|
-
August 9th, 2010, 07:08 PM
#16
I tried running Combofix sooooo many times in normal mode and it gets as far as the message where it says it should only take about 10 minutes and it never goes any farther. Tried once in safe mode and it went as far as stage 50 then stopped so we left it going all night but it still didn't go any farther. Trying in safe mode again now but I don't know how well it will work. The computer won't even come on in normal mode now, it freezes as soon as it starts up so if this doesn't work in safe mode, i don't know what to do!!
-
August 9th, 2010, 09:05 PM
#17
Restart computer
When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.
You should get a black screen with a C:\> prompt. Type with an Enter after each line:
fixmbr
(If it asks you if you are sure then say "Y".)
exit
Reboot computer.
Post fresh MBRCheck log.
-
August 10th, 2010, 01:35 PM
#18
MBRCheck, version 1.1.1
(c) 2010, AD
\\.\C: --> \\.\PhysicalDrive0
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
Done! Press ENTER to exit...
-
August 10th, 2010, 09:50 PM
#19
I assume, your computer booted with no problem?
Try to run Combofix now...
-
August 11th, 2010, 02:03 PM
#20
It's telling me Combofix has expired and there's no option to update it or anything? Just to run it in reduced function mode or something.
-
August 12th, 2010, 12:20 AM
#21
Delete your Combofix file and download fresh one.
-
August 12th, 2010, 05:53 PM
#22
ComboFix 10-08-12.02 - Paul 12/08/2010 18:47:14.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.526 [GMT -2.5:30]
Running from: c:\documents and settings\Paul\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100812-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Paul\LOCALS~1\Temp\jna7693632927727710563.dll
c:\documents and settings\Paul\Local Settings\temp\jna7693632927727710563.dll
.
---- Previous Run -------
.
c:\docume~1\Paul\LOCALS~1\Temp\jna2096167780467187785.dll
c:\documents and settings\Paul\Local Settings\temp\jna2096167780467187785.dll
.
((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.
2010-08-10 00:23 . 2010-08-10 00:33 -------- d-----w- C:\wCFix4728w
2010-08-09 23:03 . 2010-08-09 23:08 -------- d-----w- C:\wCFix19870w
2010-08-04 22:45 . 2010-08-05 02:21 -------- d-----w- C:\wCFix
2010-08-04 01:05 . 2010-08-04 01:17 -------- d-----w- C:\wCFix14503w
2010-08-02 00:13 . 2010-08-02 00:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-02 00:13 . 2010-08-02 00:13 -------- d-----w- c:\documents and settings\Administrator.MICHELLE\Local Settings\Application Data\Google
2010-08-02 00:07 . 2010-08-02 00:07 -------- d-----w- c:\documents and settings\Administrator.MICHELLE\Local Settings\Application Data\Mozilla
2010-08-01 15:32 . 2010-08-01 15:32 -------- d-----w- c:\documents and settings\Administrator.MICHELLE\Application Data\Malwarebytes
2010-07-31 08:43 . 2010-07-31 08:43 -------- d-----w- c:\windows\TI8VLB1XSI84TI84
2010-07-31 08:37 . 2010-07-31 08:37 -------- d-----w- c:\windows\CORGK2OZAZALALWL
2010-07-15 18:20 . 2010-07-18 16:33 -------- d-----w- c:\program files\Common Files\Doblon
2010-07-15 18:20 . 2010-07-15 23:24 -------- d-----w- c:\program files\Common Files\cdrdao
2010-07-15 18:20 . 2010-01-14 15:07 31744 ----a-w- c:\windows\system32\WnASPI32.dll
2010-07-15 18:20 . 2010-07-18 16:30 -------- d-----w- c:\program files\Doblon
2010-07-15 18:11 . 2010-07-15 18:12 -------- d-----w- C:\MAGICDVDCOPY_TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 21:29 . 2007-06-14 02:57 -------- d-----w- c:\documents and settings\Paul\Application Data\LimeWire
2010-07-21 22:21 . 2007-07-10 02:57 23094 ----a-w- c:\documents and settings\Paul\Application Data\wklnhst.dat
2010-07-19 21:28 . 2006-10-03 19:51 -------- d-----w- c:\program files\Dl_cats
2010-07-18 20:06 . 2008-10-28 14:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2010-07-18 18:11 . 2008-03-14 20:23 -------- d-----w- c:\documents and settings\Paul\Application Data\BitTorrent
2010-07-15 18:11 . 2010-06-03 13:14 -------- d-----w- c:\program files\MagicDVDCopier
2010-07-15 18:10 . 2007-11-28 01:59 -------- d-----w- c:\documents and settings\Paul\Application Data\Vso
2010-06-25 22:32 . 2010-06-25 22:32 -------- d-----w- c:\documents and settings\Paul\Application Data\Home Sweet Home 2
2010-06-24 11:38 . 2007-06-12 22:53 43640 ----a-w- c:\documents and settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-24 02:04 . 2007-03-15 21:38 -------- d-----w- c:\program files\Messenger Plus! Live
2010-06-20 19:29 . 2010-06-20 19:29 -------- d-----w- c:\documents and settings\Paul\Application Data\PlayFirst
