|
-
August 13th, 2010, 02:05 PM
#1
 [RESOLVED] Rogue Security Tool
Hi Guys,
I seem to have some Security Tool that wants to clean my PC (sure!!). I noticed there are new icons in the systray (that say 30126 when I hover over them). I cannot start ANY program, including ANY Malware/Spyware removal programs. Instead, some Security Tool control panel starts and asks to run it. Everything seems frozen.
I re-started in Safe Mode, ran Spybot S&D - no threats and SuperAntiSpyware - removed 1 Rogue Security Tool. Stopped MalwareBytes halfway through - no threats. I haven't updated these programs in a few months because I was afraid to connect to the internet. I ran HijackThis and got a logfile, see below.
Should I re-scan? Should I connect to the internet to update anti-virus programs?
Please advise,
Mark
HJT logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:46 AM, on 8/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Safe mode
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Windows Defender\MsMpEng.exe
I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - I:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (I:\Documents and Settings\MARK\Application Data\Mozilla\Profiles\default\bzncicaa.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://I%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (I:\Documents and Settings\MARK\Application Data\Mozilla\Profiles\default\bzncicaa.slt\prefs.js)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - I:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - I:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BDRegion] I:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "I:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "I:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [ATI Remote Control] I:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [swg] "I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [30126] "I:\Documents and Settings\Mark\Local Settings\Application Data\30126.exe" 0 25
O4 - HKCU\..\RunOnce: [012690625] "I:\DOCUME~1\Mark\LOCALS~1\APPLIC~1\012690625.exe" 0 27
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "I:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "I:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: AOL Desktop.lnk = I:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O8 - Extra context menu item: &AOL Toolbar Search - I:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://I:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - I:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - I:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - I:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - I:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1170464592171
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - I:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - I:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - I:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apache2 - Apache Software Foundation - I:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - I:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - I:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - I:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IIS Admin (IISADMIN) - Unknown owner - I:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - I:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - I:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - I:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - I:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - I:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - I:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - I:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WLSVC - Unknown owner - I:\Program Files\D-Link\DWA-130 revE\WLSVC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - I:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 12191 bytes
-
August 13th, 2010, 02:27 PM
#2
HJT is not what it once was....So please..
http://discussions.virtualdr.com/sho...d.php?t=167915
And post the logs in this thread.
-
August 16th, 2010, 09:25 PM
#3
Hi,
Sorry it took a while to respond, had some difficulty performing scans. Each time I start MalwareBytes or Gmer scans, my computer would lock up. I had to do the scans in Safe Mode (I didn't update Malware bytes, no internet in Safe Mode).
Also, I could not access the Save button for GMER scan. In Safe Mode, the screen resolution was not big enough to see the button. Didn't know how else to save the logfile. Therefore, I made a screenshot of the GMER window when it finished. Maybe that will be helpful. Here's a link to the screenshot:
http://www.stardancestudio.com/images/gmer.jpg
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11
8/14/2010 2:16:20 AM
mbam-log-2010-08-14 (02-16-20)123.txt
Scan type: Quick scan
Objects scanned: 158249
Time elapsed: 19 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
I:\Documents and Settings\Mark\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by Mark at 0:33:56.04 on Mon 08/16/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1492 [GMT -7:00]
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
I:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
I:\Program Files\Windows Defender\MsMpEng.exe
I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\WINDOWS\system32\svchost.exe -k netsvcs
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\ctfmon.exe
I:\Documents and Settings\Mark\Desktop\dds.scr
============== Pseudo HJT Report ===============
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - i:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - i:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - i:\program files\aol toolbar\aoltb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - i:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - i:\progra~1\spybot~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - i:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - i:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - i:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - i:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - i:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - i:\program files\aol toolbar\aoltb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - i:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - i:\program files\aol toolbar\toolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ATI Remote Control] i:\program files\ati multimedia\remctrl\ATIX10.exe
uRun: [swg] "i:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] i:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "i:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeBridge]
uRunOnce: [012690625] "i:\docume~1\mark\locals~1\applic~1\012690625.exe" 0 27
uRunOnce: [30126] "i:\documents and settings\mark\local settings\application data\30126.exe" 0 25
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [avgnt] "i:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "i:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "i:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BDRegion] i:\program files\cyberlink\shared files\brs.exe
mRun: [RemoteControl] "i:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "i:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [QuickTime Task] "i:\program files\quicktime\qttask.exe" -atboottime
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [Google Quick Search Box] "i:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "i:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: i:\docume~1\mark\startm~1\programs\startup\aoldes~1.lnk - i:\program files\common files\aol\launch\aollaunch.exe
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: &AOL Toolbar Search - i:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - i:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - i:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - i:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - i:\program files\ati multimedia\tv\EXPLBAR.DLL
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - i:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - i:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - i:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - i:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - i:\progra~1\spybot~1\spybot~1\SDHelper.dll
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170464592171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - i:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - i:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - i:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - i:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - i:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - i:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - i:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - i:\docume~1\mark\applic~1\mozilla\firefox\profiles\734kbsrg.default user\
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
i:\program files\mozilla firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
i:\program files\mozilla firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
i:\program files\mozilla firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
i:\program files\mozilla firefox\greprefs\all.js - pref("advanced.always_load_images", true);
i:\program files\mozilla firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
i:\program files\mozilla firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
i:\program files\mozilla firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
i:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
i:\program files\mozilla firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
i:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
i:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
i:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.version",
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.build_id",
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update.severity", 0);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;i:\windows\system32\drivers\Lbd.sys [2010-2-9 64288]
R0 MacOpen;MacOpen;i:\windows\system32\drivers\MacOpen.sys [2007-3-4 177152]
R0 Pnp680;SiI 680 ATA Controller;i:\windows\system32\drivers\PnP680.sys [2006-11-15 66736]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;i:\windows\system32\drivers\AvgAsCln.sys [2007-3-2 3968]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;i:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 312880]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;i:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 WinDefend;Windows Defender;i:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S0 pavboot;pavboot;i:\windows\system32\drivers\pavboot.sys [2010-4-11 28552]
S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;i:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 11000]
S1 avgio;avgio;i:\program files\avira\antivir personaledition classic\avgio.sys [2010-4-9 11608]
S1 SASDIFSV;SASDIFSV;i:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
S1 SASKUTIL;SASKUTIL;i:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;i:\program files\avira\antivir personaledition classic\sched.exe [2010-4-9 68865]
S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;i:\program files\avira\antivir personaledition classic\avguard.exe [2010-4-9 151297]
S2 gupdate;Google Update Service (gupdate);i:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;i:\windows\system32\drivers\WLNdis50.sys [2010-2-5 20480]
S2 WLSVC;WLSVC;i:\program files\d-link\dwa-130 reve\WLSVC.exe [2010-2-5 167936]
S3 avgntflt;avgntflt;i:\program files\avira\antivir personaledition classic\avgntflt.sys [2010-4-9 52056]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;i:\windows\system32\drivers\RTL8192su.sys [2010-2-5 572544]
S3 SASENUM;SASENUM;i:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
=============== Created Last 30 ================
==================== Find3M ====================
============= FINISH: 0:35:20.06 =========
Last edited by stardanz1; August 16th, 2010 at 09:27 PM.
-
August 16th, 2010, 09:47 PM
#4
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/2/2007 4:34:30 PM
System Uptime: 8/15/2010 10:40:17 AM (14 hours ago)
Motherboard: Intel Corporation | | D845GEBV2
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | J2E1 | 2800/133mhz
==== Disk Partitions =========================
A: is Removable
D: is FIXED (NTFS) - 233 GiB total, 47.151 GiB free.
E: is Removable
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is FIXED (NTFS) - 233 GiB total, 72.178 GiB free.
