | ---- | M] ()
dec 08 research sch draft - Anony2002.doc -> %UserProfile%\Desktop\dec 08 research sch draft - Anony2002.doc -> [2008/12/05 14:09:16 | 00,087,040 | ---- | M] ()
SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> [2008/12/05 09:39:35 | 00,124,464 | ---- | M] (Symantec Corporation)
S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> [2008/12/05 09:39:35 | 00,060,808 | ---- | M] (Symantec Corporation)
SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [2008/12/05 09:39:35 | 00,010,635 | ---- | M] ()
SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [2008/12/05 09:39:35 | 00,000,806 | ---- | M] ()
cchpx86.sys -> %SystemRoot%\System32\drivers\NIS\1002000.007\cchpx86.sys -> [2008/12/05 09:39:24 | 00,362,544 | ---- | M] (Symantec Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/03 19:54:08 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/03 19:54:04 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/12/02 16:26:30 | 17,593,280 | ---- | M] (Microsoft Corporation)
win.ini -> %SystemRoot%\win.ini -> [2008/11/19 22:22:35 | 00,000,538 | ---- | M] ()
EPISME00.SWB -> %SystemRoot%\EPISME00.SWB -> [2008/11/13 09:53:11 | 00,009,662 | ---- | M] ()
SBWIN.INI -> %SystemRoot%\SBWIN.INI -> [2008/11/07 18:01:07 | 00,000,066 | ---- | M] ()
settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm -> [2008/11/07 18:00:13 | 00,000,588 | ---- | M] ()
settings.sfm -> %SystemRoot%\System32\settings.sfm -> [2008/11/07 18:00:13 | 00,000,588 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/11/03 08:40:30 | 00,356,120 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/11/03 08:40:30 | 00,311,604 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/11/03 08:40:30 | 00,039,992 | ---- | M] ()
mrxsmb.sys -> %SystemRoot%\System32\drivers\mrxsmb.sys -> [2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation)
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation)
gdi32.dll -> %SystemRoot%\System32\gdi32.dll -> [2008/10/23 07:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation)
gdi32.dll -> %SystemRoot%\System32\dllcache\gdi32.dll -> [2008/10/23 07:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation)
tzchange.exe -> %SystemRoot%\System32\tzchange.exe -> [2008/10/23 05:06:59 | 00,062,976 | ---- | M] (Microsoft Corporation)
Folder.jpg -> %UserProfile%\Desktop\Folder.jpg -> [2008/10/16 22:35:24 | 00,003,879 | -HS- | M] ()
AlbumArtSmall.jpg -> %UserProfile%\Desktop\AlbumArtSmall.jpg -> [2008/10/16 22:35:24 | 00,001,287 | -HS- | M] ()
wininet.dll -> %SystemRoot%\System32\wininet.dll -> [2008/10/16 15:38:40 | 00,826,368 | ---- | M] (Microsoft Corporation)
wininet.dll -> %SystemRoot%\System32\dllcache\wininet.dll -> [2008/10/16 15:38:40 | 00,826,368 | ---- | M] (Microsoft Corporation)
urlmon.dll -> %SystemRoot%\System32\urlmon.dll -> [2008/10/16 15:38:39 | 01,160,192 | ---- | M] (Microsoft Corporation)
urlmon.dll -> %SystemRoot%\System32\dllcache\urlmon.dll -> [2008/10/16 15:38:39 | 01,160,192 | ---- | M] (Microsoft Corporation)
mstime.dll -> %SystemRoot%\System32\mstime.dll -> [2008/10/16 15:38:39 | 00,671,232 | ---- | M] (Microsoft Corporation)
mstime.dll -> %SystemRoot%\System32\dllcache\mstime.dll -> [2008/10/16 15:38:39 | 00,671,232 | ---- | M] (Microsoft Corporation)
webcheck.dll -> %SystemRoot%\System32\webcheck.dll -> [2008/10/16 15:38:39 | 00,233,472 | ---- | M] (Microsoft Corporation)
webcheck.dll -> %SystemRoot%\System32\dllcache\webcheck.dll -> [2008/10/16 15:38:39 | 00,233,472 | ---- | M] (Microsoft Corporation)
url.dll -> %SystemRoot%\System32\url.dll -> [2008/10/16 15:38:39 | 00,105,984 | ---- | M] (Microsoft Corporation)
url.dll -> %SystemRoot%\System32\dllcache\url.dll -> [2008/10/16 15:38:39 | 00,105,984 | ---- | M] (Microsoft Corporation)
occache.dll -> %SystemRoot%\System32\occache.dll -> [2008/10/16 15:38:39 | 00,102,912 | ---- | M] (Microsoft Corporation)
occache.dll -> %SystemRoot%\System32\dllcache\occache.dll -> [2008/10/16 15:38:39 | 00,102,912 | ---- | M] (Microsoft Corporation)
pngfilt.dll -> %SystemRoot%\System32\pngfilt.dll -> [2008/10/16 15:38:39 | 00,044,544 | ---- | M] (Microsoft Corporation)
pngfilt.dll -> %SystemRoot%\System32\dllcache\pngfilt.dll -> [2008/10/16 15:38:39 | 00,044,544 | ---- | M] (Microsoft Corporation)
mshtmled.dll -> %SystemRoot%\System32\mshtmled.dll -> [2008/10/16 15:38:38 | 00,477,696 | ---- | M] (Microsoft Corporation)
mshtmled.dll -> %SystemRoot%\System32\dllcache\mshtmled.dll -> [2008/10/16 15:38:38 | 00,477,696 | ---- | M] (Microsoft Corporation)
msrating.dll -> %SystemRoot%\System32\msrating.dll -> [2008/10/16 15:38:38 | 00,193,024 | ---- | M] (Microsoft Corporation)
msrating.dll -> %SystemRoot%\System32\dllcache\msrating.dll -> [2008/10/16 15:38:38 | 00,193,024 | ---- | M] (Microsoft Corporation)
ieframe.dll -> %SystemRoot%\System32\ieframe.dll -> [2008/10/16 15:38:37 | 06,066,176 | ---- | M] (Microsoft Corporation)
ieframe.dll -> %SystemRoot%\System32\dllcache\ieframe.dll -> [2008/10/16 15:38:37 | 06,066,176 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> %SystemRoot%\System32\inetcpl.cpl -> [2008/10/16 15:38:37 | 01,831,424 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> %SystemRoot%\System32\dllcache\inetcpl.cpl -> [2008/10/16 15:38:37 | 01,831,424 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> %SystemRoot%\System32\msfeeds.dll -> [2008/10/16 15:38:37 | 00,459,264 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> %SystemRoot%\System32\dllcache\msfeeds.dll -> [2008/10/16 15:38:37 | 00,459,264 | ---- | M] (Microsoft Corporation)
iertutil.dll -> %SystemRoot%\System32\iertutil.dll -> [2008/10/16 15:38:37 | 00,267,776 | ---- | M] (Microsoft Corporation)
iertutil.dll -> %SystemRoot%\System32\dllcache\iertutil.dll -> [2008/10/16 15:38:37 | 00,267,776 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> %SystemRoot%\System32\msfeedsbs.dll -> [2008/10/16 15:38:37 | 00,052,224 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> %SystemRoot%\System32\dllcache\msfeedsbs.dll -> [2008/10/16 15:38:37 | 00,052,224 | ---- | M] (Microsoft Corporation)
iernonce.dll -> %SystemRoot%\System32\iernonce.dll -> [2008/10/16 15:38:37 | 00,044,544 | ---- | M] (Microsoft Corporation)
iernonce.dll -> %SystemRoot%\System32\dllcache\iernonce.dll -> [2008/10/16 15:38:37 | 00,044,544 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> %SystemRoot%\System32\jsproxy.dll -> [2008/10/16 15:38:37 | 00,027,648 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> %SystemRoot%\System32\dllcache\jsproxy.dll -> [2008/10/16 15:38:37 | 00,027,648 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> %SystemRoot%\System32\iedkcs32.dll -> [2008/10/16 15:38:35 | 00,384,512 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> %SystemRoot%\System32\dllcache\iedkcs32.dll -> [2008/10/16 15:38:35 | 00,384,512 | ---- | M] (Microsoft Corporation)
ieapfltr.dll -> %SystemRoot%\System32\ieapfltr.dll -> [2008/10/16 15:38:35 | 00,383,488 | ---- | M] (Microsoft Corporation)
ieapfltr.dll -> %SystemRoot%\System32\dllcache\ieapfltr.dll -> [2008/10/16 15:38:35 | 00,383,488 | ---- | M] (Microsoft Corporation)
ieaksie.dll -> %SystemRoot%\System32\ieaksie.dll -> [2008/10/16 15:38:35 | 00,230,400 | ---- | M] (Microsoft Corporation)
ieaksie.dll -> %SystemRoot%\System32\dllcache\ieaksie.dll -> [2008/10/16 15:38:35 | 00,230,400 | ---- | M] (Microsoft Corporation)
ieakeng.dll -> %SystemRoot%\System32\ieakeng.dll -> [2008/10/16 15:38:35 | 00,153,088 | ---- | M] (Microsoft Corporation)
ieakeng.dll -> %SystemRoot%\System32\dllcache\ieakeng.dll -> [2008/10/16 15:38:35 | 00,153,088 | ---- | M] (Microsoft Corporation)
extmgr.dll -> %SystemRoot%\System32\extmgr.dll -> [2008/10/16 15:38:35 | 00,133,120 | ---- | M] (Microsoft Corporation)
extmgr.dll -> %SystemRoot%\System32\dllcache\extmgr.dll -> [2008/10/16 15:38:35 | 00,133,120 | ---- | M] (Microsoft Corporation)
icardie.dll -> %SystemRoot%\System32\icardie.dll -> [2008/10/16 15:38:35 | 00,063,488 | ---- | M] (Microsoft Corporation)
icardie.dll -> %SystemRoot%\System32\dllcache\icardie.dll -> [2008/10/16 15:38:35 | 00,063,488 | ---- | M] (Microsoft Corporation)
dxtmsft.dll -> %SystemRoot%\System32\dxtmsft.dll -> [2008/10/16 15:38:34 | 00,347,136 | ---- | M] (Microsoft Corporation)
dxtmsft.dll -> %SystemRoot%\System32\dllcache\dxtmsft.dll -> [2008/10/16 15:38:34 | 00,347,136 | ---- | M] (Microsoft Corporation)
dxtrans.dll -> %SystemRoot%\System32\dxtrans.dll -> [2008/10/16 15:38:34 | 00,214,528 | ---- | M] (Microsoft Corporation)
dxtrans.dll -> %SystemRoot%\System32\dllcache\dxtrans.dll -> [2008/10/16 15:38:34 | 00,214,528 | ---- | M] (Microsoft Corporation)
advpack.dll -> %SystemRoot%\System32\dllcache\advpack.dll -> [2008/10/16 15:38:34 | 00,124,928 | ---- | M] (Microsoft Corporation)
advpack.dll -> %SystemRoot%\System32\advpack.dll -> [2008/10/16 15:38:34 | 00,124,928 | ---- | M] (Microsoft Corporation)
wuaueng.dll -> %SystemRoot%\System32\wuaueng.dll -> [2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation)
wuaueng.dll -> %SystemRoot%\System32\dllcache\wuaueng.dll -> [2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation)
wuweb.dll -> %SystemRoot%\System32\wuweb.dll -> [2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation)
wuweb.dll -> %SystemRoot%\System32\dllcache\wuweb.dll -> [2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation)
wucltui.dll -> %SystemRoot%\System32\wucltui.dll -> [2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation)
wucltui.dll -> %SystemRoot%\System32\dllcache\wucltui.dll -> [2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation)
wuapi.dll -> %SystemRoot%\System32\wuapi.dll -> [2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation)
wuapi.dll -> %SystemRoot%\System32\dllcache\wuapi.dll -> [2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation)
wuaucpl.cpl -> %SystemRoot%\System32\wuaucpl.cpl -> [2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation)
wuaucpl.cpl -> %SystemRoot%\System32\dllcache\wuaucpl.cpl -> [2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation)
cdm.dll -> %SystemRoot%\System32\dllcache\cdm.dll -> [2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation)
cdm.dll -> %SystemRoot%\System32\cdm.dll -> [2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation)
wuauclt.exe -> %SystemRoot%\System32\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation)
wuauclt.exe -> %SystemRoot%\System32\dllcache\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation)
wups2.dll -> %SystemRoot%\System32\wups2.dll -> [2008/10/16 14:09:44 | 00,043,544 | ---- | M] (Microsoft Corporation)
wucltui.dll.mui -> %SystemRoot%\System32\wucltui.dll.mui -> [2008/10/16 14:09:40 | 00,031,768 | ---- | M] (Microsoft Corporation)
wups.dll -> %SystemRoot%\System32\wups.dll -> [2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation)
wups.dll -> %SystemRoot%\System32\dllcache\wups.dll -> [2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation)
wuaucpl.cpl.mui -> %SystemRoot%\System32\wuaucpl.cpl.mui -> [2008/10/16 14:07:46 | 00,023,576 | ---- | M] (Microsoft Corporation)
wuapi.dll.mui -> %SystemRoot%\System32\wuapi.dll.mui -> [2008/10/16 14:07:44 | 00,023,576 | ---- | M] (Microsoft Corporation)
wuaueng.dll.mui -> %SystemRoot%\System32\wuaueng.dll.mui -> [2008/10/16 14:07:14 | 00,018,456 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> %SystemRoot%\System32\ie4uinit.exe -> [2008/10/16 08:11:09 | 00,070,656 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> %SystemRoot%\System32\dllcache\ie4uinit.exe -> [2008/10/16 08:11:09 | 00,070,656 | ---- | M] (Microsoft Corporation)
ieudinit.exe -> %SystemRoot%\System32\ieudinit.exe -> [2008/10/16 08:11:09 | 00,013,824 | ---- | M] (Microsoft Corporation)
ieudinit.exe -> %SystemRoot%\System32\dllcache\ieudinit.exe -> [2008/10/16 08:11:09 | 00,013,824 | ---- | M] (Microsoft Corporation)
netapi32.dll -> %SystemRoot%\System32\netapi32.dll -> [2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation)
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation)
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/10/15 07:02:38 | 00,163,528 | ---- | M] ()
iexplore.exe -> %SystemRoot%\System32\dllcache\iexplore.exe -> [2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation)
ieakui.dll -> %SystemRoot%\System32\ieakui.dll -> [2008/10/15 02:04:53 | 00,161,792 | ---- | M] (Microsoft Corporation)
ieakui.dll -> %SystemRoot%\System32\dllcache\ieakui.dll -> [2008/10/15 02:04:53 | 00,161,792 | ---- | M] (Microsoft Corporation)
system.ini -> %SystemRoot%\system.ini -> [2008/10/11 21:06:53 | 00,000,227 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2008/10/11 21:06:53 | 00,000,211 | RHS- | M] ()
wkcalcat.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wkcalcat.dat -> [2008/08/26 22:57:44 | 00,016,384 | ---- | M] ()
data.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\data.dat -> [2007/10/03 16:11:50 | 00,003,804 | ---- | M] ()
hhcolreg.dat -> %AllUsersProfile%\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [2007/09/23 12:33:23 | 00,008,131 | ---- | M] ()


