Nestsky Virus - Page 4
Page 4 of 7 FirstFirst ... 23456 ... LastLast
Results 46 to 60 of 93

Thread: Nestsky Virus

  1. #46
    Join Date
    Dec 2009
    Posts
    63
    <?xml version="1.0"?>
    <RDF:RDF xmlns:NC="http://home.netscape.com/NC-rdf#"
    xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
    <RDF:Description RDF:about="chrome://browser/content/preferences/cookies.xul#CookiesDialog"
    screenX="415"
    screenY="211"
    width="449"
    height="378" />
    <RDF:Description RDF:about="chrome://browser/content/preferences/cookies.xul">
    <NC:persist RDF:resource="chrome://browser/content/preferences/cookies.xul#CookiesDialog"/>
    </RDF:Description>
    <RDF:Description RDF:about="chrome://browser/content/pageinfo/pageInfo.xul">
    <NC:persist RDF:resource="chrome://browser/content/pageinfo/pageInfo.xul#main-window"/>
    </RDF:Description>
    <RDF:Description RDF:about="chrome://browser/content/browser.xul">
    <NC:persist RDF:resource="chrome://browser/content/browser.xul#main-window"/>
    <NC:persist RDF:resource="chrome://browser/content/browser.xul#sidebar-box"/>
    <NC:persist RDF:resource="chrome://browser/content/browser.xul#sidebar-title"/>
    <NC:persist RDF:resource="chrome://browser/content/browser.xul#bitzippersearch"/>
    <NC:persist RDF:resource="chrome://browser/content/browser.x





    L o g f i l e o f T h e A v e n g e r V e r s i o n 2 . 0 , ( c ) b y S w a n d o g 4 6

    h t t p : / / s w a n d o g 4 6 . g e e k s t o g o . c o m



    P l a t f o r m : W i n d o w s V i s t a



    * * * * * * * * * * * * * * * * * * *



    S c r i p t f i l e o p e n e d s u c c e s s f u l l y .

    S c r i p t f i l e r e a d s u c c e s s f u l l y .



    B a c k u p s d i r e c t o r y o p e n e d s u c c e s s f u l l y a t C : \ A v e n g e r



    * * * * * * * * * * * * * * * * * * *



    B e g i n n i n g t o p r o c e s s s c r i p t f i l e :



    R o o t k i t s c a n a c t i v e .

    N o r o o t k i t s f o u n d !





    C o m p l e t e d s c r i p t p r o c e s s i n g .



    * * * * * * * * * * * * * * * * * * *



    F i n i s h e d ! T e r m i n a t e .

  2. #47
    Join Date
    Dec 2009
    Posts
    63
    I think most of the virus is off of my machine. I have been running multiple malware scans back to back and all are coming back fine with the exception of adware.

    I am having a problem with being redirected to spam sites when I click on links. I have changed the option in Firefox to warn me but it doesn't seem to be working. Please let me know what next steps to take to rid this, if any.

    I believe I ran avenger as you directed me to...if not, I can rerun the programs again. I also noticed with HJT I still have some entries there that wasn't removed.

  3. #48
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    That log looks all wrong. Go back and take a look at the first Avenger log you posted and notice the difference.

    ====

    Please download ComboFix by sUBs from HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
    • Re-enable all the programs that were disabled during the running of ComboFix..


    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!

  4. #49
    Join Date
    Dec 2009
    Posts
    63
    I had a blue screen while ComboFix was preparing the log. Is there anyway I can get back to it? I have only ran the program once.

  5. #50
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    If it BSOD'd, it probably will not have created a log. Any logs can be found in C:\qoobox

    Can you run it again please. Safe mode, if necessary.

  6. #51
    Join Date
    Dec 2009
    Posts
    63
    No log...running it again now.