J: is Removable
K: is Removable
N: is Removable
==== Disabled Device Manager Items =============
Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: HID Non-User Input Data Filter (KB 911895)
Device ID: HID\VID_045E&PID_00E1&COL01\6&3A48DDB9&0&0000
Manufacturer: Microsoft
Name: HID Non-User Input Data Filter (KB 911895)
PNP Device ID: HID\VID_045E&PID_00E1&COL01\6&3A48DDB9&0&0000
Service: NuidFltr
==== System Restore Points ===================
RP26: 5/18/2010 10:44:11 AM - System Checkpoint
RP27: 5/20/2010 10:50:41 AM - System Checkpoint
RP28: 5/21/2010 12:09:49 PM - System Checkpoint
RP29: 5/25/2010 12:33:49 AM - System Checkpoint
RP30: 5/27/2010 11:53:29 AM - System Checkpoint
RP31: 5/29/2010 8:28:44 PM - System Checkpoint
RP32: 5/30/2010 9:16:50 PM - System Checkpoint
RP33: 6/15/2010 11:06:55 AM - System Checkpoint
RP34: 6/16/2010 1:18:09 PM - System Checkpoint
RP35: 6/18/2010 10:17:59 AM - System Checkpoint
RP36: 6/19/2010 11:00:26 AM - System Checkpoint
RP37: 6/28/2010 3:54:33 PM - System Checkpoint
RP38: 6/30/2010 10:48:40 AM - System Checkpoint
RP39: 7/2/2010 1:14:46 AM - System Checkpoint
RP40: 7/6/2010 9:50:32 AM - System Checkpoint
RP41: 7/8/2010 11:07:49 AM - System Checkpoint
RP42: 7/13/2010 11:50:50 AM - System Checkpoint
RP43: 7/14/2010 11:27:41 PM - System Checkpoint
RP44: 7/18/2010 2:02:36 PM - System Checkpoint
RP45: 7/20/2010 10:28:11 AM - System Checkpoint
RP46: 7/30/2010 1:50:47 PM - System Checkpoint
RP47: 8/1/2010 2:34:11 PM - System Checkpoint
RP48: 8/5/2010 12:26:46 PM - System Checkpoint
RP49: 8/7/2010 12:48:44 AM - System Checkpoint
RP50: 8/8/2010 6:06:50 PM - System Checkpoint
RP51: 8/10/2010 2:11:22 PM - System Checkpoint
RP52: 8/13/2010 2:27:19 PM - System Checkpoint
RP53: 8/15/2010 3:11:45 AM - System Checkpoint
==== Installed Programs ======================
µTorrent
1Click DVD Copy Pro 4.1.5.0
32 Bit HP CIO Components Installer
3ds max 5
6000 Sound Effects
ACID Pro 7.0
Acrobat.com
ActivePerl 5.10.0 Build 1003
Ad-Aware
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Audition 3.0
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Common File Installer
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit 1.0
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro 2.0
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.3.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
AIO_Scan
AnswerWorks Runtime
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Registration
AOL Toolbar for Firefox
AOL Toolbar for Internet Explorer
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apache HTTP Server 2.2.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
ATI Multimedia Center 7.7.0.0
ATI Remote Wonder 1.2
AutoUpdate
AVG Anti-Spyware 7.5
Avira AntiVir Personal - Free Antivirus
AVS Video Cutter 1.2
AVS Video Tools 5.4
AWStats
Bonjour
Bryce 6.1
Bryce Lightning 2.0 c
Bryce(R) 5
BufferChm
Calendar Creator
Camtasia Studio 3
CCleaner (remove only)
CleanUp!
CloneDVD2
Connect
Conversions Plus 4.5
Copy
Corel Graphics Suite 11
Corel Painter 8
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Panorama1Config
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CuteFTP Pro
D-Link DWA-130 Wireless N USB Adapter
D4100
D4100_Help
DAO
Data Lifeguard Tools
Destination Component
DeviceDiscovery
DeviceFunctionQFolder
DeviceManagementQFolder
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
DolbyFiles
Dramatica Pro 4.0
DVD Architect Pro 5.0
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD43 v4.6.0
DVDFab 6.0.1.0 by CATER / AHCU
EnGraph QuickTimeKiller
ERUNT 1.1j
eSupportQFolder
Fax
Final Draft 7
Flickr Uploadr 3.2.1
Free YouTube Download 2.2
FullDPAppQFolder
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hollywood Screenplay and StoryCraft
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 9.0
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart All-In-One Software 9.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Photosmart Essential 3.5
HP Product Assistant
HP Scanjet 4800 series
HP Smart Web Printing
HP Solution Center 9.0
HP Update
hpg4850
hpg4850QFolder
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPPhotoSmartExpress
HPProductAssistant
HPSSupply
HydraVision
ImagXpress
InstallMgr
InstantShareDevices
InstantShareDevicesMFC
Intel(R) PRO Ethernet Adapter and Software
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 19
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 19
kuler
LimeWire 5.5.9
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes' Anti-Malware
MarketResearch
Maxon Cinema 4D XL incl. BodyPaint 3D v7.20 Multilanguage
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Plus! for Windows XP
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Publishing Wizard 1.52
Microsoft XML Parser
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Movie Templates - Starter Kit
Mozilla Firefox (1.0.6)
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MySQL Server 5.0
MySQL Tools for 5.0
Native Instruments Audio 4 DJ Driver
Native Instruments Audio 8 DJ Driver
Native Instruments Service Center
Native Instruments Traktor
Native Instruments Traktor DJ Studio 3
Nero 8
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Netscape (7.2)
Netscape Browser (remove only)
newnovelist
Nikon RAW Codec
OmniPage Pro 12.0
Opera 9.0
Panda ActiveScan
Panda ActiveScan 2.0
PanoStandAlone
PDF Settings CS4
PhotoGallery
Photoshop Camera Raw
PowerDVD
PowerDVD Ultra
PowerISO
Preclick PhotoBack Plug-in
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
Pure Networks Port Magic
QuarkXPress 5.0
QuickBooks Premier: Professional Services Edition 2007
QuickBooks Product Listing Service
QuickTime
RandMap
RealPlayer Basic
Reason 4.0
Roxio Easy Media Creator 7
Safari
-
August 16th, 2010, 09:49 PM
#5
Scan
ScannerCopy
ScanSoft RealSpeak
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SkinsHP1
SolutionCenter
Sonic_PrimoSDK
Sony Media Manager 2.0
Sony Noise Reduction Plug-In 2.0h
Sony Vegas Pro 8.0
Sound Forge Pro 10.0
SoundMAX
SoundTrax
Spybot - Search & Destroy
Status
Steinberg Cubase 5
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
SWiSH v2.0
TitanTV Client components for ATI
Toolbox
TrayApp
Uninstall 1.0.0.1
Unload
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA (2627.01)
VCRedistSetup
VideoToolkit01
Viewpoint Media Player
Virtual DJ - Atomix Productions
WD Backup
WD Firewire HID Driver
WebFldrs XP
WebReg
Winamp (remove only)
Windows Defender
Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WinZip
WinZip Self-Extractor
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
Zune
==== Event Viewer Messages From Past Week ========
8/15/2010 6:45:50 AM, error: System Error [1003] - Error code 000000ea, parameter1 89bb9a00, parameter2 8a0b6370, parameter3 8a09e780, parameter4 00000001.
8/15/2010 2:32:09 AM, error: ati2mtag [108] - The driver ati2dvag for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.
8/15/2010 10:32:25 AM, error: System Error [1003] - Error code 000000ea, parameter1 897d5360, parameter2 89f7d148, parameter3 8a089bb0, parameter4 00000001.
8/15/2010 10:17:45 AM, error: System Error [1003] - Error code 000000ea, parameter1 897ffda8, parameter2 89f37e38, parameter3 8a288c28, parameter4 00000001.