2010-06-20 19:29 . 2007-10-01 21:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst
2010-06-14 01:54 . 2006-10-03 18:47 -------- d-----w- c:\program files\LimeWire
2008-03-09 17:46 . 2008-03-09 17:46 0 ----a-w- c:\program files\temp01
2007-10-14 19:14 . 2007-10-14 19:14 251 ----a-w- c:\program files\wt3d.ini
2006-10-08 19:26 . 2006-10-08 19:26 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-06-14 02:09 . 2007-06-14 02:11 135168 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
c:\documents and settings\Paul\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-5-26 503808]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-01-04 19:16 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Photo AIO Printer 924\\dlccaiox.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\progra~1\\mozill~1\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7514:TCP"= 7514:TCP:Services
"4507:TCP"= 4507:TCP:Services
"7460:TCP"= 7460:TCP:Services
"7461:TCP"= 7461:TCP:Services
"3257:TCP"= 3257:TCP:Services
"5014:TCP"= 5014:TCP:Services
"3585:TCP"= 3585:TCP:Services
"5670:TCP"= 5670:TCP:Services
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/08/2008 1:53 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 8:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 8:56 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/08/2008 1:53 PM 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/02/2008 3:08 PM 716272]
S2 gupdate1c9a3e5d42c25db;Google Update Service (gupdate1c9a3e5d42c25db);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2009 11:43 AM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 8:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2010-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:04]
2010-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 14:12]
2010-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 14:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2535290
uInternet Connection Wizard,ShellNext = hxxp://www.aliant.net/
uInternet Settings,ProxyOverride = *.local
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {BBD4C71D-71F5-11D2-8BB0-000000001234} - hxxp://games.bigfishgames.com/en_paper-chase/online/PaperChaseLoader.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.vocm.com/index.asp
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&q=
FF - component: c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\extensions\{437c4386-9237-441f-a940-009430030ee0}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\extensions\{437c4386-9237-441f-a940-009430030ee0}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\extensions\[email protected]\components\PlaySushiFF.dll
FF - plugin: c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\documents and settings\Paul\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpPopup.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Paul\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 18:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{018AEEB2-991D-1A04-BD95-3732724599D6}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{018AEEB2-991D-1A04-BD95-3732724599D6}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{018AEEB2-991D-1A04-BD95-3732724599D6}\TypeLib]
@DACL=(02 0000)
@="{2CEAF59B-9412-C46A-69C6-DF41A7CC6F15}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib]
@DACL=(02 0000)
@="{29D67D3C-509A-4544-903F-C8C1B8236554}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{318F50FE-44BE-3D0D-CD2E-086A2F9BEA54}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{318F50FE-44BE-3D0D-CD2E-086A2F9BEA54}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{318F50FE-44BE-3D0D-CD2E-086A2F9BEA54}\TypeLib]
@DACL=(02 0000)
@="{2CEAF59B-9412-C46A-69C6-DF41A7CC6F15}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{400EDC65-3199-7508-E853-493259993D39}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{400EDC65-3199-7508-E853-493259993D39}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{400EDC65-3199-7508-E853-493259993D39}\TypeLib]
@DACL=(02 0000)
@="{2CEAF59B-9412-C46A-69C6-DF41A7CC6F15}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib]
@DACL=(02 0000)
@="{E47CAEE0-DEEA-464A-9326-3F2801535A4D}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib]
@DACL=(02 0000)
@="{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib]
@DACL=(02 0000)
@="{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib]
@DACL=(02 0000)
@="{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(652)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
- - - - - - - > 'explorer.exe'(6628)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
.