  7. #52
    Join Date
    Dec 2009
    Posts
    63
    ComboFix 09-12-20.04 - Paige 12/21/2009 2:45.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1908 [GMT -6:00]
    Running from: c:\users\Paige\Desktop\ComboFix.exe
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\users\Paige\AppData\Roaming\.#\MBX@10A8@20628E8.###
    c:\users\Paige\AppData\Roaming\.#\MBX@10A8@2062918.###
    c:\users\Paige\AppData\Roaming\.#\MBX@10A8@2062948.###
    c:\users\Paige\AppData\Roaming\0200000087463af6716C.manifest
    c:\users\Paige\AppData\Roaming\0200000087463af6716O.manifest
    c:\users\Paige\AppData\Roaming\0200000087463af6716P.manifest
    c:\users\Paige\AppData\Roaming\0200000087463af6716S.manifest
    c:\windows\Install.txt
    c:\windows\system32\3TwKe.vbs
    c:\windows\system32\9mjx3Dl.vbs
    c:\windows\system32\clXoC.vbs
    c:\windows\system32\Install.txt
    c:\windows\system32\oem70.inf
    c:\windows\system32\yC8R1.vbs

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BHDRVX86
    -------\Service_BHDrvx86
    -------\Service_RDPWD
    -------\Service_TDTCP


    ((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
    .