8/14/2010 7:56:37 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
8/14/2010 7:56:37 PM, error: SideBySide [59] - Generate Activation Context failed for I:\WINDOWS\system32\wiashext.dll. Reference error message: The operation completed successfully. .
8/14/2010 2:20:05 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVG Anti-Spyware Driver avgio avipbb cdudf_xp Fips IntelIde intelppm IPSec MRxSmb NetBIOS NetBT NetworkX ohci1394 pavboot RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu ssmdrv Tcpip
8/13/2010 1:38:20 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVG Anti-Spyware Driver avgio avipbb cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT NetworkX pavboot RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu ssmdrv Tcpip
8/12/2010 8:37:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/12/2010 6:47:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
8/12/2010 5:34:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/12/2010 5:33:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVG Anti-Spyware Driver avgio avipbb cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT NetworkX oreans32 pavboot RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu ssmdrv Tcpip
8/12/2010 5:33:45 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 5:33:45 PM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2010 5:33:45 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 5:33:45 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 5:33:45 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 5:33:45 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 5:33:45 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 5:33:45 PM, error: Service Control Manager [7001] - The Apache2 service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 5:33:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/11/2010 9:29:16 PM, error: Service Control Manager [7024] - The Java Quick Starter service terminated with service-specific error 1 (0x1).
8/11/2010 9:29:16 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
8/11/2010 9:29:16 PM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The system cannot find the file specified.
8/11/2010 9:29:16 PM, error: Service Control Manager [7000] - The IIS Admin service failed to start due to the following error: The system cannot find the file specified.
8/10/2010 6:48:58 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bfa22f24, parameter3 aee12bac, parameter4 00000000.
==== End Of File ===========================
-
August 16th, 2010, 09:58 PM
#6
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe
- * Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run then try to immediately run the following.
Now download and run exeHelper.
- * Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
==============================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
August 17th, 2010, 07:35 PM
#7
Here are the logs. I ran everything in Safe Mode because my PC would lock up after about 7-10 minutes (or less). When I ran ComboFix it said Avira Antivirus was running, but only appeared on but not Active.
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
This log file is located at I:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Mark on 08/17/2010 at 10:19:37.
Processes terminated by Rkill or while it was running:
I:\Documents and Settings\Mark\Desktop\rkill.com
Rkill completed on 08/17/2010 at 10:19:39.
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
exeHelper by Raktor
Build 20100414
Run at 10:21:47 on 08/17/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file I:\Documents and Settings\Mark\Start Menu\Programs\Security Tool.lnk
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
ComboFix 10-08-16.04 - Mark 08/17/2010 10:33:55.9.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1589 [GMT -7:00]
Running from: i:\documents and settings\Mark\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
i:\documents and settings\Mark\Local Settings\Application Data\012690625.exe
i:\documents and settings\Mark\Local Settings\Application Data\30126.exe
i:\windows\My.ini
.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 09:26 . 2010-04-06 21:20 -------- d-----w- i:\program files\Malwarebytes' Anti-Malware
2010-08-13 01:45 . 2009-05-15 02:10 117760 ----a-w- i:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-13 00:35 . 2007-02-04 21:37 -------- d-----w- i:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-12 22:39 . 2007-05-20 18:48 -------- d-----w- i:\program files\Flickr Uploadr
2010-08-05 16:06 . 2008-10-12 18:24 -------- d-----w- i:\program files\Microsoft Silverlight
2010-07-15 21:23 . 2008-03-06 09:04 -------- d---a-w- i:\documents and settings\All Users\Application Data\TEMP
2010-07-08 18:53 . 2007-02-04 18:40 -------- d-----w- i:\program files\Common Files\Adobe
2010-06-23 19:22 . 2010-06-23 19:22 501936 ----a-w- i:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb17.tmp.exe
2010-06-18 18:33 . 2007-02-28 16:10 -------- d-----w- i:\program files\LimeWire
2005-07-16 13:41 . 2007-02-04 22:46 41573 ----a-w- i:\program files\mozilla firefox\components\jar50.dll
2005-07-16 13:41 . 2007-02-04 22:46 48223 ----a-w- i:\program files\mozilla firefox\components\jsd3250.dll
2005-07-16 13:41 . 2007-02-04 22:46 160871 ----a-w- i:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Remote Control"="i:\program files\ATI Multimedia\RemCtrl\ATIX10.exe" [2002-06-04 147456]
"swg"="i:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-07 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="i:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="i:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"BDRegion"="i:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-04 75048]
"RemoteControl"="i:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-07-22 87336]
"LanguageShortcut"="i:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-05-14 62760]
"QuickTime Task"="i:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"WD Button Manager"="WDBtnMgr.exe" [2010-04-21 364544]
"Google Quick Search Box"="i:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-06-14 126976]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="i:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
i:\documents and settings\Mark\Start Menu\Programs\Startup\
AOL Desktop.lnk - i:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "i:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"i:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"i:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"i:\\Program Files\\America Online 9.0\\waol.exe"=
"i:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"i:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"i:\\Program Files\\Common Files\\AOL\\1170608939\\EE\\AOLServiceHost.exe"=
"i:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"i:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"i:\\StubInstaller.exe"=
"i:\\Program Files\\LimeWire\\LimeWire.exe"=
"i:\\Program Files\\DAZ\\Bryce Lightning 2.0\\Lightning.exe"=
"i:\\Program Files\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe"=
"i:\\Program Files\\Common Files\\AOL\\1170608939\\EE\\aolsoftware.exe"=
"i:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"i:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"i:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"i:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"i:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"i:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"i:\\Program Files\\uTorrent\\uTorrent.exe"=
"i:\\WINDOWS\\system32\\drivers\\CDANTSRV.EXE"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"i:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"i:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"i:\\Program Files\\Microsoft Office\\OFFICE12\\OUTLOOK.EXE"=
"i:\\Program Files\\Microsoft Office\\OFFICE12\\GROOVE.EXE"=
"i:\\Program Files\\Microsoft Office\\OFFICE12\\ONENOTE.EXE"=
"i:\\Program Files\\Common Files\\AOL\\1170608939\\EE\\AOLDesktop.exe"=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"i:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"i:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 Lbd;Lbd;i:\windows\system32\drivers\Lbd.sys [2/9/2010 10:28 AM 64288]
R0 MacOpen;MacOpen;i:\windows\system32\drivers\MacOpen.sys [3/4/2007 4:14 PM 177152]
R0 Pnp680;SiI 680 ATA Controller;i:\windows\system32\drivers\PnP680.sys [11/15/2006 8:32 PM 66736]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;i:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 6:19 AM 1181328]
R2 WinDefend;Windows Defender;i:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S0 pavboot;pavboot;i:\windows\system32\drivers\pavboot.sys [4/11/2010 1:22 AM 28552]
S1 SASDIFSV;SASDIFSV;i:\program files\SUPERAntiSpyware\sasdifsv.sys [9/3/2008 2:07 PM 8944]
S1 SASKUTIL;SASKUTIL;i:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 55024]
S2 gupdate;Google Update Service (gupdate);i:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:17 PM 135664]
S2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;i:\windows\system32\drivers\WLNdis50.sys [2/5/2010 5:43 PM 20480]
S2 WLSVC;WLSVC;i:\program files\D-Link\DWA-130 revE\WLSVC.exe [2/5/2010 5:43 PM 167936]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;i:\windows\system32\drivers\RTL8192su.sys [2/5/2010 5:42 PM 572544]
S3 SASENUM;SASENUM;i:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-08-17 i:\windows\Tasks\Ad-Aware Update (Daily 1).job
- i:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:27]
2010-08-17 i:\windows\Tasks\Ad-Aware Update (Daily 2).job
- i:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:27]
2010-08-17 i:\windows\Tasks\Ad-Aware Update (Daily 3).job
- i:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:27]
2010-08-17 i:\windows\Tasks\Ad-Aware Update (Daily 4).job
- i:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:27]
2010-08-17 i:\windows\Tasks\Ad-Aware Update (Weekly).job
- i:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:27]
2010-04-16 i:\windows\Tasks\AppleSoftwareUpdate.job
- i:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2010-08-15 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:17]
2010-08-15 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:17]
2010-08-17 i:\windows\Tasks\MP Scheduled Scan.job
- i:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - i:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - i:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - i:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - i:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\734kbsrg.Default User\
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
i:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.