-
August 12th, 2010, 05:56 PM
#23
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-08-12 19:11:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-12 21:41
Pre-Run: 149,068,013,568 bytes free
Post-Run: 149,047,668,736 bytes free
Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 0330F848C0C89BE500C9B033A55C9790
Since I did the thing with the recovery console, I've noticed the Avast no longer comes up in the task bar at all and the button on my keyboard for volume won't adjust the volume anymore. I don't know if those things are related to Combofix not working and having to use the Recovery Console thing but it just seems weird that it happened at the same time. If it is because of that, and you know how to fix it, could you please let me know? haha.
-
August 12th, 2010, 09:03 PM
#24
You may need to reinstall Avast.
As for the volume issue, we'll see later.
1. Please open Notepad- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Folder::
c:\windows\TI8VLB1XSI84TI84
c:\windows\CORGK2OZAZALALWL
c:\program files\Common Files\cdrdao
3. Save the above as CFScript.txt
4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
-
August 13th, 2010, 02:40 PM
#25
ComboFix 10-08-12.03 - Paul 13/08/2010 15:40:16.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.487 [GMT -2.5:30]
Running from: c:\documents and settings\Paul\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Paul\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100813-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Paul\LOCALS~1\Temp\jna6580401092769149333.dll
c:\documents and settings\Paul\Local Settings\temp\jna6580401092769149333.dll
c:\program files\Common Files\cdrdao
c:\program files\Common Files\cdrdao\cdrdao.exe
c:\program files\Common Files\cdrdao\cdrdao_1_1_7.exe
c:\program files\Common Files\cdrdao\CREDITS
c:\program files\Common Files\cdrdao\cygwin1.dll
c:\program files\Common Files\cdrdao\DOWNLOAD
c:\program files\Common Files\cdrdao\gpl.txt
c:\program files\Common Files\cdrdao\README
c:\windows\CORGK2OZAZALALWL
c:\windows\TI8VLB1XSI84TI84
.
((((((((((((((((((((((((( Files Created from 2010-07-13 to 2010-08-13 )))))))))))))))))))))))))))))))
.
2010-08-10 00:23 . 2010-08-10 00:33 -------- d-----w- C:\wCFix4728w
2010-08-09 23:03 . 2010-08-09 23:08 -------- d-----w- C:\wCFix19870w
2010-08-04 22:45 . 2010-08-05 02:21 -------- d-----w- C:\wCFix
2010-08-04 01:05 . 2010-08-04 01:17 -------- d-----w- C:\wCFix14503w
2010-08-02 00:13 . 2010-08-02 00:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-02 00:13 . 2010-08-02 00:13 -------- d-----w- c:\documents and settings\Administrator.MICHELLE\Local Settings\Application Data\Google
2010-08-02 00:07 . 2010-08-02 00:07 -------- d-----w- c:\documents and settings\Administrator.MICHELLE\Local Settings\Application Data\Mozilla
2010-08-01 15:32 . 2010-08-01 15:32 -------- d-----w- c:\documents and settings\Administrator.MICHELLE\Application Data\Malwarebytes
2010-07-15 18:20 . 2010-07-18 16:33 -------- d-----w- c:\program files\Common Files\Doblon
2010-07-15 18:20 . 2010-01-14 15:07 31744 ----a-w- c:\windows\system32\WnASPI32.dll
2010-07-15 18:20 . 2010-07-18 16:30 -------- d-----w- c:\program files\Doblon
2010-07-15 18:11 . 2010-07-15 18:12 -------- d-----w- C:\MAGICDVDCOPY_TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 18:20 . 2007-06-14 02:57 -------- d-----w- c:\documents and settings\Paul\Application Data\LimeWire
2010-07-21 22:21 . 2007-07-10 02:57 23094 ----a-w- c:\documents and settings\Paul\Application Data\wklnhst.dat
2010-07-19 21:28 . 2006-10-03 19:51 -------- d-----w- c:\program files\Dl_cats
2010-07-18 20:06 . 2008-10-28 14:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2010-07-18 18:11 . 2008-03-14 20:23 -------- d-----w- c:\documents and settings\Paul\Application Data\BitTorrent
2010-07-15 18:11 . 2010-06-03 13:14 -------- d-----w- c:\program files\MagicDVDCopier
2010-07-15 18:10 . 2007-11-28 01:59 -------- d-----w- c:\documents and settings\Paul\Application Data\Vso
2010-06-25 22:32 . 2010-06-25 22:32 -------- d-----w- c:\documents and settings\Paul\Application Data\Home Sweet Home 2
2010-06-24 11:38 . 2007-06-12 22:53 43640 ----a-w- c:\documents and settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-24 02:04 . 2007-03-15 21:38 -------- d-----w- c:\program files\Messenger Plus! Live
2010-06-20 19:29 . 2010-06-20 19:29 -------- d-----w- c:\documents and settings\Paul\Application Data\PlayFirst