    2009-12-21 08:54 . 2009-12-21 08:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-12-21 08:54 . 2009-12-21 08:54 -------- d-----w- c:\users\Paige\AppData\Local\temp
    2009-12-21 08:54 . 2009-12-21 08:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2009-12-21 01:02 . 2009-12-10 05:10 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091220.020\CCERASER.DLL
    2009-12-21 01:02 . 2009-10-29 02:24 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091220.020\ECMSVR32.DLL
    2009-12-21 01:02 . 2009-08-29 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091220.020\NAVENG.SYS
    2009-12-21 01:02 . 2009-08-29 09:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091220.020\EECTRL.SYS
    2009-12-21 01:02 . 2009-08-29 09:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091220.020\NAVENG32.DLL
    2009-12-21 01:02 . 2009-08-29 09:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091220.020\NAVEX32A.DLL
    2009-12-21 01:02 . 2009-08-29 09:00 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091220.020\NAVEX15.SYS
    2009-12-21 01:02 . 2009-08-29 09:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091220.020\ERASER.SYS
    2009-12-20 07:36 . 2008-06-09 12:23 768544 ----a-w- c:\windows\system32\nvcplui.exe
    2009-12-20 07:36 . 2008-06-09 12:23 313888 ----a-w- c:\windows\system32\nvexpbar.dll
    2009-12-20 07:36 . 2008-06-09 12:23 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
    2009-12-20 07:35 . 2008-06-07 18:29 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
    2009-12-20 07:17 . 2009-12-20 07:17 552 ----a-w- c:\users\Paige\AppData\Local\d3d8caps.dat
    2009-12-20 06:13 . 2007-12-27 20:43 103328 ------w- c:\program files\memtest.bin
    2009-12-20 06:13 . 2004-11-12 11:15 1486 ------w- c:\program files\install.bat
    2009-12-20 06:13 . 1999-07-09 23:31 14305 ------w- c:\program files\rawrite.exe
    2009-12-20 04:35 . 2007-02-12 21:36 277784 ----a-w- C:\iastor.sys
    2009-12-20 04:12 . 2009-12-20 04:12 -------- d-----w- c:\users\Paige\AppData\Roaming\Oracle
    2009-12-20 03:11 . 2009-12-20 03:11 -------- d-----w- c:\program files\7-Zip
    2009-12-20 02:11 . 2009-12-20 02:11 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-12-20 02:06 . 2007-12-08 20:34 65536 ----a-w- c:\windows\system32\wltrynt.dll
    2009-12-20 02:06 . 2007-12-08 20:34 54784 ----a-w- c:\windows\system32\bcmwlrmt.dll
    2009-12-20 02:06 . 2007-12-08 20:34 278528 ----a-w- c:\windows\system32\bcmwlu00.exe
    2009-12-20 02:06 . 2007-12-08 20:33 3895296 ----a-w- c:\windows\system32\bcmttls.dll
    2009-12-20 02:06 . 2007-12-08 20:34 3444736 ----a-w- c:\windows\system32\WLTRAY.EXE
    2009-12-20 02:06 . 2007-12-08 20:34 24064 ----a-w- c:\windows\system32\WLTRYSVC.EXE
    2009-12-20 02:06 . 2007-12-08 20:34 2506752 ----a-w- c:\windows\system32\BCMWLTRY.EXE
    2009-12-20 02:06 . 2007-12-07 02:52 3244032 ----a-w- c:\windows\system32\bcmihvui.dll
    2009-12-20 02:06 . 2007-12-07 02:52 3579904 ----a-w- c:\windows\system32\bcmihvsrv.dll
    2009-12-20 02:06 . 2007-12-07 02:52 1044984 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
    2009-12-20 00:05 . 2009-12-20 00:05 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2009-12-19 23:38 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\Scxpx86.dll
    2009-12-19 23:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSXpx86.sys
    2009-12-19 23:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSxpx86.dll
    2009-12-19 23:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSvix86.sys
    2009-12-19 23:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSviA64.sys
    2009-12-19 22:27 . 2009-12-21 04:45 52224 ----a-w- c:\users\Paige\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2009-12-19 22:27 . 2009-12-21 03:04 117760 ----a-w- c:\users\Paige\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-19 22:27 . 2009-12-19 22:27 -------- d-----w- c:\users\Paige\AppData\Roaming\SUPERAntiSpyware.com
    2009-12-19 22:27 . 2009-12-19 22:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2009-12-19 21:47 . 2009-12-19 21:47 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
    2009-12-19 20:06 . 2009-12-19 20:11 -------- d-----w- c:\program files\looks
    2009-12-19 06:30 . 2009-12-19 06:30 93056 ----a-w- C:\fxldapow.sys
    2009-12-19 01:38 . 2009-12-19 01:38 7451168 ----a-w- c:\users\Paige\SUPERAntiSpyware.exe
    2009-12-19 01:31 . 2009-12-19 01:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
    2009-12-18 21:01 . 2009-12-18 21:01 -------- d-----w- C:\found.001
    2009-12-18 19:21 . 2009-12-18 19:21 -------- d-----w- c:\programdata\SealedMedia
    2009-12-17 06:50 . 2009-12-17 06:50 -------- d-----w- c:\program files\Makeover Plus
    2009-12-17 04:23 . 2007-10-23 15:27 110592 ----a-w- c:\users\Paige\AppData\Roaming\U3\temp\cleanup.exe
    2009-12-17 03:27 . 2008-05-02 16:41 3493888 ---ha-w- c:\users\Paige\AppData\Roaming\U3\temp\Launchpad Removal.exe