-
August 17th, 2010, 07:35 PM
#8
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)
HKCU-RunOnce-012690625 - i:\docume~1\Mark\LOCALS~1\APPLIC~1\012690625.exe
HKCU-RunOnce-30126 - i:\documents and settings\Mark\Local Settings\Application Data\30126.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 10:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\i:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\DefaultPreset]
@DACL=(02 0000)
@="DV - NTSC\\Standard 48kHz.prpreset"
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\Help]
@DACL=(02 0000)
"Support"="http://www.adobe.com/support/products/premiere.html"
"Search"="i:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\search.html"
"Keyboard"="i:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_21_0_0.html"
"HowToUse"="i:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\0_0_0_0.html"
"ExportToDVD"="i:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_19_2_0.html"
"AdobeMediaEncoder"="i:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Contents"="i:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\""
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@i:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="i:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:28,22,43,bb,49,cf,22,df,f9,25,c6,d6,e8,02,20,8e,ac,f1,bf,02,66,
81,6a,df,4a,59,d8,6a,81,39,cf,cc,b5,00,e6,7a,49,c0,c3,5d,33,e5,59,39,37,ca,\
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ�•€|ù•A~�*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:28,22,43,bb,49,cf,22,df,f9,25,c6,d6,e8,02,20,8e,ac,f1,bf,02,66,
81,6a,df,4a,59,d8,6a,81,39,cf,cc,b5,00,e6,7a,49,c0,c3,5d,33,e5,59,39,37,ca,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(280)
i:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-08-17 10:52:37
ComboFix-quarantined-files.txt 2010-08-17 17:52
ComboFix2.txt 2010-04-13 05:29
Pre-Run: 77,365,395,456 bytes free
Post-Run: 78,195,040,256 bytes free
- - End Of File - - D69BBF7D473FBFDD75C0780835F7C867
-
August 17th, 2010, 08:03 PM
#9
1. Please open Notepad- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"=-
3. Save the above as CFScript.txt
4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
-
August 18th, 2010, 01:36 AM
#10
I ran the ComboFix and the logfile is below. Everything is looking back to normal. Just one thing, AOL Spyware Protection opened up and shows a Blocked Item, "Bifrost" - Backdoor. Should I worry about this?
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
ComboFix 10-08-16.04 - Mark 08/17/2010 21:25:20.10.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1386 [GMT -7:00]
Running from: i:\documents and settings\Mark\Desktop\ComboFix.exe
Command switches used :: i:\documents and settings\Mark\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 09:26 . 2010-04-06 21:20 -------- d-----w- i:\program files\Malwarebytes' Anti-Malware
2010-08-13 01:45 . 2009-05-15 02:10 117760 ----a-w- i:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-13 00:35 . 2007-02-04 21:37 -------- d-----w- i:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-12 22:39 . 2007-05-20 18:48 -------- d-----w- i:\program files\Flickr Uploadr
2010-08-05 16:06 . 2008-10-12 18:24 -------- d-----w- i:\program files\Microsoft Silverlight
2010-07-15 21:23 . 2008-03-06 09:04 -------- d---a-w- i:\documents and settings\All Users\Application Data\TEMP
2010-07-08 18:53 . 2007-02-04 18:40 -------- d-----w- i:\program files\Common Files\Adobe
2010-06-23 19:22 . 2010-06-23 19:22 501936 ----a-w- i:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb17.tmp.exe
2005-07-16 13:41 . 2007-02-04 22:46 41573 ----a-w- i:\program files\mozilla firefox\components\jar50.dll
2005-07-16 13:41 . 2007-02-04 22:46 48223 ----a-w- i:\program files\mozilla firefox\components\jsd3250.dll
2005-07-16 13:41 . 2007-02-04 22:46 160871 ----a-w- i:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Remote Control"="i:\program files\ATI Multimedia\RemCtrl\ATIX10.exe" [2002-06-04 147456]
"swg"="i:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-07 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="i:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="i:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"BDRegion"="i:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-04 75048]
"RemoteControl"="i:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-07-22 87336]
"LanguageShortcut"="i:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-05-14 62760]
"QuickTime Task"="i:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"WD Button Manager"="WDBtnMgr.exe" [2010-04-21 364544]
"Google Quick Search Box"="i:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-06-14 126976]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="i:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
i:\documents and settings\Mark\Start Menu\Programs\Startup\
AOL Desktop.lnk - i:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "i:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"i:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"i:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"i:\\Program Files\\America Online 9.0\\waol.exe"=
"i:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"i:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"i:\\Program Files\\Common Files\\AOL\\1170608939\\EE\\AOLServiceHost.exe"=
"i:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"i:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"i:\\StubInstaller.exe"=
"i:\\Program Files\\LimeWire\\LimeWire.exe"=
"i:\\Program Files\\DAZ\\Bryce Lightning 2.0\\Lightning.exe"=
"i:\\Program Files\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe"=
"i:\\Program Files\\Common Files\\AOL\\1170608939\\EE\\aolsoftware.exe"=
"i:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"i:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"i:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"i:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"i:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"i:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"i:\\Program Files\\uTorrent\\uTorrent.exe"=
"i:\\WINDOWS\\system32\\drivers\\CDANTSRV.EXE"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"i:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"i:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"i:\\Program Files\\Microsoft Office\\OFFICE12\\OUTLOOK.EXE"=
"i:\\Program Files\\Microsoft Office\\OFFICE12\\GROOVE.EXE"=
"i:\\Program Files\\Microsoft Office\\OFFICE12\\ONENOTE.EXE"=
"i:\\Program Files\\Common Files\\AOL\\1170608939\\EE\\AOLDesktop.exe"=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"i:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"i:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 Lbd;Lbd;i:\windows\system32\drivers\Lbd.sys [2/9/2010 10:28 AM 64288]
R0 MacOpen;MacOpen;i:\windows\system32\drivers\MacOpen.sys [3/4/2007 4:14 PM 177152]
R0 pavboot;pavboot;i:\windows\system32\drivers\pavboot.sys [4/11/2010 1:22 AM 28552]
R0 Pnp680;SiI 680 ATA Controller;i:\windows\system32\drivers\PnP680.sys [11/15/2006 8:32 PM 66736]
R1 SASDIFSV;SASDIFSV;i:\program files\SUPERAntiSpyware\sasdifsv.sys [9/3/2008 2:07 PM 8944]
R1 SASKUTIL;SASKUTIL;i:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 55024]
R2 WinDefend;Windows Defender;i:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;i:\windows\system32\drivers\WLNdis50.sys [2/5/2010 5:43 PM 20480]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;i:\windows\system32\drivers\RTL8192su.sys [2/5/2010 5:42 PM 572544]
S2 gupdate;Google Update Service (gupdate);i:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:17 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;i:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 6:19 AM 1181328]
S2 WLSVC;WLSVC;i:\program files\D-Link\DWA-130 revE\WLSVC.exe [2/5/2010 5:43 PM 167936]
S3 SASENUM;SASENUM;i:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-08-18 i:\windows\Tasks\Ad-Aware Update (Daily 1).job
- i:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:27]
2010-08-18 i:\windows\Tasks\Ad-Aware Update (Daily 2).job
- i:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:27]
2010-08-18 i:\windows\Tasks\Ad-Aware Update (Daily 3).job
- i:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:27]
2010-08-18 i:\windows\Tasks\Ad-Aware Update (Daily 4).job
- i:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:27]
2010-08-18 i:\windows\Tasks\Ad-Aware Update (Weekly).job
- i:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:27]
2010-04-16 i:\windows\Tasks\AppleSoftwareUpdate.job
- i:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2010-08-18 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:17]
2010-08-15 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:17]
2010-08-18 i:\windows\Tasks\MP Scheduled Scan.job
- i:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - i:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - i:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - i:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - i:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\734kbsrg.Default User\
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
i:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 21:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\i:\program files\CyberLink\PowerDVD\000.fcl"
.