2010-06-20 19:29 . 2007-10-01 21:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst
2008-03-09 17:46 . 2008-03-09 17:46 0 ----a-w- c:\program files\temp01
2007-10-14 19:14 . 2007-10-14 19:14 251 ----a-w- c:\program files\wt3d.ini
2006-10-08 19:26 . 2006-10-08 19:26 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-06-14 02:09 . 2007-06-14 02:11 135168 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
c:\documents and settings\Paul\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-5-26 503808]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-01-04 19:16 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Photo AIO Printer 924\\dlccaiox.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\progra~1\\mozill~1\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7514:TCP"= 7514:TCP:Services
"4507:TCP"= 4507:TCP:Services
"7460:TCP"= 7460:TCP:Services
"7461:TCP"= 7461:TCP:Services
"3257:TCP"= 3257:TCP:Services
"5014:TCP"= 5014:TCP:Services
"3585:TCP"= 3585:TCP:Services
"5670:TCP"= 5670:TCP:Services
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/08/2008 1:53 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 8:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 8:56 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/08/2008 1:53 PM 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/02/2008 3:08 PM 716272]
S2 gupdate1c9a3e5d42c25db;Google Update Service (gupdate1c9a3e5d42c25db);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2009 11:43 AM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 8:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2010-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:04]
2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 14:12]
2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 14:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2535290
uInternet Connection Wizard,ShellNext = hxxp://www.aliant.net/
uInternet Settings,ProxyOverride = *.local
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {BBD4C71D-71F5-11D2-8BB0-000000001234} - hxxp://games.bigfishgames.com/en_paper-chase/online/PaperChaseLoader.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.vocm.com/index.asp
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&q=
FF - component: c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\extensions\{437c4386-9237-441f-a940-009430030ee0}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\extensions\{437c4386-9237-441f-a940-009430030ee0}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\extensions\[email protected]\components\PlaySushiFF.dll
FF - plugin: c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\documents and settings\Paul\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpPopup.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 15:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{018AEEB2-991D-1A04-BD95-3732724599D6}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{018AEEB2-991D-1A04-BD95-3732724599D6}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{018AEEB2-991D-1A04-BD95-3732724599D6}\TypeLib]
@DACL=(02 0000)
@="{2CEAF59B-9412-C46A-69C6-DF41A7CC6F15}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib]
@DACL=(02 0000)
@="{29D67D3C-509A-4544-903F-C8C1B8236554}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{318F50FE-44BE-3D0D-CD2E-086A2F9BEA54}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{318F50FE-44BE-3D0D-CD2E-086A2F9BEA54}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{318F50FE-44BE-3D0D-CD2E-086A2F9BEA54}\TypeLib]
@DACL=(02 0000)
@="{2CEAF59B-9412-C46A-69C6-DF41A7CC6F15}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{400EDC65-3199-7508-E853-493259993D39}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{400EDC65-3199-7508-E853-493259993D39}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{400EDC65-3199-7508-E853-493259993D39}\TypeLib]
@DACL=(02 0000)
@="{2CEAF59B-9412-C46A-69C6-DF41A7CC6F15}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib]
@DACL=(02 0000)
@="{E47CAEE0-DEEA-464A-9326-3F2801535A4D}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib]
@DACL=(02 0000)
@="{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib]
@DACL=(02 0000)
@="{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib]
@DACL=(02 0000)
@="{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}"
"Version"="1.0"
.