Report •

#10
January 2, 2009 at 07:46:43
Post 5:

[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %UserProfile%\Thumbs.db:encryptable
@Alternate Data Stream - 119 bytes -> %AllUsersProfile%\Application Data\TEMP:8CE646EE

[File - Lop Check]
Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/12/28 16:07:54 | 00,000,000 | RH-D | M]
Ahead -> C:\Documents and Settings\All Users\Application Data\Ahead -> [2007/09/10 07:07:08 | 00,000,000 | ---D | M]
CanonBJ -> C:\Documents and Settings\All Users\Application Data\CanonBJ -> [2008/10/18 10:53:58 | 00,000,000 | -H-D | M]
CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink -> [2007/09/10 08:07:49 | 00,000,000 | ---D | M]
DVD Shrink -> C:\Documents and Settings\All Users\Application Data\DVD Shrink -> [2008/12/24 17:51:36 | 00,000,000 | ---D | M]
Norton -> C:\Documents and Settings\All Users\Application Data\Norton -> [2008/12/05 09:38:52 | 00,000,000 | ---D | M]
NortonInstaller -> C:\Documents and Settings\All Users\Application Data\NortonInstaller -> [2008/12/05 09:38:20 | 00,000,000 | ---D | M]
pdf995 -> C:\Documents and Settings\All Users\Application Data\pdf995 -> [2008/01/31 11:39:00 | 00,000,000 | ---D | M]
SlySoft -> C:\Documents and Settings\All Users\Application Data\SlySoft -> [2008/07/02 16:34:18 | 00,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008/10/18 11:43:07 | 00,000,000 | ---D | M]
vsosdk -> C:\Documents and Settings\All Users\Application Data\vsosdk -> [2007/12/08 14:31:25 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\Anony2002\Application Data -> [2008/12/30 22:27:11 | 00,000,000 | RH-D | M]
.purple -> C:\Documents and Settings\Anony2002\Application Data\.purple -> [2008/09/17 22:05:45 | 00,000,000 | ---D | M]
Ahead -> C:\Documents and Settings\Anony2002\Application Data\Ahead -> [2007/09/10 15:39:48 | 00,000,000 | ---D | M]
CyberLink -> C:\Documents and Settings\Anony2002\Application Data\CyberLink -> [2007/09/23 13:06:21 | 00,000,000 | ---D | M]
DVDFab -> C:\Documents and Settings\Anony2002\Application Data\DVDFab -> [2007/11/15 21:57:07 | 00,000,000 | ---D | M]
gtk-2.0 -> C:\Documents and Settings\Anony2002\Application Data\gtk-2.0 -> [2008/04/26 23:06:41 | 00,000,000 | ---D | M]
OverDrive -> C:\Documents and Settings\Anony2002\Application Data\OverDrive -> [2008/02/14 16:09:51 | 00,000,000 | ---D | M]
pdf995 -> C:\Documents and Settings\Anony2002\Application Data\pdf995 -> [2008/01/31 11:40:36 | 00,000,000 | ---D | M]
Thunderbird -> C:\Documents and Settings\Anony2002\Application Data\Thunderbird -> [2008/02/28 15:47:57 | 00,000,000 | ---D | M]
U3 -> C:\Documents and Settings\Anony2002\Application Data\U3 -> [2008/07/28 08:57:20 | 00,000,000 | ---D | M]
uTorrent -> C:\Documents and Settings\Anony2002\Application Data\uTorrent -> [2008/12/31 23:19:19 | 00,000,000 | ---D | M]
Vso -> C:\Documents and Settings\Anony2002\Application Data\Vso -> [2008/02/10 00:12:02 | 00,000,000 | ---D | M]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/01/18 22:59:48 | 00,000,000 | --SD | M]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008/12/22 07:30:24 | 00,000,284 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2002/09/03 14:48:04 | 00,000,065 | RH-- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/01/02 08:41:55 | 00,000,006 | -H-- | M] ()