-
August 18th, 2010, 01:37 AM
#11
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\DefaultPreset]
@DACL=(02 0000)
@="DV - NTSC\\Standard 48kHz.prpreset"
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\Help]
@DACL=(02 0000)
"Support"="http://www.adobe.com/support/products/premiere.html"
"Search"="i:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\search.html"
"Keyboard"="i:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_21_0_0.html"
"HowToUse"="i:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\0_0_0_0.html"
"ExportToDVD"="i:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_19_2_0.html"
"AdobeMediaEncoder"="i:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Contents"="i:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\""
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@i:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="i:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:28,22,43,bb,49,cf,22,df,f9,25,c6,d6,e8,02,20,8e,ac,f1,bf,02,66,
81,6a,df,4a,59,d8,6a,81,39,cf,cc,b5,00,e6,7a,49,c0,c3,5d,33,e5,59,39,37,ca,\
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ�•€|ù•A~�*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:28,22,43,bb,49,cf,22,df,f9,25,c6,d6,e8,02,20,8e,ac,f1,bf,02,66,
81,6a,df,4a,59,d8,6a,81,39,cf,cc,b5,00,e6,7a,49,c0,c3,5d,33,e5,59,39,37,ca,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(788)
i:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(5176)
i:\windows\system32\WININET.dll
i:\progra~1\WINDOW~2\wmpband.dll
i:\windows\system32\ieframe.dll
i:\windows\system32\WPDShServiceObj.dll
i:\windows\system32\PortableDeviceTypes.dll
i:\windows\system32\PortableDeviceApi.dll
i:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-08-17 21:35:02
ComboFix-quarantined-files.txt 2010-08-18 04:34
ComboFix2.txt 2010-08-17 17:52
ComboFix3.txt 2010-04-13 05:29
Pre-Run: 75,997,523,968 bytes free
Post-Run: 75,980,402,688 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
i:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 0487AC969F0DBD0D0D88393A273C3636
-
August 18th, 2010, 01:42 AM
#12
I have no idea, what AOL is talking about. I think, AOL is the least security tool, you have to worry about 
Combofix log looks good
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
============================================================
Update Malwarebytes, run "Quick scan" and post new log.
=========================================================
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
August 18th, 2010, 02:34 AM
#13
Here are the logs
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4443
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
8/17/2010 11:08:29 PM
mbam-log-2010-08-17 (23-08-29).txt
Scan type: Quick scan
Objects scanned: 158593
Time elapsed: 8 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
OTL logfile created on: 8/17/2010 11:17:58 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = I:\Documents and Settings\Mark\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
C: Drive not present or media not loaded
Drive D: | 232.88 Gb Total Space | 47.15 Gb Free Space | 20.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 232.88 Gb Total Space | 72.61 Gb Free Space | 31.18% Space Free | Partition Type: NTFS
Computer Name: MARKCOMP-Z5OBGM
Current User Name: Mark
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/17 23:14:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Mark\Desktop\OTL.exe
PRC - [2010/04/21 16:28:00 | 000,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- I:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2010/04/09 01:32:35 | 000,068,865 | ---- | M] (Avira GmbH) -- I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2010/04/09 01:32:34 | 000,151,297 | ---- | M] (Avira GmbH) -- I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2010/02/09 10:27:37 | 000,788,880 | ---- | M] (Lavasoft) -- I:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/09 10:27:36 | 001,181,328 | ---- | M] (Lavasoft) -- I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/07 14:55:35 | 000,039,408 | ---- | M] (Google Inc.) -- I:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- I:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/04 13:16:16 | 000,075,048 | ---- | M] (cyberlink) -- I:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/07/07 13:36:06 | 000,140,640 | ---- | M] (AOL LLC) -- i:\Program Files\AOL Toolbar\aoltbServer.exe
PRC - [2008/06/24 11:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- I:\Program Files\Common Files\AOL\1170608939\EE\aolsoftware.exe
PRC - [2008/06/24 11:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- I:\Program Files\Common Files\AOL\1170608939\EE\AOLDesktop.exe
PRC - [2008/06/12 14:28:45 | 000,266,497 | ---- | M] (Avira GmbH) -- I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
PRC - [2008/03/21 09:06:00 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2006/11/28 16:28:12 | 000,020,480 | ---- | M] ( ) -- I:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/23 12:04:42 | 000,001,536 | ---- | M] () -- i:\Program Files\Common Files\AOL\1170608939\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- I:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- I:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 13:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- I:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2002/07/18 23:59:50 | 000,046,080 | ---- | M] (C-Dilla Ltd) -- I:\WINDOWS\system32\drivers\CDANTSRV.EXE
PRC - [2002/07/15 17:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/06/04 15:39:36 | 000,147,456 | ---- | M] (ATI Technologies Inc.) -- I:\Program Files\ATI Multimedia\RemCtrl\atix10.exe
PRC - [2000/06/29 01:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- I:\WINDOWS\system32\Crypserv.exe
========== Modules (SafeList) ==========
MOD - [2010/08/17 23:14:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Mark\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- I:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe -- (x10nets)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [Auto | Stopped] -- I:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - File not found [On_Demand | Stopped] -- I:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2010/04/09 01:32:35 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2010/04/09 01:32:34 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2010/02/09 10:27:36 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- I:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/11 19:25:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/11 20:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- I:\Program Files\D-Link\DWA-130 revE\WLSVC.exe -- (WLSVC)
SRV - [2008/03/21 09:06:00 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2007/03/14 17:19:30 | 000,975,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2006/11/28 16:28:12 | 000,020,480 | ---- | M] ( ) [Auto | Running] -- I:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2006/11/09 16:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- I:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- I:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- I:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
SRV - [2002/07/18 23:59:50 | 000,046,080 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- I:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)
SRV - [2002/07/15 17:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2000/06/29 01:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- I:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- I:\DOCUME~1\Mark\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/04/09 01:32:36 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/04/09 01:32:35 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2010/04/09 01:32:34 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2010/04/02 16:13:15 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/12/02 06:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/09/01 17:51:32 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/17 01:47:40] [Kernel | Auto | Running] -- I:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- I:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/05/07 00:04:50 | 000,157,712 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/04/08 18:20:22 | 000,572,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/09/03 14:07:16 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- I:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/09/03 14:07:14 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- I:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/09/03 14:07:12 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- I:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/07 00:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/13 11:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 11:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 11:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/03/21 09:05:57 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2008/02/27 11:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2007/12/10 04:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/12/10 04:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/03/01 10:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/02/28 13:56:07 | 000,015,440 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/02/04 10:09:59 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- I:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/12/13 16:41:48 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/11/15 20:32:08 | 000,066,736 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\pnp680.sys -- (Pnp680)
DRV - [2006/09/05 09:03:16 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/01/27 23:40:26 | 000,284,928 | ---- | M] (Roxio) [File_System | System | Running] -- I:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/01/27 23:39:56 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- I:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/01/27 23:34:56 | 000,140,416 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- I:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/01/27 23:29:44 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/01/27 23:29:40 | 000,197,632 | ---- | M] (Roxio) [File_System | System | Running] -- I:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/01/27 23:16:38 | 000,117,248 | ---- | M] (Roxio) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2003/06/19 06:04:18 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/07/18 23:59:50 | 000,057,968 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla)