-
August 13th, 2010, 02:41 PM
#26
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(652)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
- - - - - - - > 'explorer.exe'(7708)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-08-13 16:03:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-13 18:33
ComboFix2.txt 2010-08-12 21:41
Pre-Run: 148,943,085,568 bytes free
Post-Run: 148,915,359,744 bytes free
Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - EE98D1F5EEA22DB696051E3E67246116
-
August 13th, 2010, 08:11 PM
#27
Looks good 
Did you reinstall Avast?
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
===============================================================
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
August 15th, 2010, 08:40 AM
#28
I did reinstall Avast. It shows up now. But the volume problem is still there. Not sure if it has anything to do with the virus and scans but that's when it stopped working. Here are the OTL scans.
OTL logfile created on: 15/08/2010 9:48:44 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Paul\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1,014.00 Mb Total Physical Memory | 505.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.14 Gb Total Space | 138.55 Gb Free Space | 60.73% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MICHELLE
Current User Name: Paul
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/15 09:48:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\My Documents\Downloads\OTL.exe
PRC - [2010/07/29 14:02:10 | 000,503,808 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2010/06/28 18:27:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 18:27:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/09/30 14:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/07/25 16:06:30 | 002,027,792 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/07/25 16:02:54 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/07/25 16:02:32 | 000,403,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/07/20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/07/20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2004/08/10 08:30:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/08/15 09:48:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\My Documents\Downloads\OTL.exe
MOD - [2007/07/20 00:40:36 | 000,113,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2006/08/25 13:15:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 08:30:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2010/06/28 18:27:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 18:27:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 18:27:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/04/03 21:04:54 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/26 22:22:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/07/20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/07/20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/07/20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2005/10/28 10:11:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/06/28 18:07:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 18:07:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 18:03:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 18:02:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 18:02:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 18:02:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/01/05 08:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 08:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 08:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/03/30 13:24:45 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2008/03/15 12:55:15 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/12/17 23:17:52 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/07/20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/07/18 22:14:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/18 22:09:14 | 001,278,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/07/18 22:09:14 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/07/18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/07/14 23:35:27 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2006/02/10 12:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 20:37:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT2535290
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live CA-EN Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.vocm.com/index.asp"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07074039
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {437c4386-9237-441f-a940-009430030ee0}:2.5.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/01 21:37:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 18:48:44 | 000,000,000 | ---D | M]
[2009/06/02 11:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions
[2009/06/02 11:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions\[email protected]
[2010/08/14 21:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\extensions
[2010/06/24 15:08:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/08 15:56:33 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/05/19 22:32:22 | 000,000,000 | ---D | M] (Messenger Plus Live CA-EN Toolbar) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\extensions\{437c4386-9237-441f-a940-009430030ee0}
[2007/10/24 17:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\extensions\[email protected]
[2010/06/10 14:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\extensions\[email protected]
[2010/04/01 14:19:10 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\searchplugins\conduit.xml
[2008/03/15 13:00:43 | 000,002,920 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ko9me5pm.default\searchplugins\daemon-search.xml
[2010/08/14 21:01:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/13 17:41:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/01/07 22:15:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/05/13 00:11:46 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NpPopup.dll
[2005/04/27 17:40:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
O1 HOSTS File: ([2010/08/13 15:48:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://games.bigfishgames.com/en_coo...eb.1.0.0.9.cab (CPlayFirstCookingDasControl Object)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary...r.cab56986.cab (Checkers Class)
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} https://disneyblast.go.com/v3/setup/...areControl.cab (Walt Disney Internet Group Hardware Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary...n.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1182438811484 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://games.bigfishgames.com/en_bur...sPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary...o.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BBD4C71D-71F5-11D2-8BB0-000000001234} http://games.bigfishgames.com/en_pap...haseLoader.cab (MusicCtl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