    2009-12-12 04:35 . 2009-12-12 04:56 -------- d-----w- c:\users\Paige\AppData\Local\Deployment
    2009-12-09 09:05 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-12-09 09:05 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-12-09 09:05 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-12-08 22:48 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
    2009-12-08 22:36 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
    2009-12-06 23:02 . 2009-12-07 03:26 -------- d-----w- c:\program files\Delicious Emilys Holiday Season
    2009-12-06 22:53 . 2009-12-06 22:53 133561128 ----a-w- c:\users\Paige\AppData\Roaming\Research In Motion\BlackBerry\Updates\094A4154-9613-438a-B0EC-43A1FC4F1979\Extractor.exe
    2009-12-06 21:58 . 2009-12-06 21:58 -------- d-----w- c:\users\Paige\AppData\Roaming\Gamelab
    2009-12-06 21:14 . 2009-12-06 21:14 72704 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\RemoteControl.dll
    2009-12-06 21:14 . 2009-12-06 21:14 613888 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\WMASoundPlugin.dll
    2009-12-06 21:14 . 2009-12-06 21:14 5439488 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
    2009-12-06 21:14 . 2009-12-06 21:14 53760 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\zlib.dll
    2009-12-06 21:14 . 2009-12-06 21:14 444928 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\SystemMP3SoundPlugin.dll
    2009-12-06 21:14 . 2009-12-06 21:14 1603072 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\VorbisOGGSoundPlugin.dll
    2009-12-06 21:14 . 2009-12-06 21:14 630272 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\CrashRpt.dll
    2009-12-06 21:14 . 2009-12-06 21:14 489984 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\dbghelp.dll
    2009-12-06 21:14 . 2009-12-06 21:14 1495040 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\lng.dll
    2009-12-06 21:14 . 2009-12-06 21:14 1138688 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\libeay32.dll
    2009-12-06 17:47 . 2009-12-16 04:28 -------- d-----w- c:\users\Paige\AppData\Roaming\DivX
    2009-12-06 17:31 . 2009-12-06 17:48 -------- d-----w- c:\program files\Common Files\DivX Shared
    2009-12-06 17:31 . 2009-12-06 17:48 -------- d-----w- c:\program files\DivX
    2009-12-06 09:03 . 2009-12-06 09:03 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
    2009-12-06 09:02 . 2009-12-06 09:02 -------- d-----w- c:\program files\Windows Live SkyDrive
    2009-12-06 09:02 . 2009-12-06 09:02 -------- d-----w- c:\program files\Windows Live
    2009-12-06 09:02 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2009-12-06 09:01 . 2009-12-06 09:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2009-12-06 08:42 . 2009-12-06 08:42 -------- d-----w- c:\program files\Common Files\Windows Live
    2009-12-06 08:39 . 2009-12-06 09:02 -------- d-----w- c:\program files\Microsoft
    2009-12-05 04:54 . 2009-12-05 04:54 529456 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\bhdrvx86.sys
    2009-12-05 04:54 . 2009-12-05 04:54 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHRules.dll
    2009-12-05 04:54 . 2009-12-05 04:54 1405840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHEngine.dll
    2009-12-05 04:54 . 2009-12-05 04:54 668720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx64.sys
    2009-12-05 04:54 . 2009-12-05 04:54 610704 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\bbRGen.dll
    2009-12-03 17:41 . 2009-12-03 17:41 -------- d-----w- c:\users\Paige\AppData\Roaming\Reallusion
    2009-12-03 17:41 . 2009-12-03 17:41 -------- d-----w- c:\users\Paige\AppData\Roaming\tmp
    2009-12-03 04:25 . 2008-05-28 02:34 85696 ----a-w- c:\users\Paige\AppData\Roaming\Mozilla\Firefox\Profiles\eaibke6f.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}\plugins\npww.dll
    2009-12-02 04:54 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-12-02 04:54 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2009-12-02 04:53 . 2009-12-02 04:53 -------- d-----w- c:\program files\iPod
    2009-12-02 04:53 . 2009-12-02 04:54 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-12-02 04:53 . 2009-12-02 04:54 -------- d-----w- c:\program files\iTunes
    2009-12-02 04:49 . 2009-12-02 04:50 -------- d-----w- c:\program files\QuickTime
    2009-12-02 04:29 . 2009-12-02 04:29 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-11-26 09:04 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-11-25 23:14 . 2009-12-19 19:55 -------- d-----w- c:\program files\Common Files\Skype
    2009-11-25 23:14 . 2009-12-19 19:55 -------- d-----r- c:\program files\Skype
    2009-11-25 19:20 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2009-11-25 19:20 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2009-11-22 19:16 . 2009-11-22 20:51 -------- d-----w- c:\users\Paige\AppData\Roaming\Download Manager