DRV - [2002/05/23 15:28:00 | 000,448,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/02/21 12:16:54 | 000,032,976 | ---- | M] () [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2002/02/21 12:16:40 | 000,011,920 | ---- | M] () [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2002/02/21 12:16:34 | 000,011,440 | ---- | M] () [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2002/02/21 12:16:28 | 000,033,232 | ---- | M] () [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2002/02/21 12:15:44 | 000,066,944 | ---- | M] () [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2002/02/21 12:15:04 | 000,037,296 | ---- | M] () [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2002/01/08 11:16:06 | 000,006,656 | ---- | M] (Ravisent Technologies, Inc.) [Kernel | Auto | Running] -- I:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS -- (CINEMSUP)
DRV - [2002/01/07 13:28:48 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\x10uif.sys -- (X10UIF)
DRV - [2000/02/03 12:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- I:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [1998/07/13 18:31:32 | 000,177,152 | ---- | M] (DataViz Inc.) [File_System | Boot | Running] -- I:\WINDOWS\System32\drivers\MacOpen.sys -- (MacOpen)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - I:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - I:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
-
August 18th, 2010, 02:36 AM
#14
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.6\Extensions\\Components: I:\Program Files\Mozilla Firefox\Components [2010/04/19 11:16:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.6\Extensions\\Plugins: I:\Program Files\Mozilla Firefox\Plugins [2010/08/02 11:20:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: I:\Program Files\Netscape\Netscape\Components
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: I:\Program Files\Netscape\Netscape\Plugins [2010/08/02 11:20:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Components: I:\Program Files\Netscape\Netscape 8.1\Components [2010/04/19 11:16:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Plugins: I:\Program Files\Netscape\Netscape 8.1\Plugins [2010/08/02 11:20:35 | 000,000,000 | ---D | M]
[2010/06/18 11:34:16 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Mark\Application Data\Mozilla\Extensions
[2010/06/18 11:34:16 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Mark\Application Data\Mozilla\Extensions\[email protected]
[2009/11/14 20:52:32 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Mark\Application Data\Mozilla\Extensions\[email protected]
[2010/03/19 12:19:28 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\734kbsrg.Default User\extensions
[2010/03/19 12:19:28 | 000,000,000 | ---D | M] (Firefox (default)) -- I:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\734kbsrg.Default User\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/07 14:28:55 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\8kpmuchu.default\extensions
[2009/11/07 14:44:15 | 000,000,000 | ---D | M] (AOL Toolbar) -- I:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\8kpmuchu.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2007/02/04 15:47:01 | 000,000,000 | ---D | M] (Firefox (default)) -- I:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\8kpmuchu.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/28 18:46:40 | 000,002,160 | ---- | M] () -- I:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\8kpmuchu.default\searchplugins\MySpace.xml
[2010/04/06 16:02:32 | 000,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox\extensions
[2007/02/04 15:46:54 | 000,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox\defaults\profile\extensions
[2007/02/04 15:46:53 | 000,000,000 | ---D | M] (Firefox (default)) -- I:\Program Files\Mozilla Firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/07/16 06:41:00 | 000,041,573 | ---- | M] (Mozilla Foundation) -- I:\Program Files\Mozilla Firefox\components\jar50.dll
[2005/07/16 06:41:00 | 000,048,223 | ---- | M] (Mozilla Foundation) -- I:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2005/07/16 06:41:00 | 000,160,871 | ---- | M] (Mozilla Foundation) -- I:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2004/02/20 13:14:09 | 000,176,177 | ---- | M] () -- I:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2005/07/16 06:41:00 | 000,000,680 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.png
[2005/07/16 06:41:00 | 000,000,735 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.src
[2005/07/16 06:41:00 | 000,000,356 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\creativecommons.png
[2005/07/16 06:41:00 | 000,000,976 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\creativecommons.src
[2005/07/16 06:41:00 | 000,000,557 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\dictionary.png
[2005/07/16 06:41:00 | 000,000,692 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\dictionary.src
[2005/07/16 06:41:00 | 000,000,210 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\eBay.gif
[2005/07/16 06:41:00 | 000,001,064 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\eBay.src
[2005/07/16 06:41:00 | 000,001,076 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\google.gif
[2005/07/16 06:41:00 | 000,000,687 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\google.src
[2005/07/16 06:41:00 | 000,000,088 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\yahoo.gif
[2005/07/16 06:41:00 | 000,001,098 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\yahoo.src
O1 HOSTS File: ([2010/08/17 10:47:19 | 000,000,027 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - I:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - I:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - I:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - I:\Program Files\AOL Toolbar\toolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - I:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] I:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] I:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] I:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [LanguageShortcut] I:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [WD Button Manager] I:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [ATI Remote Control] I:\Program Files\ATI Multimedia\RemCtrl\atix10.exe (ATI Technologies Inc.)
O4 - HKCU..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: I:\Documents and Settings\Mark\Start Menu\Programs\Startup\AOL Desktop.lnk = I:\Program Files\Common Files\AOL\Launch\aollaunch.exe (AOL LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - I:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - I:\Program Files\Microsoft Office\OFFICE12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - I:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Program Files\Microsoft Office\OFFICE12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Program Files\Microsoft Office\OFFICE12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - I:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - I:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - I:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\Program Files\Microsoft Office\OFFICE12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/ho...vex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/actives.../as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1170464592171 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/actives.../as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/actives...ree/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files\Microsoft Office\OFFICE12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - I:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - I:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - I:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: I:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: I:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - I:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - I:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - I:\Program Files\Microsoft Office\OFFICE12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - I:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found
Drivers32: aux - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: MIDI1 - I:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: midi2 - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - I:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - I:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - I:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.imaadpcm - I:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - I:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - I:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - I:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - I:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - I:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - I:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - I:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - I:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - I:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - I:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - I:\WINDOWS\System32\CSvidcap.dll (TechSmith Corporation)
Drivers32: MSVideo8 - I:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - I:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - I:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: vidc.dvsd - I:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.I420 - I:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IYUV - I:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - I:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - I:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mp42 - I:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - I:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - I:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - I:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - I:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - I:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - I:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.VCR1 - ATIVCR1.DLL File not found
Drivers32: VIDC.VCR2 - ATIVCR2.DLL File not found
Drivers32: VIDC.WMV3 - I:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.xvid - I:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - ATIVYUY.DLL File not found
Drivers32: VIDC.YV12 - I:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - I:\WINDOWS\System32\Iyvu9_32.dll ()
Drivers32: VIDC.YVYU - I:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - I:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - I:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!