-
August 15th, 2010, 08:42 AM
#29
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://www.miniclip.com/igloader/igloader.CAB (igLoader Content on Demand)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/...ploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://games.bigfishgames.com/en_wed...h.1.0.0.47.cab (CPlayFirstWeddingDashControl Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary...r.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 07:13:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)
========== Files/Folders - Created Within 90 Days ==========
[2010/08/14 10:28:21 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/14 10:28:21 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/14 10:28:19 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/14 10:28:18 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/14 10:28:16 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/14 10:28:16 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/14 10:28:15 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/14 10:28:02 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/14 10:28:02 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/14 10:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/08/12 18:43:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/12 18:43:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/12 18:43:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/12 18:43:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/09 22:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/09 21:53:42 | 000,000,000 | ---D | C] -- C:\wCFix4728w
[2010/08/09 20:33:51 | 000,000,000 | ---D | C] -- C:\wCFix19870w
[2010/08/04 20:15:11 | 000,000,000 | ---D | C] -- C:\wCFix
[2010/08/03 22:35:58 | 000,000,000 | ---D | C] -- C:\wCFix14503w
[2010/08/03 11:05:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/18 14:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\My Karaoke
[2010/07/15 15:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doblon
[2010/07/15 15:50:44 | 000,031,744 | ---- | C] (Rocket Division Software, StarBurn Software) -- C:\WINDOWS\System32\WnASPI32.dll
[2010/07/15 15:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Doblon
[2010/07/15 15:41:15 | 000,000,000 | ---D | C] -- C:\MAGICDVDCOPY_TEMP
[2010/06/30 10:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Unity
[2010/06/26 18:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\iWin Games
[2010/06/25 20:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Home Sweet Home 2
[2010/06/20 16:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\PlayFirst
[2010/06/20 16:58:57 | 000,000,000 | ---D | C] -- C:\games
[2010/06/17 16:16:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/06/13 17:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2010/06/10 14:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\PlaySushi
[2010/06/03 10:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDVDCopier
[2010/06/03 10:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\PcSetup
[2010/05/19 22:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/05/19 22:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Conduit
[2006/10/03 17:19:50 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/10/03 17:19:48 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/10/03 17:19:48 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2006/10/03 17:19:48 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2006/10/03 17:19:47 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/10/03 17:19:47 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/10/03 17:19:47 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/10/03 17:19:46 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/10/03 17:19:46 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/08/15 09:49:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/14 22:49:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/14 10:34:12 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\Paul\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/08/14 10:33:16 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\LimeWire 5.5.13.lnk
[2010/08/14 10:28:22 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2010/08/14 10:28:17 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/14 10:22:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/14 10:22:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/14 10:21:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/14 10:20:51 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Paul\ntuser.dat
[2010/08/14 10:20:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Paul\ntuser.ini
[2010/08/13 15:49:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/13 15:48:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/12 18:42:18 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Shortcut to ComboFix.lnk
[2010/08/12 10:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/01 21:43:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/21 19:51:55 | 000,023,094 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\wklnhst.dat
[2010/07/18 16:39:15 | 000,183,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/17 14:27:52 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\Karaoke.doc
[2010/07/15 20:54:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Power CD+G Burner.lnk
[2010/07/15 15:40:40 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Magic DVD Copier.lnk
[2010/06/28 18:27:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 18:27:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 18:07:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 18:07:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 18:03:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 18:02:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 18:02:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 18:02:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 18:02:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/28 11:35:38 | 000,007,073 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\Contacts for hunt_michelle1033 (hotmail).ctt
-
August 15th, 2010, 08:42 AM
#30
[2010/06/25 19:50:33 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/06/25 19:50:33 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\BitTorrent.lnk
[2010/06/25 16:24:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Twister.INI
[2010/06/25 08:45:35 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Safari.lnk