    .

  8. #53
    Join Date
    Dec 2009
    Posts
    63
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-21 08:38 . 2009-12-20 07:43 27839 ----a-w- c:\programdata\nvModes.dat
    2009-12-21 08:37 . 2009-08-16 16:57 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2009-12-21 08:30 . 2009-10-29 02:03 965488 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\OCS\hsplayer.dll
    2009-12-21 08:20 . 2009-06-23 01:14 -------- d-----w- c:\users\Paige\AppData\Roaming\Skype
    2009-12-21 08:15 . 2009-04-19 16:49 56680 ----a-w- c:\windows\system32\rpcnet.dll
    2009-12-21 08:04 . 2007-12-12 17:48 12 ----a-w- c:\windows\bthservsdp.dat
    2009-12-21 06:04 . 2009-06-23 01:16 -------- d-----w- c:\users\Paige\AppData\Roaming\skypePM
    2009-12-21 04:43 . 2008-01-12 05:25 1356 ----a-w- c:\users\Paige\AppData\Local\d3d9caps.dat
    2009-12-21 04:34 . 2007-11-20 05:11 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2009-12-20 20:54 . 2008-06-22 05:56 -------- d-----w- c:\program files\Cisco
    2009-12-20 11:08 . 2008-03-01 04:48 -------- d-----w- c:\users\Paige\AppData\Roaming\LimeWire
    2009-12-20 09:42 . 2009-09-03 04:29 56680 ----a-w- c:\windows\system32\rpcnet.exe
    2009-12-20 07:46 . 2007-12-24 18:58 -------- d-----w- c:\programdata\NVIDIA
    2009-12-20 02:13 . 2009-10-28 05:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-20 02:06 . 2007-12-12 17:51 -------- d-----w- c:\program files\Dell
    2009-12-19 23:48 . 2007-12-12 18:06 -------- d-----w- c:\programdata\Microsoft Help
    2009-12-19 19:55 . 2008-01-11 18:51 -------- d-----w- c:\program files\PCPitstop
    2009-12-19 19:55 . 2008-02-20 09:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2009-12-19 19:55 . 2007-12-12 18:18 -------- d-----w- c:\program files\Google
    2009-12-19 19:55 . 2007-12-12 18:09 -------- d-----w- c:\program files\Microsoft Works
    2009-12-19 19:20 . 2008-01-11 21:46 -------- d-----w- c:\programdata\PCPitstop
    2009-12-19 03:20 . 2007-12-24 18:56 121128 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-12-19 01:38 . 2009-04-19 03:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-12-17 04:23 . 2009-11-17 19:19 -------- d-----w- c:\users\Paige\AppData\Roaming\U3
    2009-12-09 09:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-12-06 17:31 . 2008-05-01 12:52 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2009-12-03 22:14 . 2009-10-28 05:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-03 22:13 . 2009-10-28 05:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-03 17:51 . 2008-06-06 04:09 -------- d-----w- c:\users\Paige\AppData\Roaming\Apple Computer
    2009-12-02 04:53 . 2009-06-17 04:19 -------- d-----w- c:\program files\Common Files\Apple
    2009-11-25 23:14 . 2009-06-23 01:12 -------- d-----w- c:\programdata\Skype
    2009-11-21 06:40 . 2009-12-08 22:39 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34 . 2009-12-08 22:39 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 06:34 . 2009-12-08 22:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 04:59 . 2009-12-08 22:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-17 13:02 . 2009-11-17 13:00 5541543 ----a-w- c:\programdata\tmp898.tmp
    2009-11-15 08:54 . 2009-11-15 08:54 -------- d-----w- c:\users\Paige\AppData\Roaming\YoudaGames
    2009-11-15 08:53 . 2009-11-15 08:51 -------- d-----w- c:\program files\Youda Farmer
    2009-11-15 08:32 . 2009-11-15 08:32 -------- d-----w- c:\program files\KeyScrambler
    2009-11-14 00:49 . 2006-11-21 17:53 129784 ------w- c:\windows\system32\PxAFS.DLL
    2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
    2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
    2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
    2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
    2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
    2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
    2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
    2009-11-14 00:43 . 2009-11-08 06:47 -------- d-----w- c:\program files\PokerStars
    2009-11-10 06:56 . 2009-11-10 06:56 -------- d-----w- c:\programdata\Bilbo
    2009-11-09 00:32 . 2008-05-24 06:30 -------- d-----w- c:\programdata\Fugazo
    2009-11-08 20:27 . 2009-11-08 20:27 -------- d-----w- c:\programdata\GameHouse
    2009-11-08 20:26 . 2009-11-08 20:24 -------- d-----w- c:\program files\Kitchen Brigade
    2009-11-08 04:56 . 2009-11-08 04:56 -------- d-----w- c:\program files\Windows Portable Devices
    2009-11-08 04:56 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-08 04:56 . 2009-11-08 04:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2009-11-08 04:55 . 2009-11-08 04:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-05 17:37 . 2008-05-01 12:18 -------- d-----w- c:\users\Paige\AppData\Roaming\Blackberry Desktop