[File - Purity Scan]

[File - Signature Check]
< Cached Copy > -> < OS Copy > -> < MD5's >
C:\WINDOWS\servicepackfiles\i386\explorer.exe [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\explorer.exe [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -> Cached Copy = 12896823FB95BFB3DC9B46BCAEDC9923 \ OS Copy = 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\servicepackfiles\i386\csrss.exe [2008/04/13 19:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\csrss.exe [2008/04/13 19:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -> Cached Copy = 44F275C64738EA2056E3D9580C23B60F \ OS Copy = 44F275C64738EA2056E3D9580C23B60F
C:\WINDOWS\servicepackfiles\i386\lsass.exe [2008/04/13 19:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\lsass.exe [2008/04/13 19:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -> Cached Copy = BF2466B3E18E970D8A976FB95FC1CA85 \ OS Copy = BF2466B3E18E970D8A976FB95FC1CA85
C:\WINDOWS\servicepackfiles\i386\rundll32.exe [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\rundll32.exe [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -> Cached Copy = 037B1E7798960E0420003D05BB577EE6 \ OS Copy = 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\servicepackfiles\i386\services.exe [2008/04/13 19:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\services.exe [2008/04/13 19:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -> Cached Copy = 0E776ED5F7CC9F94299E70461B7B8185 \ OS Copy = 0E776ED5F7CC9F94299E70461B7B8185
C:\WINDOWS\servicepackfiles\i386\smss.exe [2008/04/13 19:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\smss.exe [2008/04/13 19:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -> Cached Copy = 5F816C1F539266D2D4C78694239DA0B5 \ OS Copy = 5F816C1F539266D2D4C78694239DA0B5
C:\WINDOWS\servicepackfiles\i386\spoolsv.exe [2008/04/13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\spoolsv.exe [2008/04/13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -> Cached Copy = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B \ OS Copy = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
C:\WINDOWS\servicepackfiles\i386\svchost.exe [2008/04/13 19:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\svchost.exe [2008/04/13 19:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -> Cached Copy = 27C6D03BCDB8CFEB96B716F3D8BE3E18 \ OS Copy = 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\servicepackfiles\i386\taskmgr.exe [2008/04/13 19:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\taskmgr.exe [2008/04/13 19:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -> Cached Copy = 2CD1C3506A85B38E2D17E61ADED175C4 \ OS Copy = 2CD1C3506A85B38E2D17E61ADED175C4
C:\WINDOWS\servicepackfiles\i386\userinit.exe [2008/04/13 19:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\userinit.exe [2008/04/13 19:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -> Cached Copy = A93AEE1928A9D7CE3E16D24EC7380F89 \ OS Copy = A93AEE1928A9D7CE3E16D24EC7380F89
C:\WINDOWS\servicepackfiles\i386\winlogon.exe [2008/04/13 19:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\winlogon.exe [2008/04/13 19:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -> Cached Copy = ED0EF0A136DEC83DF69F04118870003E \ OS Copy = ED0EF0A136DEC83DF69F04118870003E

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:de,a0,87,bf,d7,ca,8b,a5,7b,0e,e1,31,5d,fc,c2,8c,23,4b,b2,75,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,28,ad,f2,65,49,e9,4c,e5,a0,06,ca,b9,cc,ac,8c,3a,2e,..
"khjeh"=hex:56,51,17,a1,65,30,4b,2f,d6,41,ce,5c,3c,12,6c,53,0b,8d,a3,65,73,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,ff,9e,a0,8b,c1,7a,cf,76,93,0e,02,39,17,8a,71,d4,7d,71,ca,0a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:00,65,fb,2a,00,25,8a,70,3d,b1,fd,91,92,6d,49,95,00,34,d5,e0,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:de,a0,87,bf,d7,ca,8b,a5,7b,0e,e1,31,5d,fc,c2,8c,23,4b,b2,75,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,28,ad,f2,65,49,e9,4c,e5,a0,06,ca,b9,cc,ac,8c,3a,2e,..
"khjeh"=hex:56,51,17,a1,65,30,4b,2f,d6,41,ce,5c,3c,12,6c,53,0b,8d,a3,65,73,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:78,7f,ea,fa,ed,cf,f3,74,44,e2,a1,13,c8,06,b3,0d,1e,c8,6d,6e,f5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:00,65,fb,2a,00,25,8a,70,3d,b1,fd,91,92,6d,49,95,00,34,d5,e0,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:de,a0,87,bf,d7,ca,8b,a5,7b,0e,e1,31,5d,fc,c2,8c,23,4b,b2,75,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,28,ad,f2,65,49,e9,4c,e5,a0,06,ca,b9,cc,ac,8c,3a,2e,..
"khjeh"=hex:56,51,17,a1,65,30,4b,2f,d6,41,ce,5c,3c,12,6c,53,0b,8d,a3,65,73,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,ff,9e,a0,8b,c1,7a,cf,76,93,0e,02,39,17,8a,71,d4,7d,71,ca,0a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:00,65,fb,2a,00,25,8a,70,3d,b1,fd,91,92,6d,49,95,00,34,d5,e0,53,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\72D13DE4.TMP 0 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE 119 bytes
C:\Documents and Settings\Anony2002\My Documents\Downloads\Points.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Parents\Favorites\Bank of America Home Personal.url:favicon 1406 bytes
C:\Documents and Settings\Parents\Favorites\Google.url:favicon 1150 bytes
C:\Documents and Settings\Parents\Favorites\MSN.com.url:favicon 1406 bytes
scan completed successfully
hidden files: 82


Report •

#11
January 2, 2009 at 07:47:37
6th and last:

[Custom Scans]
< %systemroot%\Prefetch\*.* /s >
C:\WINDOWS\Prefetch\ -> C:\WINDOWS\Prefetch -> [2009/01/02 09:18:03 | 00,000,000 | ---D | M]
AAWSERVICE.EXE-3B93EBA3.pf -> C:\WINDOWS\Prefetch\AAWSERVICE.EXE -> [2008/12/31 21:54:50 | 00,002,554 | ---- | M] ()
ACRORD32.EXE-13285B88.pf -> C:\WINDOWS\Prefetch\ACRORD32.EXE -> [2008/12/31 23:14:33 | 00,091,428 | ---- | M] ()
ACRORD32INFO.EXE-013EA364.pf -> C:\WINDOWS\Prefetch\ACRORD32INFO.EXE -> [2008/12/31 21:40:01 | 00,041,988 | ---- | M] ()
AD-AWARE.EXE-3122AD3A.pf -> C:\WINDOWS\Prefetch\AD-AWARE.EXE -> [2008/12/31 21:54:37 | 00,005,468 | ---- | M] ()
CATCHME.EXE-0F2677AA.pf -> C:\WINDOWS\Prefetch\CATCHME.EXE -> [2009/01/02 09:21:11 | 00,073,008 | ---- | M] ()
CCSVCHST.EXE-15BE75DC.pf -> C:\WINDOWS\Prefetch\CCSVCHST.EXE -> [2009/01/01 15:24:46 | 00,084,188 | ---- | M] ()
CGHTME.EXE-33B3FE87.pf -> C:\WINDOWS\Prefetch\CGHTME.EXE -> [2008/12/31 22:17:34 | 00,011,192 | ---- | M] ()
CLIPTEXT.EXE-1606842F.pf -> C:\WINDOWS\Prefetch\CLIPTEXT.EXE -> [2008/12/31 22:21:16 | 00,005,094 | ---- | M] ()
CLTLMH.EXE-2D74F460.pf -> C:\WINDOWS\Prefetch\CLTLMH.EXE -> [2009/01/02 08:47:25 | 00,058,102 | ---- | M] ()
CMD.EXE-087B4001.pf -> C:\WINDOWS\Prefetch\CMD.EXE -> [2009/01/01 15:15:13 | 00,020,274 | ---- | M] ()
CSWEG.EXE-02598DDA.pf -> C:\WINDOWS\Prefetch\CSWEG.EXE -> [2008/12/31 22:21:11 | 00,011,650 | ---- | M] ()
CTFMON.EXE-0E17969B.pf -> C:\WINDOWS\Prefetch\CTFMON.EXE -> [2009/01/02 08:44:03 | 00,017,638 | ---- | M] ()
CWSHREDDER.EXE-0996F146.pf -> C:\WINDOWS\Prefetch\CWSHREDDER.EXE -> [2008/12/28 12:31:31 | 00,029,264 | ---- | M] ()
DEFRAG.EXE-273F131E.pf -> C:\WINDOWS\Prefetch\DEFRAG.EXE -> [2008/12/28 17:24:16 | 00,017,548 | ---- | M] ()
DFRGNTFS.EXE-269967DF.pf -> C:\WINDOWS\Prefetch\DFRGNTFS.EXE -> [2008/12/28 17:24:16 | 00,070,164 | ---- | M] ()
DIAGENT.EXE-0E98E65F.pf -> C:\WINDOWS\Prefetch\DIAGENT.EXE -> [2009/01/02 08:44:03 | 00,017,716 | ---- | M] ()
DNIF.EXE-26A0214B.pf -> C:\WINDOWS\Prefetch\DNIF.EXE -> [2008/12/31 22:21:11 | 00,005,732 | ---- | M] ()
DRWTSN32.EXE-2B4B52AC.pf -> C:\WINDOWS\Prefetch\DRWTSN32.EXE -> [2008/12/31 21:39:47 | 00,040,616 | ---- | M] ()
DUMPREP.EXE-1B46F901.pf -> C:\WINDOWS\Prefetch\DUMPREP.EXE -> [2008/12/31 21:56:23 | 00,053,346 | ---- | M] ()
DVD SHRINK 3.2.EXE-073EAA21.pf -> C:\WINDOWS\Prefetch\DVD SHRINK 3.2.E -> [2009/01/01 17:54:02 | 00,084,772 | ---- | M] ()
DWWIN.EXE-30875ADC.pf -> C:\WINDOWS\Prefetch\DWWIN.EXE -> [2008/12/31 21:39:37 | 00,062,598 | ---- | M] ()
EDITREG.EXE-200FDBD5.pf -> C:\WINDOWS\Prefetch\EDITREG.EXE -> [2008/12/31 22:17:23 | 00,011,328 | ---- | M] ()
EXPLORER.EXE-082F38A9.pf -> C:\WINDOWS\Prefetch\EXPLORER.EXE -> [2009/01/01 15:24:52 | 00,112,632 | ---- | M] ()
E_FAMTACA.EXE-0637CC28.pf -> C:\WINDOWS\Prefetch\E_FAMTACA.EXE -> [2008/12/31 23:27:28 | 00,059,968 | ---- | M] ()
E_FARNACA.EXE-29B818AD.pf -> C:\WINDOWS\Prefetch\E_FARNACA.EXE -> [2008/12/31 23:27:29 | 00,026,006 | ---- | M] ()
E_FATIACA.EXE-384B1E9A.pf -> C:\WINDOWS\Prefetch\E_FATIACA.EXE -> [2009/01/02 08:44:03 | 00,026,708 | ---- | M] ()
E_FBSRACA.EXE-32222A7B.pf -> C:\WINDOWS\Prefetch\E_FBSRACA.EXE -> [2008/12/31 23:27:05 | 00,019,620 | ---- | M] ()
FIREFOX.EXE-28641590.pf -> C:\WINDOWS\Prefetch\FIREFOX.EXE -> [2009/01/02 09:11:54 | 00,145,054 | ---- | M] ()
FOIENUM.EXE-01687A72.pf -> C:\WINDOWS\Prefetch\FOIENUM.EXE -> [2009/01/01 16:07:47 | 00,060,982 | ---- | M] ()
GETPLUS_ADOBE_REG.EXE-04A73046.pf -> C:\WINDOWS\Prefetch\GETPLUS_ADOBE_REG.EXE -> [2008/12/28 16:08:04 | 00,022,214 | ---- | M] ()
GETPLUS_ADOBE_REG_BOOTSTRAP.E-1DEB49C6.pf -> C:\WINDOWS\Prefetch\GETPLUS_ADOBE_REG_BOOTSTRAP.E-1 -> [2008/12/28 16:08:03 | 00,020,834 | ---- | M] ()
GETPLUS_HELPERSVC.EXE-259E35F6.pf -> C:\WINDOWS\Prefetch\GETPLUS_HELPERSVC.EXE -> [2008/12/28 16:08:07 | 00,014,820 | ---- | M] ()
HELPCTR.EXE-3862B6F5.pf -> C:\WINDOWS\Prefetch\HELPCTR.EXE -> [2009/01/01 15:01:38 | 00,065,778 | ---- | M] ()
HELPHOST.EXE-247D2792.pf -> C:\WINDOWS\Prefetch\HELPHOST.EXE -> [2009/01/01 15:01:53 | 00,022,506 | ---- | M] ()
HELPSVC.EXE-2878DDA2.pf -> C:\WINDOWS\Prefetch\HELPSVC.EXE -> [2009/01/01 15:01:49 | 00,037,184 | ---- | M] ()
HIJACKTHIS.EXE-35413416.pf -> C:\WINDOWS\Prefetch\HIJACKTHIS.EXE -> [2009/01/01 15:19:41 | 00,044,596 | ---- | M] ()
IEXPLORE.EXE-27122324.pf -> C:\WINDOWS\Prefetch\IEXPLORE.EXE -> [2008/12/29 21:43:37 | 00,081,682 | ---- | M] ()
IMAPI.EXE-0BF740A4.pf -> C:\WINDOWS\Prefetch\IMAPI.EXE -> [2009/01/01 15:24:59 | 00,019,274 | ---- | M] ()
IPCONFIG.EXE-2395F30B.pf -> C:\WINDOWS\Prefetch\IPCONFIG.EXE -> [2009/01/01 15:15:06 | 00,024,666 | ---- | M] ()
JAVA.EXE-0C263507.pf -> C:\WINDOWS\Prefetch\JAVA.EXE -> [2009/01/01 00:43:05 | 00,073,728 | ---- | M] ()
JQSNOTIFY.EXE-24AE4A36.pf -> C:\WINDOWS\Prefetch\JQSNOTIFY.EXE -> [2009/01/02 09:11:57 | 00,008,650 | ---- | M] ()
JRE-6U11-WINDOWS-I586-P.EXE-0961BF2A.pf -> C:\WINDOWS\Prefetch\JRE-6U11-WINDOWS-I586-P.EXE -> [2008/12/31 22:48:09 | 00,053,656 | ---- | M] ()
JUSCHED.EXE-25206883.pf -> C:\WINDOWS\Prefetch\JUSCHED.EXE -> [2009/01/02 08:44:03 | 00,015,030 | ---- | M] ()
LAUNCHER.EXE-208F04E2.pf -> C:\WINDOWS\Prefetch\LAUNCHER.EXE -> [2008/12/31 20:47:51 | 00,054,382 | ---- | M] ()
Layout.ini -> C:\WINDOWS\Prefetch\Layout.ini -> [2008/12/28 17:24:05 | 00,417,602 | ---- | M] ()
LOGON.SCR-151EFAEA.pf -> C:\WINDOWS\Prefetch\LOGON.SCR -> [2009/01/01 18:29:38 | 00,030,590 | ---- | M] ()
LOGONUI.EXE-0AF22957.pf -> C:\WINDOWS\Prefetch\LOGONUI.EXE -> [2009/01/01 20:56:07 | 00,062,960 | ---- | M] ()
LS.EXE-08231091.pf -> C:\WINDOWS\Prefetch\LS.EXE -> [2008/12/31 22:17:25 | 00,004,262 | ---- | M] ()
MBAM-DOR.EXE-203884D2.pf -> C:\WINDOWS\Prefetch\MBAM-DOR.EXE -> [2008/12/28 16:08:21 | 00,017,336 | ---- | M] ()
MBAM.EXE-0BEE0439.pf -> C:\WINDOWS\Prefetch\MBAM.EXE -> [2009/01/01 15:52:00 | 00,091,184 | ---- | M] ()
MCUI32.EXE-2BCE5D63.pf -> C:\WINDOWS\Prefetch\MCUI32.EXE -> [2008/12/30 22:37:32 | 00,061,118 | ---- | M] ()
MMC.EXE-04EF131A.pf -> C:\WINDOWS\Prefetch\MMC.EXE -> [2008/12/31 09:21:39 | 00,057,014 | ---- | M] ()
MMC.EXE-230DED8E.pf -> C:\WINDOWS\Prefetch\MMC.EXE -> [2008/12/31 09:22:20 | 00,065,138 | ---- | M] ()
MMC.EXE-39071BCC.pf -> C:\WINDOWS\Prefetch\MMC.EXE -> [2009/01/01 15:38:17 | 00,040,146 | ---- | M] ()
MSIEXEC.EXE-2F8A8CAE.pf -> C:\WINDOWS\Prefetch\MSIEXEC.EXE -> [2008/12/31 22:48:38 | 00,041,916 | ---- | M] ()
MSWORKS.EXE-31812CA4.pf -> C:\WINDOWS\Prefetch\MSWORKS.EXE -> [2008/12/30 22:27:12 | 00,028,164 | ---- | M] ()
NEROCHECK.EXE-092C6DFA.pf -> C:\WINDOWS\Prefetch\NEROCHECK.EXE -> [2009/01/02 08:44:02 | 00,007,206 | ---- | M] ()
NOTEPAD.EXE-336351A9.pf -> C:\WINDOWS\Prefetch\NOTEPAD.EXE -> [2009/01/01 17:53:36 | 00,021,974 | ---- | M] ()
NTOSBOOT-B00DFAAD.pf -> C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -> [2009/01/02 08:44:02 | 01,417,668 | ---- | M] ()
NWIZ.EXE-2D0F9FBC.pf -> C:\WINDOWS\Prefetch\NWIZ.EXE -> [2009/01/02 08:44:02 | 00,042,134 | ---- | M] ()
OSA.EXE-2CD63980.pf -> C:\WINDOWS\Prefetch\OSA.EXE -> [2009/01/01 15:17:06 | 00,027,768 | ---- | M] ()
OTSCANIT2.EXE-0405D123.pf -> C:\WINDOWS\Prefetch\OTSCANIT2.EXE -> [2009/01/02 09:09:42 | 00,022,672 | ---- | M] ()
OTSCANIT2.EXE-087D8110.pf -> C:\WINDOWS\Prefetch\OTSCANIT2.EXE -> [2009/01/02 08:57:23 | 00,014,074 | ---- | M] ()
PATCH.EXE-106F115A.pf -> C:\WINDOWS\Prefetch\PATCH.EXE -> [2008/12/28 16:46:12 | 00,011,632 | ---- | M] ()
PDVDSERV.EXE-0448293E.pf -> C:\WINDOWS\Prefetch\PDVDSERV.EXE -> [2009/01/02 08:44:03 | 00,015,674 | ---- | M] ()
PG2.EXE-261CD56D.pf -> C:\WINDOWS\Prefetch\PG2.EXE -> [2008/12/31 23:09:00 | 00,043,004 | ---- | M] ()
QTTASK.EXE-342507FB.pf -> C:\WINDOWS\Prefetch\QTTASK.EXE -> [2009/01/02 08:44:02 | 00,008,752 | ---- | M] ()
READER_SL.EXE-3614FA6E.pf -> C:\WINDOWS\Prefetch\READER_SL.EXE -> [2009/01/02 08:44:03 | 00,014,616 | ---- | M] ()
REGSVR32.EXE-25EEFE2F.pf -> C:\WINDOWS\Prefetch\REGSVR32.EXE -> [2008/12/29 21:50:17 | 00,028,256 | ---- | M] ()
RSTRUI.EXE-03C49A96.pf -> C:\WINDOWS\Prefetch\RSTRUI.EXE -> [2008/12/28 17:36:28 | 00,084,534 | ---- | M] ()
RTSDNIF.EXE-2DEC3B2B.pf -> C:\WINDOWS\Prefetch\RTSDNIF.EXE -> [2008/12/31 22:16:57 | 00,005,018 | ---- | M] ()
RUNDLL32.EXE-12EC221B.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2009/01/01 15:07:51 | 00,049,558 | ---- | M] ()
RUNDLL32.EXE-147710F4.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2009/01/01 15:38:06 | 00,035,946 | ---- | M] ()
RUNDLL32.EXE-1637D78E.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/31 21:17:55 | 00,021,268 | ---- | M] ()
RUNDLL32.EXE-19B3AED6.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/31 09:59:08 | 00,015,252 | ---- | M] ()
RUNDLL32.EXE-1D99A587.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/31 21:40:40 | 00,025,342 | ---- | M] ()
RUNDLL32.EXE-247FE6B9.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2009/01/02 08:44:02 | 00,044,046 | ---- | M] ()
RUNDLL32.EXE-2576181F.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2009/01/02 09:11:48 | 00,046,066 | ---- | M] ()
RUNDLL32.EXE-2CD85FD3.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/31 21:48:42 | 00,049,166 | ---- | M] ()
RUNDLL32.EXE-31247066.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2009/01/02 08:44:03 | 00,032,148 | ---- | M] ()
RUNDLL32.EXE-451FC2C0.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2009/01/01 19:43:21 | 00,017,166 | ---- | M] ()
RUNONCE.EXE-2803F297.pf -> C:\WINDOWS\Prefetch\RUNONCE.EXE -> [2008/12/29 21:50:17 | 00,017,018 | ---- | M] ()
SDFIX.EXE-1D1322FF.pf -> C:\WINDOWS\Prefetch\SDFIX.EXE -> [2008/12/31 21:58:56 | 00,048,564 | ---- | M] ()
SETUP_WM.EXE-3135CBD6.pf -> C:\WINDOWS\Prefetch\SETUP_WM.EXE -> [2008/12/31 10:31:32 | 00,030,882 | ---- | M] ()
SNDVOL32.EXE-383480B7.pf -> C:\WINDOWS\Prefetch\SNDVOL32.EXE -> [2008/12/31 22:51:25 | 00,013,764 | ---- | M] ()
SPYBOTSD.EXE-1344276B.pf -> C:\WINDOWS\Prefetch\SPYBOTSD.EXE -> [2008/12/31 08:45:55 | 00,061,226 | ---- | M] ()
SVCHOST.EXE-3530F672.pf -> C:\WINDOWS\Prefetch\SVCHOST.EXE -> [2009/01/02 08:44:03 | 00,027,920 | ---- | M] ()
SWSC.EXE-1B7F0DFA.pf -> C:\WINDOWS\Prefetch\SWSC.EXE -> [2008/12/31 22:17:04 | 00,007,080 | ---- | M] ()
TASKMGR.EXE-20256C55.pf -> C:\WINDOWS\Prefetch\TASKMGR.EXE -> [2008/12/31 22:46:57 | 00,062,228 | ---- | M] ()
TEATIMER.EXE-1F57E47A.pf -> C:\WINDOWS\Prefetch\TEATIMER.EXE -> [2008/12/31 08:36:03 | 00,031,654 | ---- | M] ()
UPDREG.EXE-084B6B55.pf -> C:\WINDOWS\Prefetch\UPDREG.EXE -> [2009/01/02 08:44:02 | 00,007,002 | ---- | M] ()
USERINIT.EXE-30B18140.pf -> C:\WINDOWS\Prefetch\USERINIT.EXE -> [2009/01/01 15:24:49 | 00,062,164 | ---- | M] ()
UTORRENT.EXE-3888D1B0.pf -> C:\WINDOWS\Prefetch\UTORRENT.EXE -> [2008/12/31 23:08:38 | 00,082,628 | ---- | M] ()
VERCLSID.EXE-3667BD89.pf -> C:\WINDOWS\Prefetch\VERCLSID.EXE -> [2009/01/02 09:09:46 | 00,017,574 | ---- | M] ()
VLC.EXE-22DF01AA.pf -> C:\WINDOWS\Prefetch\VLC.EXE -> [2008/12/29 22:30:56 | 00,017,592 | ---- | M] ()
WGATRAY.EXE-0ED38BED.pf -> C:\WINDOWS\Prefetch\WGATRAY.EXE -> [2009/01/02 08:44:02 | 00,062,488 | ---- | M] ()
WINWORD.EXE-29F5CB89.pf -> C:\WINDOWS\Prefetch\WINWORD.EXE -> [2008/12/30 22:26:53 | 00,042,370 | ---- | M] ()
WMIPRVSE.EXE-28F301A9.pf -> C:\WINDOWS\Prefetch\WMIPRVSE.EXE -> [2009/01/02 09:26:08 | 00,037,444 | ---- | M] ()
WMPLAYER.EXE-18DDEF9D.pf -> C:\WINDOWS\Prefetch\WMPLAYER.EXE -> [2008/12/31 10:30:09 | 00,059,450 | ---- | M] ()
WMPLAYER.EXE-18DDEFA2.pf -> C:\WINDOWS\Prefetch\WMPLAYER.EXE -> [2008/12/31 10:49:00 | 00,059,728 | ---- | M] ()
WMPLAYER.EXE-18DDEFA3.pf -> C:\WINDOWS\Prefetch\WMPLAYER.EXE -> [2008/12/29 23:51:23 | 00,006,140 | ---- | M] ()
WMPLAYER.EXE-18DDEFA4.pf -> C:\WINDOWS\Prefetch\WMPLAYER.EXE -> [2008/12/29 22:30:29 | 00,065,272 | ---- | M] ()
WMPLAYER.EXE-18DDEFA5.pf -> C:\WINDOWS\Prefetch\WMPLAYER.EXE -> [2008/12/31 10:32:00 | 00,006,140 | ---- | M] ()
WSCNTFY.EXE-1B24F5EB.pf -> C:\WINDOWS\Prefetch\WSCNTFY.EXE -> [2008/12/31 22:00:01 | 00,010,506 | ---- | M] ()
WUAUCLT.EXE-399A8E72.pf -> C:\WINDOWS\Prefetch\WUAUCLT.EXE -> [2009/01/01 16:12:04 | 00,045,242 | ---- | M] ()
WUDFHOST.EXE-215E7549.pf -> C:\WINDOWS\Prefetch\WUDFHOST.EXE -> [2008/12/31 09:59:11 | 00,020,128 | ---- | M] ()
XLVIEW.EXE-2BEC3890.pf -> C:\WINDOWS\Prefetch\XLVIEW.EXE -> [2008/12/29 08:51:33 | 00,015,806 | ---- | M] ()
ZIP.EXE-03A98C6D.pf -> C:\WINDOWS\Prefetch\ZIP.EXE -> [2008/12/31 22:17:24 | 00,010,008 | ---- | M] ()
< %systemroot%\system32\drivers\*.dat >
< %systemroot%\Temp\bca4e2da.$$$ >
< %systemroot%\Temp\ed47fa.$ >
< %systemroot%\Temp\fa56d7ec.$$$ >
< %systemroot%\System32\antiwpa.dll >
< %PROGRAMFILES%\*crack*. >
Program Files -> C:\Program Files -> [2008/12/29 21:49:51 | 00,000,000 | ---D | M]
< %PROGRAMFILES%\*keygen*. >
Program Files -> C:\Program Files -> [2008/12/29 21:49:51 | 00,000,000 | ---D | M]
< %SYSTEMDRIVE%\*crack*. >
OTScanIt2 -> C: -> [2009/01/02 09:21:03 | 00,000,000 | ---D | M]
< %SYSTEMDRIVE%\*keygen*. >
OTScanIt2 -> C: -> [2009/01/02 09:21:03 | 00,000,000 | ---D | M]
< %SYSTEMDRIVE%\*.zip >
< %SYSTEMDRIVE%\*.rar >
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\*.dll >
< %systemroot%\*.zip >
< %systemroot%\*.rar >
< %systemroot%\system32\*.zip >
< %systemroot%\system32\*.rar >
< %PROGRAMFILES%\*.zip >
< %PROGRAMFILES%\*.rar >
< %PROGRAMFILES%\*.exe >
< %PROGRAMFILES%\*.dll >
Invalid Environment Variable: DESKTOP
Invalid Environment Variable: DESKTOP
Invalid Environment Variable: DESKTOP
< %PROGRAMFILES%\Common Files\*.* >
< %PROGRAMFILES%\Common Files\*bak*. >
Common Files -> C:\Program Files\Common Files -> [2008/12/05 09:39:35 | 00,000,000 | ---D | M]
< %systemroot%\SYSTEM32\*bak*. >
system32 -> C:\WINDOWS\SYSTEM32 -> [2008/12/31 23:27:18 | 00,000,000 | ---D | M]
< %PROGRAMFILES%\*bak*. >
Program Files -> C:\Program Files -> [2008/12/29 21:49:51 | 00,000,000 | ---D | M]
< %USERNAME%\*.zip >
< %USERNAME%\*.rar >
< %USERNAME%\*.exe >
< %USERPROFILE%\*.zip >
< %USERPROFILE%\*.rar >
< %USERPROFILE%\*.exe >