[2010/06/25 03:07:35 | 000,614,070 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/25 03:07:35 | 000,524,406 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/25 03:07:35 | 000,098,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/25 03:01:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/24 23:56:01 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/24 14:41:37 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\business.doc
[2010/06/24 09:08:10 | 000,043,640 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/24 03:47:27 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/24 03:47:20 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/24 03:47:20 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/22 20:05:58 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\resume.doc
[2010/06/17 16:44:19 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Launch Internet Explorer Browser.lnk
[2010/06/16 06:43:56 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
========== Files Created - No Company Name ==========
[2010/08/14 10:34:12 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\Paul\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/08/14 10:33:16 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\LimeWire 5.5.13.lnk
[2010/08/14 10:28:22 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2010/08/12 18:43:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/12 18:43:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/12 18:43:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/12 18:43:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/12 18:43:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/12 18:42:18 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Shortcut to ComboFix.lnk
[2010/08/01 21:43:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/17 11:52:54 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\Karaoke.doc
[2010/07/15 15:50:47 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Power CD+G Burner.lnk
[2010/06/28 11:35:38 | 000,007,073 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\Contacts for hunt_michelle1033 (hotmail).ctt
[2010/06/25 16:24:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twister.INI
[2010/06/24 00:03:31 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\business.doc
[2010/06/22 19:54:31 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\resume.doc
[2010/06/03 10:44:20 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Magic DVD Copier.lnk
[2010/05/12 22:01:32 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2009/08/28 11:10:50 | 000,000,049 | ---- | C] () -- C:\WINDOWS\Navigator.INI
[2008/08/10 09:59:21 | 000,000,720 | ---- | C] () -- C:\WINDOWS\avscan.ini
[2008/04/27 17:21:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\_Nobeltec.INI
[2008/04/21 16:34:36 | 000,000,011 | ---- | C] () -- C:\WINDOWS\wanpatan.ini
[2008/03/30 13:24:45 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2008/02/18 17:05:23 | 000,000,405 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2008/02/16 21:09:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/01/04 15:25:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/01/03 23:11:15 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/01/03 23:11:12 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/03 23:11:12 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/03 23:11:11 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/01/03 23:11:11 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/12/16 13:20:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/16 05:21:34 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2007/12/15 18:00:59 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2007/08/20 21:56:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/20 21:56:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/15 20:03:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/26 17:48:34 | 000,000,160 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2007/07/18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/07/10 00:15:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/21 15:34:21 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/06/13 20:39:27 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007/06/13 20:39:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2007/05/11 16:40:10 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/10/03 17:19:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/10/03 17:19:49 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/10/03 17:19:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/10/03 17:19:45 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/10/03 17:19:45 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/10/03 17:19:44 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/10/03 17:19:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/10/03 17:19:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/10/03 17:19:41 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/10/03 17:19:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2004/12/05 17:37:00 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
========== LOP Check ==========
[2008/04/19 14:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Aliasworlds
[2010/08/14 10:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2007/09/23 19:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ashampoo
[2008/04/07 19:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Astar Games
[2008/01/04 16:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Citrix
[2007/06/12 18:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DIGStream
[2009/06/18 11:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivoGames
[2009/07/05 19:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EnterNHelp
[2008/01/26 23:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\espionServerData
[2008/04/06 18:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fugazo
[2008/02/29 19:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GoBit Games
[2008/01/06 19:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Gogii
[2008/07/05 00:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
[2008/08/20 13:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games
[2008/05/19 01:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kayo Games
[2007/11/24 16:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Legacy Interactive
[2008/04/06 22:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ludia
[2010/05/25 13:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
[2008/03/13 22:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MonteCristo
[2007/09/20 21:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2009/07/05 19:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nikon
[2007/08/11 19:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Oberon Games
[2010/06/20 16:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
[2007/10/01 21:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sandlot Games
[2008/01/13 22:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpinTop Games
[2009/06/17 17:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/07/05 19:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ultima_T15
[2008/02/04 23:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Valusoft
[2009/07/05 19:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Widgets
[2007/11/29 20:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom
[2010/01/14 13:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/16 14:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/07/29 16:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Ace
[2010/07/18 15:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\BitTorrent
[2008/03/15 12:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\DAEMON Tools
[2008/07/16 19:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\DNA
[2007/10/03 15:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Elluminate
[2008/01/12 20:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\ForgottenRiddles
[2010/01/08 22:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\FUJIFILM
[2007/10/08 19:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Gaijin Ent
[2010/06/25 20:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Home Sweet Home 2
[2008/04/06 22:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Jane s Hotel Family Hero
[2010/08/15 09:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\LimeWire
[2008/04/06 22:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Ludia
[2008/03/14 10:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Magic Seeds
[2008/03/13 18:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Meridian93
[2007/12/01 15:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\My Games
[2007/12/03 18:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\MysteryStudio
[2009/07/05 19:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Nikon
[2008/02/03 19:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Obsidium
[2010/06/20 16:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\PlayFirst
[2009/01/22 17:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Pogo Games
[2008/01/06 01:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\SecondLife
[2008/01/03 22:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\STOIK
[2008/01/06 01:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Teggo
[2009/06/23 14:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Template
[2008/02/04 23:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Valusoft
[2007/12/02 22:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\ViquaSoft
[2010/07/15 15:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Vso
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2008/01/26 23:18:58 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2008/05/21 12:29:33 | 000,002,353 | ---- | M] () -- C:\artpdbg.log
[2005/08/16 07:13:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/12/20 23:16:25 | 000,018,745 | ---- | M] () -- C:\avi_log.txt
[2007/06/12 17:58:21 | 000,000,209 | -HS- | M] () -- C:\Boot.bak
[2009/10/04 13:45:40 | 000,000,280 | -HS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/13 16:03:30 | 000,021,168 | ---- | M] () -- C:\ComboFix.txt
[2005/08/16 07:13:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/06/08 17:52:38 | 000,000,230 | ---- | M] () -- C:\config.xml
[2006/09/21 22:22:28 | 000,006,210 | RH-- | M] () -- C:\dell.sdr
[2007/06/25 14:47:44 | 000,108,621 | ---- | M] () -- C:\dlcc.log
[2008/06/05 21:24:27 | 000,029,686 | ---- | M] () -- C:\dlccscan.log
[2007/04/01 15:38:15 | 000,001,394 | ---- | M] () -- C:\DTLog.txt
[2007/01/01 13:14:49 | 000,000,213 | ---- | M] () -- C:\Expiration.Log
[2007/06/12 17:35:44 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2006/10/03 15:48:04 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 07:13:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/02/10 17:20:03 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2006/09/21 22:40:08 | 000,000,777 | -H-- | M] () -- C:\IPH.PH
[2009/06/08 17:38:03 | 000,014,751 | ---- | M] () -- C:\JavaRa.log
[2010/06/11 22:36:52 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/08/16 07:13:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 08:30:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/05/12 22:24:57 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2006/09/21 22:11:54 | 000,000,024 | -H-- | M] () -- C:\osinfo.ENG
[2010/08/14 10:21:56 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2007/09/29 22:21:46 | 000,048,881 | ---- | M] () -- C:\playground.log
[2007/11/24 15:34:40 | 001,265,421 | ---- | M] () -- C:\saida.txt
[2007/06/13 21:20:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/08/19 15:07:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/08/22 20:19:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/08/23 21:34:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/08/24 18:30:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2007/08/27 21:31:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2007/08/30 19:09:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2007/06/13 21:20:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/08/19 15:07:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/08/22 20:19:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/08/23 21:34:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/08/24 18:30:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/08/27 21:31:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2007/08/30 19:09:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2007/12/16 05:21:40 | 000,005,139 | ---- | M] () -- C:\StarBurn.log
[2005/10/31 13:26:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2008/08/20 13:56:04 | 000,000,150 | ---- | M] () -- C:\YServer.txt
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2005/11/10 13:39:44 | 000,073,728 | ---- | M] (Dell, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlccPP5C.DLL
[2008/07/06 09:36:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
< %systemroot%\Fonts\*.dll >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/10 08:30:00 | 001,251,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/10/04 10:23:57 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/10/04 12:27:57 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2009/10/04 10:23:57 | 030,408,704 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/10/04 10:23:57 | 005,242,880 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2004/08/10 08:30:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/10 08:30:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2004/08/10 08:30:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