    2009-11-04 04:01 . 2007-12-12 18:14 -------- d-----w- c:\program files\Common Files\Adobe
    2009-11-03 02:42 . 2009-10-08 23:01 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-03 01:22 . 2009-11-03 01:22 -------- d-----w- c:\program files\Cricket
    2009-11-03 01:21 . 2009-11-03 01:21 5222 ----a-r- c:\users\Paige\AppData\Roaming\Microsoft\Installer\{C30B981C-77A3-4DDF-BD99-67773CC63CA8}\_6ED328B79DCEC0C57955DD.exe
    2009-11-03 01:21 . 2009-11-03 01:21 5222 ----a-r- c:\users\Paige\AppData\Roaming\Microsoft\Installer\{C30B981C-77A3-4DDF-BD99-67773CC63CA8}\_4B9C068AD7E9614085C949.exe
    2009-11-03 01:21 . 2009-11-03 01:21 295606 ----a-r- c:\users\Paige\AppData\Roaming\Microsoft\Installer\{C30B981C-77A3-4DDF-BD99-67773CC63CA8}\_C756F03443CBEA0AC0B03D.exe
    2009-11-03 01:21 . 2009-11-03 01:21 295606 ----a-r- c:\users\Paige\AppData\Roaming\Microsoft\Installer\{C30B981C-77A3-4DDF-BD99-67773CC63CA8}\_B14B4CB4E47CA22223476B.exe
    2009-11-03 01:21 . 2009-11-03 01:21 295606 ----a-r- c:\users\Paige\AppData\Roaming\Microsoft\Installer\{C30B981C-77A3-4DDF-BD99-67773CC63CA8}\_2D85C31CA563C7AE4EF0B2.exe
    2009-11-02 04:37 . 2009-11-02 04:37 -------- d-----w- c:\users\Paige\AppData\Roaming\Composer
    2009-11-02 04:22 . 2009-11-02 04:22 -------- d-----w- c:\program files\Plazmic CDK 4.7 Update Patch
    2009-11-02 04:13 . 2007-12-24 18:58 121128 ----a-w- c:\users\Paige\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-11-02 04:08 . 2009-11-02 04:05 -------- d--h--w- c:\program files\Zero G Registry
    2009-11-02 04:08 . 2009-11-02 04:08 -------- d-----w- c:\users\Paige\AppData\Roaming\Plazmic
    2009-11-02 04:08 . 2009-11-02 04:06 -------- d-----w- c:\program files\Plazmic CDK 4.7
    2009-11-01 20:26 . 2009-11-01 20:26 -------- d-----w- c:\users\Paige\AppData\Roaming\Tific
    2009-11-01 19:55 . 2007-12-25 10:17 20 ---h--w- c:\programdata\PKP_DLec.DAT
    2009-10-31 22:19 . 2007-12-12 17:58 -------- d-----w- c:\program files\Common Files\Roxio Shared
    2009-10-31 22:18 . 2007-12-12 17:59 -------- d-----w- c:\program files\Roxio
    2009-10-31 22:18 . 2009-10-31 22:18 -------- d-----w- c:\program files\Common Files\Sonic Shared
    2009-10-31 22:18 . 2007-12-12 18:01 -------- d-----w- c:\programdata\Roxio
    2009-10-31 22:02 . 2009-10-09 20:27 -------- d-----w- c:\programdata\Research In Motion
    2009-10-31 22:00 . 2008-06-22 05:52 -------- d-----w- c:\users\Paige\AppData\Roaming\InstallShield
    2009-10-31 06:41 . 2009-10-31 06:41 -------- d-----w- c:\users\Paige\AppData\Roaming\GamesCafe
    2009-10-30 17:46 . 2009-10-19 16:37 -------- d-----w- c:\programdata\Norton
    2009-10-30 05:11 . 2009-09-13 17:38 -------- d-----w- c:\program files\Farm Frenzy Pizza Party
    2009-10-29 16:55 . 2009-10-19 16:37 -------- d-----w- c:\program files\NortonInstaller
    2009-10-29 16:55 . 2008-02-20 09:09 -------- d-----w- c:\programdata\Symantec
    2009-10-29 16:53 . 2007-12-12 17:49 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-10-29 02:31 . 2009-10-29 02:07 784752 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
    2009-10-29 02:05 . 2009-10-29 02:04 -------- d-----w- c:\program files\Symantec
    2009-10-29 02:04 . 2009-10-29 02:04 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2009-10-29 02:04 . 2009-10-29 02:04 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2009-10-29 02:04 . 2009-10-29 02:04 124976 ----a-w- c:\windows\system32\drivers\symevent.sys
    2009-10-29 02:03 . 2009-10-29 02:03 -------- d-----w- c:\program files\Norton Internet Security
    2009-10-29 02:03 . 2009-10-19 16:37 -------- d-----w- c:\programdata\NortonInstaller
    2009-10-28 05:44 . 2009-10-28 05:44 -------- d-----w- c:\users\Paige\AppData\Roaming\Malwarebytes
    2009-10-28 05:44 . 2009-10-28 05:44 -------- d-----w- c:\programdata\Malwarebytes
    2009-10-26 19:38 . 2009-04-19 02:04 -------- d-----w- c:\programdata\NOS
    2009-10-21 16:45 . 2008-01-22 01:43 33792 ----a-w- c:\windows\system32\identprv.dll
    2009-10-15 16:51 . 2009-10-15 16:51 70984 ----a-w- c:\users\Paige\g2mdlhlpx.exe
    2009-10-09 20:35 . 2009-10-09 20:35 3584 ----a-r- c:\users\Paige\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2009-10-08 21:08 . 2009-11-07 22:42 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-10-08 21:08 . 2009-11-07 22:42 234496 ----a-w- c:\windows\system32\oleacc.dll
    2007-12-24 19:59 . 2007-12-25 05:52 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2007-12-12 17:57 . 2007-12-12 17:57 76 --sha-r- c:\windows\CT4CET.bin
    2007-12-13 01:31 . 2007-12-13 01:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