-
August 18th, 2010, 02:39 AM
#15
========== Files/Folders - Created Within 90 Days ==========
[2010/08/17 23:14:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\Mark\Desktop\OTL.exe
[2010/08/17 22:57:52 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- I:\Documents and Settings\Mark\Desktop\mbam-setup-1.46.exe
[2010/08/17 22:47:26 | 000,000,000 | --SD | C] -- I:\ComboFix
[2010/08/17 22:27:25 | 000,000,000 | -HSD | C] -- I:\RECYCLER
[2010/08/17 21:15:12 | 000,000,000 | RHSD | C] -- I:\cmdcons
[2010/08/17 10:52:39 | 000,000,000 | ---D | C] -- I:\WINDOWS\temp
[2010/08/11 03:15:16 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Winter show no Good
[2010/08/11 03:03:49 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Winter Show 2009
[2010/08/11 00:13:49 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Summer Show 2010 Charles
[2010/08/10 23:37:40 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Christmas Party Charles
[2010/08/10 22:51:51 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Youth Show Oct 2009
[2010/08/10 22:03:18 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Valentine Party 2010
[2010/08/10 21:23:29 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Christmas Party 2009
[2010/08/10 19:16:51 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Halloween 2008 where are originals
[2010/08/10 19:10:23 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Youth Class flyer
[2010/08/10 19:02:25 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Summer Showcase 2010 Music and PDF
[2010/08/08 16:24:42 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\flickr Athens 2010 these are copies
[2010/08/08 15:10:06 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\flickr Geneva 2010 these are copies
[2010/08/08 14:18:36 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\flickr Liverpool 2010 these are copies
[2010/08/08 13:44:50 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\flickr Blackpool 2010 these are copies
[2010/08/08 13:04:11 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\flickr Scotland 2010 there are copies
[2010/08/02 09:09:08 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Liverpool,England Beatles Tour
[2010/08/02 09:06:35 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Blackpool, England 2010
[2010/08/02 08:53:59 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Athens, Greece 2010
[2010/08/02 01:04:07 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\z folder 2
[2010/08/02 00:25:36 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\z folder 1
[2010/07/24 01:46:03 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Geneva,Switzerland 2010
[2010/07/24 01:27:46 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Scotland 2010 part 2
[2010/07/24 01:24:41 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Scotland 2010 part 1
[2010/06/21 18:14:46 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Mark\Desktop\Havent Met You Yet
[2008/10/08 09:55:24 | 000,047,360 | ---- | C] (VSO Software) -- I:\Documents and Settings\Mark\Application Data\pcouffin.sys
========== Files - Modified Within 90 Days ==========
[2010/08/17 23:14:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Mark\Desktop\OTL.exe
[2010/08/17 22:57:59 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- I:\Documents and Settings\Mark\Desktop\mbam-setup-1.46.exe
[2010/08/17 22:57:06 | 000,000,472 | ---- | M] () -- I:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/17 22:57:06 | 000,000,472 | ---- | M] () -- I:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/08/17 22:57:05 | 000,000,472 | ---- | M] () -- I:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/08/17 22:57:05 | 000,000,472 | ---- | M] () -- I:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/08/17 22:57:04 | 000,000,472 | ---- | M] () -- I:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/08/17 22:55:58 | 000,000,330 | -H-- | M] () -- I:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/17 22:53:23 | 000,013,646 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2010/08/17 22:52:59 | 000,000,882 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/17 22:52:33 | 000,000,006 | -H-- | M] () -- I:\WINDOWS\tasks\SA.DAT
[2010/08/17 22:52:30 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2010/08/17 22:52:28 | 2146,291,712 | -HS- | M] () -- I:\hiberfil.sys
[2010/08/17 22:50:48 | 019,136,512 | -H-- | M] () -- I:\Documents and Settings\Mark\NTUSER.DAT
[2010/08/17 22:50:48 | 000,000,278 | -HS- | M] () -- I:\Documents and Settings\Mark\ntuser.ini
[2010/08/17 22:34:00 | 000,000,886 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/17 21:31:39 | 000,000,272 | ---- | M] () -- I:\WINDOWS\system.ini
[2010/08/17 21:15:18 | 000,000,281 | RHS- | M] () -- I:\boot.ini
[2010/08/17 10:47:19 | 000,000,027 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\hosts
[2010/08/03 01:25:51 | 000,000,230 | ---- | M] () -- I:\WINDOWS\NeroDigital.ini
[2010/08/03 01:25:50 | 000,202,240 | ---- | M] () -- I:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/26 11:45:23 | 002,187,288 | ---- | M] () -- I:\Documents and Settings\Mark\Desktop\I_Just_Haven't_Met_You_yet_edit130.mp3
[2010/07/15 13:05:55 | 000,000,768 | ---- | M] () -- I:\Documents and Settings\Mark\My Documents\Default.sfvidcap
[2010/06/30 10:58:43 | 000,033,429 | ---- | M] () -- I:\Documents and Settings\Mark\Desktop\Dear Chris.rtf
[2010/06/24 16:44:09 | 000,020,480 | ---- | M] () -- I:\Documents and Settings\Mark\Desktop\Salsaclasses.xls
[2010/06/19 11:52:04 | 000,011,196 | ---- | M] () -- I:\Documents and Settings\Mark\My Documents\Dear Chris.docx
[2010/06/17 13:54:04 | 000,033,792 | ---- | M] () -- I:\Documents and Settings\Mark\Desktop\Consolidate_bills_NEW.xls
========== Files Created - No Company Name ==========
[2010/08/17 21:15:18 | 000,000,281 | ---- | C] () -- I:\Boot.bak
[2010/08/17 20:44:51 | 2146,291,712 | -HS- | C] () -- I:\hiberfil.sys
[2010/08/10 23:15:10 | 000,000,472 | ---- | C] () -- I:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/10 23:15:10 | 000,000,472 | ---- | C] () -- I:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/08/10 23:15:09 | 000,000,472 | ---- | C] () -- I:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/08/10 23:15:09 | 000,000,472 | ---- | C] () -- I:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/07/26 11:45:19 | 002,187,288 | ---- | C] () -- I:\Documents and Settings\Mark\Desktop\I_Just_Haven't_Met_You_yet_edit130.mp3
[2010/06/30 10:58:42 | 000,033,429 | ---- | C] () -- I:\Documents and Settings\Mark\Desktop\Dear Chris.rtf
[2010/06/24 16:44:08 | 000,020,480 | ---- | C] () -- I:\Documents and Settings\Mark\Desktop\Salsaclasses.xls
[2010/06/19 11:31:07 | 000,011,196 | ---- | C] () -- I:\Documents and Settings\Mark\My Documents\Dear Chris.docx
[2010/04/19 11:51:43 | 000,000,205 | ---- | C] () -- I:\WINDOWS\System32\lsprst7.dll
[2010/04/19 11:51:43 | 000,000,073 | ---- | C] () -- I:\WINDOWS\System32\ssprs.dll
[2010/04/19 11:51:43 | 000,000,000 | ---- | C] () -- I:\WINDOWS\System32\tmpPrst.dll
[2010/04/03 02:26:42 | 000,000,036 | ---- | C] () -- I:\Documents and Settings\Mark\Local Settings\Application Data\housecall.guid.cache
[2010/04/02 01:02:42 | 000,011,242 | -HS- | C] () -- I:\Documents and Settings\Mark\Local Settings\Application Data\0S70
[2010/04/02 01:02:42 | 000,011,242 | -HS- | C] () -- I:\Documents and Settings\All Users\Application Data\0S70
[2010/04/01 18:34:24 | 000,000,242 | ---- | C] () -- I:\Documents and Settings\Mark\Application Data\default.rss
[2010/03/28 13:31:24 | 000,073,656 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/05 17:43:59 | 000,020,480 | ---- | C] () -- I:\WINDOWS\System32\wlndis50.sys
[2010/02/05 17:43:59 | 000,020,480 | ---- | C] () -- I:\WINDOWS\System32\drivers\WLNdis50.sys
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- I:\WINDOWS\bdoscandellang.ini
[2008/12/28 15:07:22 | 000,166,912 | ---- | C] () -- I:\WINDOWS\System32\libmcrypt.dll
[2008/12/25 18:00:58 | 000,000,211 | ---- | C] () -- I:\WINDOWS\wininit.ini
[2008/11/13 21:43:17 | 000,000,099 | ---- | C] () -- I:\Documents and Settings\Mark\Application Data\default.pls
[2008/11/06 10:54:46 | 000,002,048 | ---- | C] () -- I:\WINDOWS\System32\sysprs7.dll
[2008/11/06 10:54:46 | 000,001,025 | ---- | C] () -- I:\WINDOWS\System32\clauth2.dll
[2008/11/06 10:54:46 | 000,001,025 | ---- | C] () -- I:\WINDOWS\System32\clauth1.dll
[2008/10/08 09:55:40 | 000,000,034 | ---- | C] () -- I:\Documents and Settings\Mark\Application Data\pcouffin.log
[2008/10/08 09:55:24 | 000,007,887 | ---- | C] () -- I:\Documents and Settings\Mark\Application Data\pcouffin.cat
[2008/10/08 09:55:24 | 000,001,144 | ---- | C] () -- I:\Documents and Settings\Mark\Application Data\pcouffin.inf
[2007/08/25 00:30:08 | 000,000,000 | ---- | C] () -- I:\WINDOWS\pcfriend.INI
[2007/07/25 19:53:34 | 003,596,288 | ---- | C] () -- I:\WINDOWS\System32\qt-dx331.dll
[2007/07/25 19:49:28 | 000,012,288 | ---- | C] () -- I:\WINDOWS\System32\DivXWMPExtType.dll
[2007/04/03 11:07:50 | 000,000,120 | ---- | C] () -- I:\Documents and Settings\Mark\Application Data\FixVTS.ini
[2007/04/01 20:08:36 | 000,000,125 | -HS- | C] () -- I:\Documents and Settings\All Users\Application Data\.zreglib
[2007/03/25 21:49:10 | 000,000,151 | ---- | C] () -- I:\WINDOWS\PhotoSnapViewer.INI
[2007/03/13 09:58:37 | 000,000,000 | ---- | C] () -- I:\WINDOWS\Screen.INI
[2007/03/10 01:09:56 | 000,000,002 | ---- | C] () -- I:\WINDOWS\msoffice.ini
[2007/03/04 14:00:08 | 000,000,021 | -H-- | C] () -- I:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2007/03/04 12:19:17 | 000,000,026 | -H-- | C] () -- I:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2007/03/04 12:17:12 | 000,000,021 | -H-- | C] () -- I:\Documents and Settings\All Users\Application Data\.311018984119889580931149468956
[2007/03/02 14:00:25 | 000,011,776 | ---- | C] () -- I:\WINDOWS\System32\ZPORT4AS.dll
[2007/02/26 12:55:01 | 000,001,108 | ---- | C] () -- I:\WINDOWS\maxlink.ini
[2007/02/26 12:54:07 | 000,000,022 | ---- | C] () -- I:\WINDOWS\OP70.INI
[2007/02/06 10:54:10 | 000,000,345 | ---- | C] () -- I:\Documents and Settings\Mark\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2007/02/06 10:54:10 | 000,000,234 | ---- | C] () -- I:\WINDOWS\PrnHlpLogConfig.ini
[2007/02/06 10:54:10 | 000,000,000 | ---- | C] () -- I:\Documents and Settings\Mark\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2007/02/06 10:53:46 | 000,002,769 | ---- | C] () -- I:\Documents and Settings\Mark\Application Data\PatchUpdate_InstantShareJPG.log
[2007/02/06 10:53:46 | 000,000,214 | ---- | C] () -- I:\WINDOWS\HP_InstantSHareJPG.ini
[2007/02/06 10:49:54 | 000,003,527 | ---- | C] () -- I:\Documents and Settings\Mark\Application Data\PatchUpdate_IZClosingDiscError.log
[2007/02/06 10:49:54 | 000,000,217 | ---- | C] () -- I:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/02/04 21:52:26 | 000,000,376 | ---- | C] () -- I:\WINDOWS\ODBC.INI
[2007/02/04 19:41:22 | 000,000,000 | ---- | C] () -- I:\WINDOWS\PROTOCOL.INI
[2007/02/04 19:21:32 | 000,000,089 | ---- | C] () -- I:\WINDOWS\Crypkey.ini
[2007/02/04 19:21:29 | 000,024,608 | ---- | C] () -- I:\WINDOWS\System32\Ckldrv.sys
[2007/02/04 19:21:29 | 000,018,432 | ---- | C] () -- I:\WINDOWS\Setup_ck.dll
[2007/02/04 14:24:25 | 000,001,637 | ---- | C] () -- I:\WINDOWS\cftppro.INI
[2007/02/04 12:41:24 | 000,000,004 | ---- | C] () -- I:\Documents and Settings\All Users\Application Data\DragToDiscUserNameG.txt
[2007/02/04 12:17:01 | 000,202,240 | ---- | C] () -- I:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/04 12:02:45 | 000,524,288 | ---- | C] () -- I:\WINDOWS\System32\xvidcore.dll
[2007/02/04 12:02:45 | 000,139,264 | ---- | C] () -- I:\WINDOWS\System32\xvidvfw.dll
[2007/02/04 11:59:07 | 000,000,004 | ---- | C] () -- I:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2007/02/04 00:26:40 | 000,000,127 | ---- | C] () -- I:\Documents and Settings\Mark\Local Settings\Application Data\fusioncache.dat
[2007/02/03 23:56:26 | 000,005,115 | ---- | C] () -- I:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/02/03 13:54:46 | 000,000,000 | ---- | C] () -- I:\WINDOWS\ATIMMC.INI
[2007/02/03 13:40:48 | 000,000,230 | ---- | C] () -- I:\WINDOWS\NeroDigital.ini
[2007/02/02 20:30:58 | 000,066,560 | ---- | C] () -- I:\WINDOWS\System32\atiyuv12.dll
[2007/02/02 20:30:58 | 000,056,832 | ---- | C] () -- I:\WINDOWS\System32\Iyvu9_32.dll
[2007/02/02 20:30:51 | 000,013,373 | ---- | C] () -- I:\WINDOWS\System32\vctest.ini
[2007/02/02 20:30:48 | 000,009,136 | ---- | C] () -- I:\WINDOWS\System32\INETWH16.DLL
[2007/02/02 17:57:05 | 000,000,044 | ---- | C] () -- I:\WINDOWS\System32\msssc.dll
[2007/02/02 09:24:12 | 000,037,296 | ---- | C] () -- I:\WINDOWS\System32\drivers\atintuxx.sys
[2007/02/02 09:24:11 | 000,066,944 | ---- | C] () -- I:\WINDOWS\System32\drivers\atinrvxx.sys
[2007/02/02 09:24:10 | 000,033,232 | ---- | C] () -- I:\WINDOWS\System32\drivers\atinraxx.sys
[2007/02/02 09:24:09 | 000,032,976 | ---- | C] () -- I:\WINDOWS\System32\drivers\atinxsxx.sys
[2007/02/02 09:24:09 | 000,011,920 | ---- | C] () -- I:\WINDOWS\System32\drivers\atinpdxx.sys
[2007/02/02 09:24:09 | 000,011,440 | ---- | C] () -- I:\WINDOWS\System32\drivers\atinmdxx.sys
[2006/12/05 15:07:16 | 000,032,256 | ---- | C] () -- I:\WINDOWS\System32\dzbryce6.dll
[2006/12/05 15:00:56 | 000,180,224 | ---- | C] () -- I:\WINDOWS\System32\dzwrapper.dll
[2006/12/05 15:00:44 | 006,144,000 | ---- | C] () -- I:\WINDOWS\System32\dzcore.dll
[2006/11/20 16:25:16 | 001,343,488 | ---- | C] () -- I:\WINDOWS\System32\daz-qsa.dll
[2006/11/20 16:25:02 | 004,984,832 | ---- | C] () -- I:\WINDOWS\System32\daz-qt-mt.dll
[2006/09/18 15:37:50 | 000,000,530 | ---- | C] () -- I:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 15:37:48 | 000,667,280 | ---- | C] () -- I:\WINDOWS\System32\tx12.dll
[2005/06/02 01:16:28 | 000,528,384 | ---- | C] () -- I:\WINDOWS\System32\hpgt4850.dll
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