< %ALLUSERSPROFILE%\*.zip >
< %ALLUSERSPROFILE%\*.rar >
< %ALLUSERSPROFILE%\*.exe >
< %APPDATA%\*.zip >
< %APPDATA%\*.rar >
< %APPDATA%\*.exe >
C:\Documents and Settings\Anony2002\Application Data\ -> C:\Documents and Settings\Anony2002\Application Data -> [2008/12/30 22:27:11 | 00,000,000 | RH-D | M]
inst.exe -> C:\Documents and Settings\Anony2002\Application Data\inst.exe -> [2008/02/10 00:12:01 | 00,087,608 | ---- | M] ()
Invalid Environment Variable: ALLUSERSSTARTMENU
Invalid Environment Variable: ALLUSERSSTARTMENU
Invalid Environment Variable: ALLUSERSSTARTMENU
Invalid Environment Variable: ALLUSERSSTARTUP
Invalid Environment Variable: ALLUSERSSTARTUP
Invalid Environment Variable: ALLUSERSSTARTUP
Invalid Environment Variable: ALLUSERSPROGRAMS
Invalid Environment Variable: ALLUSERSPROGRAMS
Invalid Environment Variable: ALLUSERSPROGRAMS
Invalid Environment Variable: ALLUSERSAPPDATA
Invalid Environment Variable: ALLUSERSAPPDATA
Invalid Environment Variable: ALLUSERSAPPDATA
< %APPDATA%\*.zip >
< %APPDATA%\*.rar >
< %APPDATA%\*.exe >
C:\Documents and Settings\Anony2002\Application Data\ -> C:\Documents and Settings\Anony2002\Application Data -> [2008/12/30 22:27:11 | 00,000,000 | RH-D | M]
inst.exe -> C:\Documents and Settings\Anony2002\Application Data\inst.exe -> [2008/02/10 00:12:01 | 00,087,608 | ---- | M] ()
< %APPDATA%\*.dat >
C:\Documents and Settings\Anony2002\Application Data\ -> C:\Documents and Settings\Anony2002\Application Data -> [2008/12/30 22:27:11 | 00,000,000 | RH-D | M]
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Anony2002\Application Data\GDIPFONTCACHEV1.DAT -> [2008/12/30 22:27:11 | 00,033,928 | ---- | M] ()
< %APPDATA%\*.dll >
Invalid Environment Variable: QUICKLAUNCH
Invalid Environment Variable: QUICKLAUNCH
Invalid Environment Variable: QUICKLAUNCH
Invalid Environment Variable: STARTUP
Invalid Environment Variable: STARTUP
Invalid Environment Variable: STARTUP
Invalid Environment Variable: STARTMENU
Invalid Environment Variable: STARTMENU
Invalid Environment Variable: STARTMENU
Invalid Environment Variable: MYDOCUMENTS
Invalid Environment Variable: MYDOCUMENTS
Invalid Environment Variable: MYDOCUMENTS
< %PROGRAMFILES%\Mozilla Firefox\plugins\*.* >
C:\Program Files\Mozilla Firefox\plugins\ -> C:\Program Files\Mozilla Firefox\plugins -> [2008/12/28 16:07:54 | 00,000,000 | ---D | M]
flashplayer.xpt -> C:\Program Files\Mozilla Firefox\plugins\flashplayer.xpt -> [2008/03/24 18:19:00 | 00,000,856 | ---- | M] ()
np-mswmp.dll -> C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll -> [2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation)
np32dsw.dll -> C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll -> [2007/08/07 13:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.)
npdeploytk.dll -> C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll -> [2008/11/10 05:43:30 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npdivx32.dll -> C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll -> [2008/05/22 17:19:36 | 01,335,600 | ---- | M] (DivX,Inc.)
npdivx32.xpt -> C:\Program Files\Mozilla Firefox\plugins\npdivx32.xpt -> [2008/05/22 17:19:36 | 00,001,607 | ---- | M] ()
npDivxPlayerPlugin.dll -> C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll -> [2008/06/02 16:45:22 | 00,098,304 | ---- | M] (DivX, Inc)
npmozax.dll -> C:\Program Files\Mozilla Firefox\plugins\npmozax.dll -> [2005/12/05 21:31:00 | 00,114,688 | ---- | M] ()
npnul32.dll -> C:\Program Files\Mozilla Firefox\plugins\npnul32.dll -> [2008/12/02 15:12:14 | 00,065,528 | ---- | M] (mozilla.org)
nppdf32.dll -> C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll -> [2005/09/23 19:44:16 | 00,077,824 | ---- | M] (Adobe Systems Inc.)
nppl3260.dll -> C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll -> [2008/04/27 22:00:00 | 00,144,984 | ---- | M] (RealNetworks, Inc.)
npqtplugin.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll -> [2008/04/10 09:33:46 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll -> [2008/04/10 09:33:46 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll -> [2008/04/10 09:33:46 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll -> [2008/04/10 09:33:46 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll -> [2008/04/10 09:33:46 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll -> [2008/04/10 09:33:46 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll -> [2008/04/10 09:33:46 | 00,143,360 | ---- | M] (Apple Inc.)
nprpjplug.dll -> C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll -> [2008/04/27 22:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.)
NPSWF32.dll -> C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll -> [2008/03/24 19:21:00 | 02,889,088 | ---- | M] ()
NPSWF32_FlashUtil.exe -> C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -> [2008/03/24 19:21:00 | 00,218,496 | ---- | M] (Adobe Systems, Inc.)
np_gp.dll -> C:\Program Files\Mozilla Firefox\plugins\np_gp.dll -> [2008/12/01 11:01:02 | 00,114,540 | ---- | M] (NOS Microsystems Ltd.)
nsIDivxPlayerPlugin.xpt -> C:\Program Files\Mozilla Firefox\plugins\nsIDivxPlayerPlugin.xpt -> [2008/05/22 17:19:54 | 00,000,297 | ---- | M] ()
QuickTimePlugin.class -> C:\Program Files\Mozilla Firefox\plugins\QuickTimePlugin.cla -> [2008/04/10 09:33:45 | 00,004,208 | ---- | M] ()
ShockwavePlugin.class -> C:\Program Files\Mozilla Firefox\plugins\ShockwavePlugin.cla -> [2007/08/07 13:04:52 | 00,001,144 | ---- | M] ()
WMP Firefox Plugin License.rtf -> C:\Program Files\Mozilla Firefox\plugins\WMP Firefox Plugin License.rtf -> [2007/03/30 10:43:58 | 00,149,569 | ---- | M] ()
WMP Firefox Plugin RelNotes.txt -> C:\Program Files\Mozilla Firefox\plugins\WMP Firefox Plugin RelNotes.txt -> [2007/03/30 10:43:58 | 00,003,352 | ---- | M] ()
< %PROGRAMFILES%\Internet Explorer\*.* >
C:\Program Files\Internet Explorer\ -> C:\Program Files\Internet Explorer -> [2008/12/09 19:55:40 | 00,000,000 | ---D | M]
custsat.dll -> C:\Program Files\Internet Explorer\custsat.dll -> [2006/11/07 20:03:36 | 00,033,792 | ---- | M] (Microsoft Corporation)
hmmapi.dll -> C:\Program Files\Internet Explorer\hmmapi.dll -> [2006/10/17 10:44:36 | 00,060,416 | ---- | M] (Microsoft Corporation)
iedw.exe -> C:\Program Files\Internet Explorer\iedw.exe -> [2006/10/17 11:04:50 | 00,069,120 | ---- | M] (Microsoft Corporation)
ieproxy.dll -> C:\Program Files\Internet Explorer\ieproxy.dll -> [2006/11/07 20:03:36 | 00,287,744 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation)
< %PROGRAMFILES%\Mozilla Firefox\*.zip /s >
< %PROGRAMFILES%\Mozilla Firefox\*.rar /s >
< %PROGRAMFILES%\Mozilla Firefox\*.exe /s >
C:\Program Files\Mozilla Firefox\ -> C:\Program Files\Mozilla Firefox -> [2009/01/02 09:13:07 | 00,000,000 | ---D | M]
crashreporter.exe -> C:\Program Files\Mozilla Firefox\crashreporter.exe -> [2008/12/02 15:11:52 | 00,185,848 | ---- | M] (Mozilla Foundation)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2008/12/02 15:11:53 | 00,307,704 | ---- | M] (Mozilla Corporation)
updater.exe -> C:\Program Files\Mozilla Firefox\updater.exe -> [2008/12/02 15:12:08 | 00,242,168 | ---- | M] (Mozilla Foundation)
C:\Program Files\Mozilla Firefox\plugins\ -> C:\Program Files\Mozilla Firefox\plugins -> [2008/12/28 16:07:54 | 00,000,000 | ---D | M]
NPSWF32_FlashUtil.exe -> C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -> [2008/03/24 19:21:00 | 00,218,496 | ---- | M] (Adobe Systems, Inc.)
C:\Program Files\Mozilla Firefox\uninstall\ -> C:\Program Files\Mozilla Firefox\uninstall -> [2008/12/26 10:40:48 | 00,000,000 | ---D | M]
helper.exe -> C:\Program Files\Mozilla Firefox\uninstall\helper.exe -> [2008/12/02 15:11:50 | 00,509,536 | ---- | M] (Mozilla Corporation)
< %PROGRAMFILES%\Internet Explorer\*.zip /s >
< %PROGRAMFILES%\Internet Explorer\*.rar /s >
< %PROGRAMFILES%\Internet Explorer\*.exe /s >
C:\Program Files\Internet Explorer\ -> C:\Program Files\Internet Explorer -> [2008/12/09 19:55:40 | 00,000,000 | ---D | M]
iedw.exe -> C:\Program Files\Internet Explorer\iedw.exe -> [2006/10/17 11:04:50 | 00,069,120 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation)
C:\Program Files\Internet Explorer\Connection Wizard\ -> C:\Program Files\Internet Explorer\Connection Wizard -> [2008/09/04 08:30:23 | 00,000,000 | ---D | M]
icwconn1.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe -> [2008/04/13 19:12:22 | 00,214,528 | ---- | M] (Microsoft Corporation)
icwconn2.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe -> [2008/04/13 19:12:22 | 00,086,016 | ---- | M] (Microsoft Corporation)
icwrmind.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe -> [2008/04/13 19:12:22 | 00,024,576 | ---- | M] (Microsoft Corporation)
icwtutor.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe -> [2002/09/03 14:39:55 | 00,073,728 | ---- | M] (Microsoft Corporation)
inetwiz.exe -> C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe -> [2008/04/13 19:12:22 | 00,020,480 | ---- | M] (Microsoft Corporation)
isignup.exe -> C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe -> [2002/09/03 14:40:59 | 00,016,384 | ---- | M] (Microsoft Corporation)
< %SYSTEMDRIVE%\*.dat >
< %SYSTEMDRIVE%\*.sys >
C:\ -> -> [2009/01/02 09:21:03 | 00,000,000 | ---D | M]
CONFIG.SYS -> C:\CONFIG.SYS -> [2007/09/05 15:42:14 | 00,000,000 | ---- | M] ()
IO.SYS -> C:\IO.SYS -> [2007/09/05 15:42:14 | 00,000,000 | RHS- | M] ()
MSDOS.SYS -> C:\MSDOS.SYS -> [2007/09/05 15:42:14 | 00,000,000 | RHS- | M] ()
pagefile.sys -> C:\pagefile.sys -> [2009/01/02 08:41:40 | 80,530,6368 | -HS- | M] ()
< %SYSTEMROOT%\*.dat >
C:\WINDOWS\ -> C:\WINDOWS -> [2008/12/31 22:04:05 | 00,000,000 | ---D | M]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/01/02 08:41:46 | 00,002,048 | --S- | M] ()
jautoexp.dat -> C:\WINDOWS\jautoexp.dat -> [2003/02/28 15:35:26 | 00,006,550 | ---- | M] ()
mozver.dat -> C:\WINDOWS\mozver.dat -> [2008/09/22 07:35:20 | 00,002,449 | ---- | M] ()
nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2007/09/06 10:48:01 | 00,000,000 | ---- | M] ()
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
< %SYSTEMROOT%\*.sys >
< %systemroot%\system32\drivers\*.exe /s >
< %systemroot%\system32\drivers\*.zip /s >
< %systemroot%\system32\drivers\*.rar /s >
< %systemroot%\system\*.exe /s >
< %systemroot%\system\*.zip /s >
< %systemroot%\system\*.rar /s >
< %systemroot%\AppPatch\*.exe /s >
< %systemroot%\AppPatch\*.zip /s >
< %systemroot%\AppPatch\*.rar /s >
< %systemroot%\Cache\*.* >
< %systemroot%\Downloaded Program Files\*.* >
C:\WINDOWS\Downloaded Program Files\ -> C:\WINDOWS\Downloaded Program Files -> [2008/12/29 21:48:32 | 00,000,000 | --SD | M]
as2stubie.dll -> C:\WINDOWS\Downloaded Program Files\as2stubie.dll -> [2008/06/30 10:39:58 | 00,128,256 | ---- | M] ()
as2stubie.inf -> C:\WINDOWS\Downloaded Program Files\as2stubie.inf -> [2008/06/27 16:47:36 | 00,000,289 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Downloaded Program Files\desktop.ini -> [2007/09/05 15:41:07 | 00,000,065 | -H-- | M] ()
DirectAnimation Java Classes.osd -> C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd -> [1997/10/14 17:52:54 | 00,000,697 | ---- | M] ()
Microsoft XML Parser for Java.osd -> C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd -> [2000/01/20 14:25:06 | 00,001,162 | ---- | M] ()
swflash.inf -> C:\WINDOWS\Downloaded Program Files\swflash.inf -> [2007/06/11 11:21:02 | 00,005,021 | ---- | M] ()
wuweb.inf -> C:\WINDOWS\Downloaded Program Files\wuweb.inf -> [2007/07/30 18:24:12 | 00,000,293 | ---- | M] ()
< %systemroot%\Fonts\*.exe /s >
< %systemroot%\Fonts\*.zip /s >
< %systemroot%\Fonts\*.rar /s >
< %systemroot%\Fonts\*.dll /s >
< %systemroot%\Help\*.exe /s >
C:\WINDOWS\Help\Tours\mmTour\ -> C:\WINDOWS\Help\Tours\mmTour -> [2007/09/05 11:28:45 | 00,000,000 | ---D | M]
tour.exe -> C:\WINDOWS\Help\Tours\mmTour\tour.exe -> [2002/09/03 14:59:26 | 03,374,640 | ---- | M] (Macromedia, Inc.)
< %systemroot%\Help\*.zip /s >
< %systemroot%\Help\*.rar /s >
< %systemroot%\Tasks\*.* >
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/01/18 22:59:48 | 00,000,000 | --SD | M]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008/12/22 07:30:24 | 00,000,284 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2002/09/03 14:48:04 | 00,000,065 | RH-- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/01/02 08:41:55 | 00,000,006 | -H-- | M] ()
< %APPDATA%\*.sys >
C:\Documents and Settings\Anony2002\Application Data\ -> C:\Documents and Settings\Anony2002\Application Data -> [2008/12/30 22:27:11 | 00,000,000 | RH-D | M]
pcouffin.sys -> C:\Documents and Settings\Anony2002\Application Data\pcouffin.sys -> [2008/02/10 00:12:01 | 00,047,360 | ---- | M] (VSO Software)
< %systemroot%\system32\serauth1.dll >
< %systemroot%\system32\serauth2.dll >
< %systemroot%\system32\sysaudio.sys >
< %PROGRAMFILES%\*TinyProxy*. >
Program Files -> C:\Program Files -> [2008/12/29 21:49:51 | 00,000,000 | ---D | M]
< %PROGRAMFILES%\Bitlord\Downloads\*.zip /s >
< %PROGRAMFILES%\Bitlord\Downloads\*.rar /s >
< %PROGRAMFILES%\Bitlord\Downloads\*.exe /s >
< %PROGRAMFILES%\Bitlord\Downloads\*crack*. >
< %PROGRAMFILES%\Bitlord\Downloads\*keygen*. >
< %PROGRAMFILES%\eMule\Incoming\*.zip /s >
< %PROGRAMFILES%\eMule\Incoming\*.rar /s >
< %PROGRAMFILES%\eMule\Incoming\*.exe /s >
< %PROGRAMFILES%\eMule\Incoming\*crack*. >
< %PROGRAMFILES%\eMule\Incoming\*keygen*. >
< HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\\jqs@sun.com -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ff [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/12/03 09:01:07 | 00,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions\\Components -> %ProgramFiles%\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2008/12/28 10:44:13 | 00,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins -> %ProgramFiles%\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2008/12/28 16:07:54 | 00,000,000 | ---D | M]
< End of report >
[/code]


Report •

#12
January 2, 2009 at 19:04:21
Please download “Avenger” by swandog46 to your desktop from this link http://swandog46.geekstogo.com/avenger.zip

1. Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

Copy all the text contained in the code box below between the X's to your Clipboard by highlighting it and pressing (Ctrl+C):
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Drivers to delete:
sysaudio

Files to delete:
C:\Windows\system32\serauth1.dll
C:\Windows\system32\serauth2.dll
C:\Windows\system32\sysaudio.sys
C:\ Program Files\TinyProxy\TinyProxy.exe

Folders to delete:
C:\ Program Files\TinyProxy


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
Click the Execute button
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.


Report •

#13
January 2, 2009 at 21:09:58
Thanks again for all your help so far jabuck!! I can't imagine how long it took to read those posts.

Here's the log from avenger.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "sysaudio" deleted successfully.

Error: file "C:\Windows\system32\serauth1.dll" not found!
Deletion of file "C:\Windows\system32\serauth1.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Windows\system32\serauth2.dll" not found!
Deletion of file "C:\Windows\system32\serauth2.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Windows\system32\sysaudio.sys" not found!
Deletion of file "C:\Windows\system32\sysaudio.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\ Program Files\TinyProxy\TinyProxy.exe"
Deletion of file "C:\ Program Files\TinyProxy\TinyProxy.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open folder "C:\ Program Files\TinyProxy"
Deletion of folder "C:\ Program Files\TinyProxy" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.


Still have the problem. And oddly enough, computing.net is the only result on google that doesn't redirect. Weird.

Also, I think the deletion of sysaudio deleted my actual audio driver. No sound is coming out now.


Report •

#14
January 3, 2009 at 10:37:18
Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your Norton antivirus, Spybot and any other antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.


Report •

#15
January 3, 2009 at 21:25:17
Done. I installed the restore console since combofix highly recommended it. And I also had to have the computer restart, because it produced a log, but there was no start bar or any icons. It was just a log, and when I closed it, it was just a blue screen. So I did Ctrl+Alt+Del and chose to restart from there. And the application menu showed that nothing was running, and there was no combofix.exe in the process menu. Hopefully I didn't mess that up!

Here's the log:

ComboFix 09-01-02.01 - anony2002 2009-01-04 0:02:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.247 [GMT -5:00]
Running from: c:\documents and settings\anony2002\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\anony2002\Application Data\inst.exe
c:\windows\system32\ntnet.drv
c:\windows\system32\wdmaud.sys

.
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-03 00:19 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-01-03 00:19 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2008-12-31 22:06 . 2008-12-31 22:06 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-31 22:04 . 2008-12-31 22:04 <DIR> d-------- c:\windows\ERUNT
2008-12-31 21:58 . 2008-12-31 22:21 <DIR> d-------- C:\SDFix
2008-12-30 22:27 . 2008-12-30 22:27 33,928 --a------ c:\documents and settings\anony2002\Application Data\GDIPFONTCACHEV1.DAT
2008-12-29 21:50 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-29 21:49 . 2008-12-29 21:49 <DIR> d-------- c:\program files\Panda Security
2008-12-28 16:36 . 2008-12-28 16:48 <DIR> d-------- c:\documents and settings\Parents\.housecall6.6
2008-12-28 16:07 . 2008-12-28 16:07 <DIR> d-------- c:\program files\NOS
2008-12-28 16:07 . 2008-12-28 16:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-12-28 10:41 . 2008-12-28 10:41 <DIR> d-------- c:\documents and settings\Parents\Application Data\Malwarebytes
2008-12-27 11:47 . 2008-12-27 11:48 <DIR> d-------- c:\program files\PCFriendly
2008-12-26 11:32 . 2008-12-26 11:32 <DIR> d-------- c:\documents and settings\anony2002\Application Data\Malwarebytes
2008-12-26 11:32 . 2008-12-26 11:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-26 11:32 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 11:32 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-26 11:31 . 2008-12-26 11:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-25 12:54 . 2008-12-25 12:54 <DIR> d-------- c:\program files\Lavasoft
2008-12-25 12:54 . 2008-12-25 12:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-05 22:40 . 2008-12-05 22:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-12-05 09:39 . 2008-12-05 09:39 <DIR> d-------- c:\program files\Symantec
2008-12-05 09:39 . 2008-12-05 10:06 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-12-05 09:39 . 2008-12-05 09:39 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-05 09:39 . 2008-12-05 09:39 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-05 09:39 . 2008-12-11 22:28 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2008-12-05 09:39 . 2008-12-05 09:39 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-05 09:39 . 2008-12-05 09:39 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-05 09:38 . 2008-12-18 09:45 <DIR> d-------- c:\windows\system32\drivers\NIS
2008-12-05 09:38 . 2008-12-05 09:38 <DIR> d-------- c:\program files\Windows Sidebar
2008-12-05 09:38 . 2008-12-05 09:39 <DIR> d-------- c:\program files\Norton Internet Security
2008-12-05 09:38 . 2008-12-05 09:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-12-05 09:37 . 2008-12-05 09:37 <DIR> d-------- c:\program files\NortonInstaller
2008-12-05 09:37 . 2008-12-05 09:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 05:30 --------- d-----w c:\program files\PeerGuardian2
2008-12-25 17:53 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-25 04:16 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-24 22:51 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-12 03:29 --------- d-----w c:\program files\Java
2008-12-05 14:35 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-10 10:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-07 23:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 23:00 --------- d-----w c:\program files\Creative
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-02-10 05:12 47,360 ----a-w c:\documents and settings\anony2002\Application Data\pcouffin.sys
2008-09-04 14:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090420080905\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-28 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"aux"= wdmaud.sys

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]lsdelete

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-29 28544]
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2008-12-18 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2008-12-18 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20081220.001\IDSxpx86.sys [2008-12-20 274808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-05 99376]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2008-12-18 115560]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-28 33752]
S3 ZD1211BU(WLAN);IEEE 802.11g USB Wireless LAN(WLAN);c:\windows\system32\drivers\ZD1211BU.sys [2007-09-05 402432]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\anony2002\Application Data\Mozilla\Firefox\Profiles\97psd9vk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.resultsjunkies.com/blog/some-lessons-i-wish-i-learned-earlier-in-life/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 00:07:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-01-04 0:09:08
ComboFix-quarantined-files.txt 2009-01-04 05:08:02

Pre-Run: 2,838,794,240 bytes free
Post-Run: 3,083,350,016 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

173 --- E O F --- 2008-12-10 00:56:13


And the results seem to be fine now! But I'll wait to see what you say since you're the expert.


Report •

#16
January 3, 2009 at 22:32:57
To fix the sound driver go to start>run> type in cmd at the blinking cursor type in the following:

copy C:\Windows\ServicePackFiles\i386\sysaudio.sys C:\Windows\System32\drivers

Note the space after copy and sysaudio.sys are needed.

Exit by clicking the x at the top right of the screen.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Navigate to and delete this folder:

C:\SDFix

Empty the recycle bin.

Delete Avenger and OTScanIt2 from your desktop.

Go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Go to start> control panel> add/remove programs and uninstall these programs:

Hijack This

Malwarebytes


You should keep AFT Cleaner and run it weekly.


You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.


Report •

#17
January 4, 2009 at 20:56:05
Thanks jabuck.

Everything seems perfect now!!

Thanks again for all your help!


Report •

#18
January 5, 2009 at 18:04:17
Glad we could help.

Report •


Ask Question