  9. #54
    Join Date
    Dec 2009
    Posts
    63
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-28 405504]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
    "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^StartUp^NkbMonitor.exe.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\NkbMonitor.exe.lnk
    backup=c:\windows\pss\NkbMonitor.exe.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Paige^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\users\Paige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Paige^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PictureProject In Touch.lnk]
    path=c:\users\Paige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PictureProject In Touch.lnk
    backup=c:\windows\pss\PictureProject In Touch.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-09-04 18:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-10-03 10:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 21:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
    2009-10-31 01:43 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2007-10-10 00:57 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
    2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2007-12-24 19:59 1840128 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
    2008-03-26 22:40 2577120 ----a-w- c:\program files\PCPitstop\Optimize\PCPOptimize.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2009-07-08 17:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sealmon.exe]
    2009-03-13 17:02 370952 ----a-w- c:\program files\Oracle\Information Rights Management\Desktop\sealmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):33,ea,36,0c,bc,eb,c9,01

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-18]
    "EnableNotifications\\Ref"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-68392210-1149993295-319138731-1003]
    "EnableNotifications\\Ref"=dword:00000001

    R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NIS\1101000.013\SymDS.sys [11/12/2009 4:43 PM 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1101000.013\SymEFA.sys [11/12/2009 4:43 PM 171056]
    R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1101000.013\cchpx86.sys [11/12/2009 4:43 PM 501888]
    R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSvix86.sys [12/19/2009 5:37 PM 343088]
    R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NIS\1101000.013\ironx86.sys [11/12/2009 4:43 PM 114736]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NIS\1101000.013\symtdiv.sys [11/12/2009 4:43 PM 339504]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [12/12/2007 11:37 AM 73728]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [11/12/2009 4:43 PM 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\eraserutilrebootdrv.sys [10/29/2009 12:20 AM 102448]
    R3 KeyScrambler;KeyScrambler;c:\windows\System32\drivers\keyscrambler.sys [11/15/2009 2:32 AM 115312]
    S2 gupdate1c9f3a03b359a1;Google Update Service (gupdate1c9f3a03b359a1);c:\program files\Google\Update\GoogleUpdate.exe [6/22/2009 7:14 PM 133104]
    S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\System32\drivers\atmfbus.sys [11/2/2009 7:22 PM 38528]
    S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\System32\drivers\atmfcvsp.sys [11/2/2009 7:22 PM 54656]
    S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\System32\drivers\atmfflt.sys [11/2/2009 7:22 PM 11520]
    S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\System32\drivers\atmfmdm.sys [11/2/2009 7:22 PM 54528]
    S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\System32\drivers\atmfnet.sys [11/2/2009 7:22 PM 103424]
    S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\System32\drivers\atmfnvsp.sys [11/2/2009 7:22 PM 54656]
    S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\System32\drivers\atmfvsp.sys [11/2/2009 7:22 PM 54656]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [5/24/2008 6:10 PM 21504]
    S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/12/2007 12:18 PM 1840128]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\System32\drivers\nwusbcdfil.sys [8/16/2007 3:24 PM 13824]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\System32\drivers\nwusbser2.sys [8/16/2007 3:24 PM 99200]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    getPlusHelper REG_MULTI_SZ getPlusHelper
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
    DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
    FF - ProfilePath - c:\users\Paige\AppData\Roaming\Mozilla\Firefox\Profiles\eaibke6f.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1304867&SearchSource=3&q=
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
    FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
    FF - component: c:\users\Paige\AppData\Roaming\Mozilla\Firefox\Profiles\eaibke6f.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
    FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Paige\AppData\Roaming\Mozilla\Firefox\Profiles\eaibke6f.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}\plugins\npww.dll
    FF - plugin: c:\users\Paige\AppData\Roaming\Mozilla\Firefox\Profiles\eaibke6f.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.
    - - - - ORPHANS REMOVED - - - -

    HKU-Default-Run-SUPERAntiSpyware - f:\superantispywareremoval\SUPERAntiSpyware.exe
    MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    MSConfigStartUp-Acrobat Speed Launch - c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
    MSConfigStartUp-ErrorRepairPro - c:\program files\Error Repair Professional\autostart.exe
    MSConfigStartUp-PC Pitstop Optimize2 Reminder - c:\program files\PCPitstop\Optimize2\Reminder.exe
    AddRemove-Bilbo The Four Corners of the World_is1 - c:\program files\Bilbo The Four Corners of the World\ReflexiveArcade\unins000.exe
    AddRemove-Coconut Queen_is1 - c:\program files\Coconut Queen\ReflexiveArcade\unins000.exe
    AddRemove-Delicious Emilys Taste of Fame_is1 - c:\program files\Delicious Emilys Taste of Fame\ReflexiveArcade\unins000.exe
    AddRemove-Farm Frenzy 2_is1 - c:\program files\Farm Frenzy 2\ReflexiveArcade\unins000.exe
    AddRemove-Jessicas Cupcake Cafe_is1 - c:\program files\Jessicas Cupcake Cafe\ReflexiveArcade\unins000.exe
    AddRemove-Out Of Your Mind_is1 - c:\program files\Out Of Your Mind\ReflexiveArcade\unins000.exe


    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-21 02:54
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2009-12-21 02:57:44
    ComboFix-quarantined-files.txt 2009-12-21 08:57

    Pre-Run: 118,204,510,208 bytes free
    Post-Run: 118,133,592,064 bytes free

    - - End Of File - - EA754728CAA99AF503E42CDD3E954DB1

  10. #55
    Join Date
    Dec 2009
    Posts
    63
    After running ComboFix I tried to open both IE and FireFox but I got an error message that said I could not open a file whose registry key was marked for deletion. I restarted and immediately ran HJT.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:09:22 AM, on 12/21/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\System32\config\systemprofile\Desktop\HijackThis.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
    O4 - HKLM\..\Run: [Windows Defender] &#37;ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exter...pAntiVirus.dll
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9f3a03b359a1) (gupdate1c9f3a03b359a1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
    O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 12642 bytes

  11. #56
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

    C:\fxldapow.sys
    c:\users\Paige\g2mdlhlpx.exe

  12. #57
    Join Date
    Dec 2009
    Posts
    63
    C:\fxldapow.sys - FOUND NOTHING
    c:\users\Paige\g2mdlhlpx.exe - FOUND NOTHING

  13. #58
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    I noticed also that the iastor.sys file is still on the C drive. Did the Avenger run correctly? It was meant to move it to a different folder. The Avenger log you posted looks nothing like it should (as I mentioned earlier) and it doesn't look to have any commands in it.
    Let me know please what you actually used as a script when you ran it.

    Are you still having the problems?

  14. #59
    Join Date
    Dec 2009
    Posts
    63
    I apologize, I misunderstood you.
    Can you please copy the following file directly to C drive please.
    C:\Drivers\storage\R154200\iastor.sys
    When you said copy the file I assumed I was to create a second copy so I just "ctrl+c" and then pasted "crtl+v" into the specified folder. I will correct and rerun now.

  15. #60
    Join Date
    Dec 2009
    Posts
    63
      e&#207;&#204;       &#192;&#182; &#160; &#251;&#229;   r  o&#179;&#205;SD‚&#202;aa
        &#203; x!&#171;Ÿˆ!&#171;Ÿ 8&`B‚&#202;dz&#218; &#239;&#229;9`B‚&#202; W c e s L o g C : \ W i n d o w s \ s y s t e m 3 2 \ L o g F i l e s \ W i n d o w s M o b i l e \ W c e s L o g . e t l . 0 0 1 &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;





    L o g f i l e o f T h e A v e n g e r V e r s i o n 2 . 0 , ( c ) b y S w a n d o g 4 6

    h t t p : / / s w a n d o g 4 6 . g e e k s t o g o . c o m



    P l a t f o r m : W i n d o w s V i s t a



    * * * * * * * * * * * * * * * * * * *



    S c r i p t f i l e o p e n e d s u c c e s s f u l l y .

    S c r i p t f i l e r e a d s u c c e s s f u l l y .



    B a c k u p s d i r e c t o r y o p e n e d s u c c e s s f u l l y a t C : \ A v e n g e r



    * * * * * * * * * * * * * * * * * * *



    B e g i n n i n g t o p r o c e s s s c r i p t f i l e :



    R o o t k i t s c a n a c t i v e .

    N o r o o t k i t s f o u n d !





    C o m p l e t e d s c r i p t p r o c e s s i n g .



    * * * * * * * * * * * * * * * * * * *



    F i n i s h e d ! T e r m i n a t e .

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •