Jump to content

RisenWarrior

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by RisenWarrior

  1. Thanks for trying to help, Chamber. I would like to request that this thread to be closed as I have now started receiving help at another forum and am going to continue there. Take care.
  2. I get a '501 not implemented' error when trying to download AVZ from the link you provided.
  3. Hi. I ran TFC as requested, then rebooted my machine. I then uninstalled my old version of Malwarebytes and rebooted. Then I downloaded the new Malwarebytes from the link you provided in your post. Like I said in my very first post here, Malwarebytes opens & closes in about 4-5 seconds. It is still doing that. I have a fast internet connection, so I can usually get the updates before it closes & crashes. However, Malwarebytes still won't stay open long enough for me to do a scan. I've tried renaming the executable on download and in the program files. I've tried running in both normal & safe mode. Malwarebytes still crashes either way. Do you think I need to reformat my computer now?
  4. Hey, Chamber..are you still here? I'm on Pacific time in Canada. Not sure what area of the world you are from. I'm not getting anywhere with this messed up computer of mine. You haven't given up yet have you? I hope not. I still need your help please.
  5. OTL logfile created on: 24/11/2009 11:40:36 AM - Run 2 OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Kelly\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 83.62% Memory free 3.35 Gb Paging File | 3.20 Gb Available in Paging File | 95.42% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 153.38 Gb Total Space | 129.92 Gb Free Space | 84.70% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-C191A06AD4 Current User Name: Kelly Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Kelly\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Kelly\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions) SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions) SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions) SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions) SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation) SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation) SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://www.google.ca/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7 FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/24 00:39:49 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/01 02:05:31 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/24 00:40:03 | 00,000,000 | ---D | M] [2009/05/28 23:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Extensions [2009/05/28 23:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/11/24 10:50:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\1srshufj.default\extensions [2009/06/23 15:39:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\1srshufj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/11/24 10:50:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/05/28 23:25:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/11/24 00:40:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009/02/19 17:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/02/19 17:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/11/24 00:39:48 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2009/02/19 17:43:35 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2009/02/19 11:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/02/19 11:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/02/19 11:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/02/19 11:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/02/19 11:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/02/19 11:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.168.13 64.59.168.15 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/25 03:56:12 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ] O32 - AutoRun File - [2007/04/02 10:34:24 | 00,000,065 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 14 Days ========== [2009/11/24 11:35:57 | 00,000,000 | ---D | C] -- C:\_OTL [2009/11/24 11:23:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009/11/24 09:19:54 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/11/24 09:14:34 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.exe [2009/11/24 02:08:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\WinRAR [2009/11/24 01:54:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009/11/24 00:40:03 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/11/24 00:40:03 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/11/24 00:40:03 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/11/24 00:40:03 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/11/24 00:40:03 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/11/24 00:39:44 | 00,000,000 | ---D | C] -- C:\Program Files\Java [2009/11/23 23:59:05 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/11/23 23:59:05 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/11/23 23:59:05 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/11/23 23:59:05 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/11/23 23:58:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/11/23 23:58:46 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/11/23 14:23:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET [2009/11/23 11:37:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2009/11/23 11:31:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/23 11:31:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/23 11:31:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/23 02:57:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Local Settings\Application Data\Threat Expert [2009/11/22 23:44:50 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\housecall.guid.cache [2009/11/22 23:01:25 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Kelly\Recent [2009/11/22 19:26:32 | 00,000,000 | ---D | C] -- C:\Program Files\UnHackMe [2009/11/22 19:13:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\AVG8 [2009/11/22 17:39:23 | 00,000,000 | ---D | C] -- C:\RootkitNO [2009/11/22 09:15:12 | 00,000,000 | ---D | C] -- C:\Hjt2 [2009/11/21 20:59:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\Queen - 2009 - Absolute Greatest [2009/11/20 17:09:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\vlc [2009/11/20 15:29:12 | 00,000,000 | ---D | C] -- C:\Program Files\DVDInfoPro [2009/11/19 23:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\2006 - Dear Love; A Beautiful Discord [2009/11/19 23:10:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\2007 - Plagues [2009/11/19 23:08:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\The Devil Wears Prada - With Roots Above And Branches Below (2009) [2009/11/19 14:46:01 | 00,000,000 | ---D | C] -- C:\Program Files\AoA DVD Ripper [2009/11/18 01:11:44 | 00,860,160 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2009/11/18 01:11:44 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2009/11/18 01:11:44 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2009/11/18 01:11:43 | 00,683,520 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll [2009/11/18 01:11:43 | 00,081,920 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll [2009/11/18 00:28:31 | 00,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema [2009/11/15 00:39:19 | 00,618,496 | ---- | C] (Virusface Industries) -- C:\WINDOWS\System32\MSSTTFTTM.ocx [2009/11/15 00:39:19 | 00,212,992 | ---- | C] (WeOnlyDo! COM) -- C:\WINDOWS\System32\sql.dll [2009/11/15 00:39:19 | 00,098,304 | ---- | C] (Evova Technology) -- C:\WINDOWS\System32\Msdxm11.ocx [2009/11/15 00:11:53 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll [2009/11/14 11:08:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\FLV Extract [3 C:\Documents and Settings\Kelly\My Documents\*.tmp files -> C:\Documents and Settings\Kelly\My Documents\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009/11/24 11:37:25 | 00,000,104 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/11/24 11:37:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/24 11:37:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/24 11:36:12 | 14,680,064 | ---- | M] () -- C:\Documents and Settings\Kelly\ntuser.dat [2009/11/24 11:36:12 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Kelly\ntuser.ini [2009/11/24 11:33:33 | 03,574,755 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\ComboFix.exe [2009/11/24 11:27:05 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini [2009/11/24 11:26:48 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/11/24 10:56:51 | 22,163,456 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\518522.flv [2009/11/24 09:20:02 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009/11/24 09:14:36 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.exe [2009/11/24 09:10:51 | 00,463,192 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/24 09:10:51 | 00,395,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/24 09:10:51 | 00,060,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/24 09:06:18 | 00,001,167 | ---- | M] () -- C:\WINDOWS\win.ini [2009/11/24 09:06:18 | 00,000,211 | ---- | M] () -- C:\Boot.bak [2009/11/24 02:15:21 | 01,930,896 | -H-- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\IconCache.db [2009/11/24 00:39:48 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/11/24 00:39:48 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/11/24 00:39:48 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/11/24 00:39:48 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/11/24 00:39:48 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/11/23 11:37:54 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2009/11/23 11:37:54 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2009/11/23 11:31:14 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/23 03:19:35 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009/11/22 23:44:50 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\housecall.guid.cache [2009/11/22 23:06:37 | 00,079,360 | ---- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/22 19:26:44 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/11/22 19:26:44 | 00,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2009/11/22 19:26:44 | 00,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat [2009/11/20 17:06:37 | 00,000,107 | ---- | M] () -- C:\WINDOWS\VobEdit.INI [2009/11/20 12:03:25 | 00,309,730 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\ncix_rmalabel.pdf [2009/11/19 19:44:41 | 00,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI [2009/11/19 15:11:34 | 00,000,413 | ---- | M] () -- C:\WINDOWS\IfoEdit.INI [2009/11/19 14:50:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\AoADVDRipper.INI [2009/11/19 12:47:57 | 00,000,961 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Media Player Classic.lnk [2009/11/15 00:11:53 | 00,356,352 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll [2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe [3 C:\Documents and Settings\Kelly\My Documents\*.tmp files -> C:\Documents and Settings\Kelly\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/24 10:54:15 | 22,163,456 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\518522.flv [2009/11/24 00:00:01 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009/11/23 23:59:57 | 00,260,272 | ---- | C] () -- C:\cmldr [2009/11/23 23:59:05 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/11/23 23:59:05 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/11/23 23:59:05 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/11/23 23:59:05 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2009/11/23 23:59:05 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/11/23 23:56:03 | 03,574,755 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\ComboFix.exe [2009/11/23 11:31:14 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/22 23:44:50 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\housecall.guid.cache [2009/11/22 22:42:35 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl [2009/11/22 17:37:34 | 00,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat [2009/11/20 12:03:25 | 00,309,730 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\ncix_rmalabel.pdf [2009/11/19 14:50:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI [2009/11/19 12:47:57 | 00,000,961 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\Media Player Classic.lnk [2009/11/18 01:11:45 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009/11/18 01:11:44 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2009/11/18 01:11:43 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009/11/18 01:11:43 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/11/18 01:11:43 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/11/08 20:50:28 | 01,945,088 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll [2009/10/12 10:17:58 | 00,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI [2009/07/15 08:10:43 | 00,000,053 | ---- | C] () -- C:\WINDOWS\REGKEYNT.INI [2009/06/02 23:56:31 | 00,006,966 | ---- | C] () -- C:\Program Files\x264.ico [2009/03/05 21:22:13 | 00,000,066 | ---- | C] () -- C:\WINDOWS\Power Video Converter.INI [2009/01/06 04:28:19 | 00,002,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\nxsIO32.sys [2009/01/06 02:54:01 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll [2008/09/15 16:18:00 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/04/26 22:54:35 | 00,000,066 | ---- | C] () -- C:\WINDOWS\System32\jesusincanyon.ini [2007/10/13 21:43:20 | 00,000,142 | ---- | C] () -- C:\WINDOWS\DemoEditor.INI [2007/09/17 09:37:18 | 00,262,144 | ---- | C] () -- C:\Program Files\flac.exe [2007/07/16 19:28:51 | 00,001,058 | ---- | C] () -- C:\WINDOWS\pae.ini [2007/06/18 10:21:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\zlib1d.dll [2007/05/17 12:19:29 | 00,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini [2007/05/06 00:23:15 | 00,003,427 | ---- | C] () -- C:\Documents and Settings\Kelly\Application Data\glide_wrapper.zbag.ini [2007/03/19 12:21:29 | 00,000,766 | ---- | C] () -- C:\Program Files\xvid.ico [2007/02/16 08:46:01 | 00,000,120 | ---- | C] () -- C:\Documents and Settings\Kelly\Application Data\FixVTS.ini [2007/01/16 17:15:02 | 00,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI [2006/03/15 01:24:30 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\DVDEncoder.dll [2006/03/04 15:10:13 | 00,000,413 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI [2005/12/05 13:13:56 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll [2005/12/05 13:13:56 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll [2005/09/01 10:34:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/06/18 20:15:27 | 00,109,277 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI [2005/06/17 11:41:14 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2005/05/16 02:08:39 | 00,000,127 | ---- | C] () -- C:\WINDOWS\SP3D.ini [2005/05/03 10:44:44 | 00,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll [2005/05/03 10:43:44 | 00,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll [2005/05/02 10:35:10 | 00,013,502 | ---- | C] () -- C:\Program Files\blue.ico [2005/05/02 10:35:10 | 00,013,502 | ---- | C] () -- C:\Program Files\black.ico [2005/05/02 00:06:06 | 00,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll [2005/05/02 00:06:06 | 00,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini [2005/05/02 00:05:32 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini [2005/03/31 21:33:15 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2005/03/01 15:30:20 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2005/01/13 18:10:46 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini [2005/01/12 12:39:57 | 00,155,648 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2005/01/10 18:48:26 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2005/01/10 18:31:31 | 00,079,360 | ---- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/01/10 17:08:34 | 01,930,896 | -H-- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\IconCache.db [2005/01/10 17:08:34 | 00,057,616 | ---- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2005/01/10 17:08:34 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Kelly\Application Data\desktop.ini [2004/10/06 07:30:31 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/09/28 11:52:34 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll [2004/09/28 11:50:58 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2004/09/28 11:50:58 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll [2004/09/08 12:43:04 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2004/08/25 03:56:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2004/08/25 03:52:25 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2004/08/25 03:52:25 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2004/08/25 03:51:08 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2004/08/25 03:51:06 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2004/08/24 20:46:08 | 00,463,192 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2004/08/24 20:46:06 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/24 20:45:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2004/08/18 16:03:47 | 00,001,534 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/08/18 16:03:42 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll [2004/08/18 16:03:41 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll [2004/08/18 16:03:17 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2004/08/18 16:03:17 | 00,001,167 | ---- | C] () -- C:\WINDOWS\win.ini [2004/08/18 16:03:12 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2004/08/18 16:03:12 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2004/08/18 16:03:11 | 00,000,253 | ---- | C] () -- C:\WINDOWS\system.ini [2004/08/18 16:03:03 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2004/08/18 16:03:03 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2004/08/18 16:03:01 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll [2004/08/18 16:03:01 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2004/08/18 16:03:01 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll [2004/08/18 16:03:01 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll [2004/08/18 16:03:01 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll [2004/08/18 16:03:01 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll [2004/08/18 16:03:01 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2004/08/18 16:03:01 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2004/08/18 16:03:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2004/08/18 16:03:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2004/08/18 16:03:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2004/08/18 16:03:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2004/08/18 16:02:55 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2004/08/18 16:02:55 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2004/08/18 16:02:55 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2004/08/18 16:02:55 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2004/08/18 16:02:55 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2004/08/18 16:02:55 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2004/08/18 16:02:55 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2004/08/18 16:02:55 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2004/08/18 16:02:55 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2004/08/18 16:02:55 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2004/08/18 16:02:49 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2004/08/18 16:02:49 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2004/08/18 16:02:49 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2004/08/18 16:02:45 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll [2004/08/18 16:02:43 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2004/08/18 16:02:43 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2004/08/18 16:02:43 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2004/08/18 16:02:40 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2004/08/18 16:02:37 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2004/08/18 16:02:37 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2004/08/18 16:02:22 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll [2004/08/18 16:02:21 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll [2004/08/18 16:02:21 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2004/08/18 16:02:18 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2004/08/18 16:02:17 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2004/08/18 16:02:17 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2003/01/25 10:52:14 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/11/01 15:17:50 | 00,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini [2002/07/04 14:05:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini [2001/12/26 15:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/12/14 12:34:46 | 00,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll [2001/09/03 22:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/08/17 14:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [2001/07/30 15:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/23 21:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini [1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll ========== LOP Check ========== [2005/05/22 18:06:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2009/07/15 08:37:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2009/07/15 08:38:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2008/10/07 17:28:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2004/08/24 20:45:41 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2009/07/15 12:41:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX [2009/11/23 14:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2008/06/11 08:05:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2009/01/21 18:00:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2006/07/26 23:27:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kazaa Lite [2008/09/09 21:41:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2006/08/19 21:47:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2008/01/29 16:02:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2008/09/15 16:01:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero [2008/12/22 16:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles [2009/06/23 21:53:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio [2005/01/31 13:38:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2009/01/21 18:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic [2007/08/20 23:38:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2009/05/05 19:40:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2006/02/14 12:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith [2009/11/23 03:12:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/01/27 21:55:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue [2006/08/12 20:43:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2009/07/15 08:40:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/10/13 11:16:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\AccurateRip [2008/06/16 19:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Adobe [2005/07/17 12:15:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\AdobeUM [2008/09/15 16:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Ahead [2009/07/15 08:44:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Apple Computer [2009/11/22 19:13:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\AVG8 [2008/10/07 17:28:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\CyberLink [2004/08/24 20:45:41 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Kelly\Application Data\desktop.ini [2009/11/19 14:51:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\dvdcss [2007/02/16 18:08:15 | 00,000,120 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\FixVTS.ini [2009/11/14 11:09:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\FLV Extract [2009/10/11 22:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\foobar2000 [2009/04/18 22:56:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\GetRightToGo [2007/05/06 00:26:22 | 00,003,427 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\glide_wrapper.zbag.ini [2007/07/01 18:23:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\GrabIt [2009/04/18 23:02:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\GrabPro [2005/01/16 10:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Help [2004/08/25 03:56:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Identities [2009/08/09 23:48:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\ImgBurn [2009/11/23 03:11:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\InstallShield [2006/08/19 21:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Lavasoft [2005/01/18 22:24:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Macromedia [2008/09/09 21:41:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Malwarebytes [2009/06/02 22:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Media Player Classic [2009/11/22 19:07:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Kelly\Application Data\Microsoft [2007/10/13 21:49:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Moyea [2009/05/28 23:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla [2008/01/29 16:04:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\NCH Swift Sound [2009/08/15 23:21:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\NewsLeecher [2009/11/21 20:50:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Orbit [2009/06/23 22:24:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Research In Motion [2006/02/14 13:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\River Past G4 [2009/05/19 01:03:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Roxio [2007/05/28 20:56:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Shareaza [2005/08/27 23:06:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Sun [2009/05/05 19:40:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\SUPERAntiSpyware.com [2009/01/12 19:34:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Syntrillium [2008/05/27 11:27:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Uniblue [2009/11/24 11:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\vlc [2009/07/15 12:40:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Winamp [2009/11/24 02:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\WinRAR [2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/11/24 11:37:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34C58556 @Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1940DBE8 @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22 @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 < End of report >
  6. ComboFix 09-11-23.02 - Kelly 24/11/2009 11:19.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.2047.1642 [GMT -8:00] Running from: c:\documents and settings\Kelly\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Kelly\Desktop\CFScript.txt FILE :: "c:\windows\system32\drivers\rrhzik.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Kelly\Application Data\Azureus c:\documents and settings\Kelly\Application Data\Azureus\.certs c:\documents and settings\Kelly\Application Data\Azureus\.keystore c:\documents and settings\Kelly\Application Data\Azureus\.lock c:\documents and settings\Kelly\Application Data\Azureus\active\0520702509F7261AFFA3ACF86CEF5DA03F4E02D4.dat c:\documents and settings\Kelly\Application Data\Azureus\active\07B6FB01F7DA4A236CA1152434990F2ACECD2204.dat c:\documents and settings\Kelly\Application Data\Azureus\active\8B2237782BCBFADAB9F6F88B2C75183D970F95BE.dat c:\documents and settings\Kelly\Application Data\Azureus\active\9C0C570737B039B3F8782F49A06B8D157A352AA9.dat c:\documents and settings\Kelly\Application Data\Azureus\active\cache.dat c:\documents and settings\Kelly\Application Data\Azureus\azureus.config c:\documents and settings\Kelly\Application Data\Azureus\azureus.config.bak c:\documents and settings\Kelly\Application Data\Azureus\azureus.statistics c:\documents and settings\Kelly\Application Data\Azureus\azureus.statistics.bad c:\documents and settings\Kelly\Application Data\Azureus\azureus.statistics.bad1 c:\documents and settings\Kelly\Application Data\Azureus\azureus.statistics.bak c:\documents and settings\Kelly\Application Data\Azureus\azureus.statistics.bak.bad c:\documents and settings\Kelly\Application Data\Azureus\banips.config c:\documents and settings\Kelly\Application Data\Azureus\dht\addresses.dat c:\documents and settings\Kelly\Application Data\Azureus\dht\block.dat c:\documents and settings\Kelly\Application Data\Azureus\dht\contacts.dat c:\documents and settings\Kelly\Application Data\Azureus\dht\diverse.dat c:\documents and settings\Kelly\Application Data\Azureus\dht\general.dat c:\documents and settings\Kelly\Application Data\Azureus\dht\version.dat c:\documents and settings\Kelly\Application Data\Azureus\downloads.config c:\documents and settings\Kelly\Application Data\Azureus\downloads.config.bak c:\documents and settings\Kelly\Application Data\Azureus\filters.config c:\documents and settings\Kelly\Application Data\Azureus\ipfilter.cache c:\documents and settings\Kelly\Application Data\Azureus\logs\debug_1.log c:\documents and settings\Kelly\Application Data\Azureus\logs\thread_1.log c:\documents and settings\Kelly\Application Data\Azureus\torrents\[torrents[1].ru].t1275316.torrent c:\documents and settings\Kelly\Application Data\Azureus\torrents\__Blade.1998.720p.BluRay.x264-BestHD.torrent c:\documents and settings\Kelly\Application Data\Azureus\torrents\_Blade.1998.720p.BluRay.x264-BestHD.torrent c:\documents and settings\Kelly\Application Data\Azureus\torrents\Akon_Ft_Eminem-Smack_That-Promo_CDS-2006-XXL[1].torrent c:\documents and settings\Kelly\Application Data\Azureus\torrents\Blade.1998.720p.BluRay.x264-BestHD.torrent c:\documents and settings\Kelly\Application Data\Azureus\torrents\boney m video dvd.torrent c:\documents and settings\Kelly\Application Data\Azureus\torrents\Fifty.Pills.DVDSCR.XviD-ReCode[1].torrent c:\documents and settings\Kelly\Application Data\Azureus\torrents\La.Femme.Nikita.Season.1.%282.of.2%29[1].torrent c:\documents and settings\Kelly\Application Data\Azureus\torrents\La.Femme.Nikita.Season.3.%281.of.2%29[1].torrent c:\documents and settings\Kelly\Application Data\Azureus\torrents\My.Sisters.Hot.Friend[1].torrent c:\documents and settings\Kelly\Application Data\Azureus\torrents\NewsLeecher_3.8_Final_Thinstalled_www.myPortables.net.4006943.TPB[1].torren t c:\documents and settings\Kelly\Application Data\Azureus\torrents\O-Demonoid.com-O_Led_Zeppelin_Physical_Graffiti_(2CDs_Remaster)_825504.7734.torrent c:\documents and settings\Kelly\Application Data\Azureus\torrents\o-Demonoid.com-o_Warrant_Cherry_Pie_[FLAC]_825504.7734.torrent c:\documents and settings\Kelly\Application Data\Azureus\torrents\Robot Chicken s02e10 Password c:\documents and settings\Kelly\Application Data\Azureus\torrents\The Third Jesus c:\documents and settings\Kelly\Application Data\Azureus\torrents\Underworld[1].Evolution.2006.BRRip.X264-CHD [mininova].torrent c:\documents and settings\Kelly\Application Data\Azureus\torrents\Within_Temptation-Angels-2005-x264-[sneakyvidz].torrent c:\documents and settings\Kelly\Application Data\Azureus\torrents\X-Men[1].Evolution.Complete.Series.torrent c:\documents and settings\Kelly\Application Data\Azureus\tracker.config c:\documents and settings\Kelly\Application Data\Azureus\tracker.config.bad c:\documents and settings\Kelly\Application Data\Azureus\tracker.config.bad1 c:\documents and settings\Kelly\Application Data\Azureus\tracker.config.bad2 c:\documents and settings\Kelly\Application Data\Azureus\tracker.config.bad3 c:\documents and settings\Kelly\Application Data\Azureus\tracker.config.bak c:\documents and settings\Kelly\Application Data\Azureus\tracker.config.bak.bad c:\documents and settings\Kelly\Application Data\Azureus\tracker.config.bak.bad1 c:\documents and settings\Kelly\Application Data\Azureus\update.properties c:\program files\Azureus c:\program files\Azureus\plugins\azplugins\azplugins_2.1.1.jar c:\program files\Azureus\plugins\azplugins\azplugins_2.1.3.jar c:\program files\Azureus\plugins\azrating\azrating_1.3.1.jar c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.3.jar c:\program files\Azureus\plugins\azupdater\plugin.properties c:\program files\Azureus\plugins\azupdater\Updater.jar c:\program files\Azureus\Uninstall.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BUFOLBHD -------\Service_bufolbhd ((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 ))))))))))))))))))))))))))))))) . 2009-11-24 17:21 . 2004-08-04 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-11-24 17:21 . 2004-08-04 12:00 4224 ------w- c:\windows\system32\drivers\beep.sys 2009-11-24 09:54 . 2009-11-24 09:54 -------- d-----w- c:\windows\ERUNT 2009-11-24 09:38 . 2009-11-24 10:27 -------- d-----w- C:\SDFix 2009-11-24 08:40 . 2009-11-24 08:39 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-24 08:39 . 2009-11-24 08:39 -------- d-----w- c:\program files\Java 2009-11-24 08:04 . 2004-08-04 12:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe 2009-11-24 08:04 . 2004-08-04 12:00 50176 ----a-w- c:\windows\system32\proquota.exe 2009-11-23 22:23 . 2009-11-23 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2009-11-23 19:37 . 2009-11-24 19:18 -------- d-----w- c:\windows\system32\CatRoot2 2009-11-23 19:31 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-23 19:31 . 2009-11-24 09:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-23 19:31 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-23 10:57 . 2009-11-23 10:57 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Threat Expert 2009-11-23 03:26 . 2009-11-23 06:23 -------- d-----w- c:\program files\UnHackMe 2009-11-23 03:13 . 2009-11-23 03:13 -------- d-----w- c:\documents and settings\Kelly\Application Data\AVG8 2009-11-23 01:39 . 2009-11-23 02:47 -------- d-----w- C:\RootkitNO 2009-11-23 01:37 . 2009-11-23 03:26 2 --shatr- c:\windows\winstart.bat 2009-11-22 17:15 . 2009-11-23 19:13 -------- d-----w- C:\Hjt2 2009-11-21 01:09 . 2009-11-24 19:12 -------- d-----w- c:\documents and settings\Kelly\Application Data\vlc 2009-11-20 23:29 . 2009-11-20 23:43 -------- d-----w- c:\program files\DVDInfoPro 2009-11-19 22:46 . 2009-11-19 22:53 -------- d-----w- c:\program files\AoA DVD Ripper 2009-11-18 09:11 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2009-11-18 09:11 . 2008-07-25 08:34 81920 ----a-w- c:\windows\system32\dpl100.dll 2009-11-18 09:11 . 2008-07-25 08:34 683520 ----a-w- c:\windows\system32\divx.dll 2009-11-18 09:11 . 2008-07-23 16:50 3596288 ----a-w- c:\windows\system32\qt-dx331.dll 2009-11-18 09:11 . 2008-06-12 18:36 7680 ----a-w- c:\windows\system32\ff_vfw.dll 2009-11-18 08:28 . 2009-11-18 08:54 -------- d-----w- c:\program files\MPC HomeCinema 2009-11-15 08:39 . 2004-11-14 14:27 212992 ----a-w- c:\windows\system32\sql.dll 2009-11-15 08:11 . 2009-11-15 08:11 356352 ----a-w- c:\windows\eSellerateEngine.dll 2009-11-14 19:08 . 2009-11-14 19:09 -------- d-----w- c:\documents and settings\Kelly\Application Data\FLV Extract 2009-11-09 04:50 . 2007-04-18 08:53 1945088 ----a-w- c:\windows\system32\avcodec.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-24 11:09 . 2009-05-06 03:41 117760 ----a-w- c:\documents and settings\Kelly\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-11-23 11:13 . 2007-01-12 00:17 -------- d-----w- c:\program files\DFX 2009-11-23 11:12 . 2008-05-24 03:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-23 11:11 . 2009-06-23 18:13 -------- d-----w- c:\documents and settings\Kelly\Application Data\InstallShield 2009-11-23 11:11 . 2004-09-08 20:48 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-23 06:53 . 2006-08-13 07:29 -------- d-----w- c:\program files\CCleaner 2009-11-22 04:50 . 2009-01-06 11:29 -------- d-----w- c:\documents and settings\Kelly\Application Data\Orbit 2009-11-21 01:03 . 2009-06-19 00:05 -------- d-----w- c:\program files\VideoLAN 2009-11-19 23:56 . 2009-01-09 06:38 -------- d-----w- c:\program files\Registry Clean Expert 2009-11-19 22:51 . 2009-04-17 08:04 -------- d-----w- c:\documents and settings\Kelly\Application Data\dvdcss 2009-11-19 06:46 . 2009-03-06 22:59 -------- d-----w- c:\program files\Audiochecker 2009-11-18 09:11 . 2009-01-19 21:01 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-10-13 19:25 . 2009-03-30 18:29 -------- d-----w- c:\program files\Exact Audio Copy 2009-10-13 19:16 . 2008-05-23 01:45 -------- d-----w- c:\documents and settings\Kelly\Application Data\AccurateRip 2009-10-12 06:19 . 2009-08-05 08:23 -------- d-----w- c:\documents and settings\Kelly\Application Data\foobar2000 2007-09-17 17:37 . 2007-09-17 17:37 262144 ----a-w- c:\program files\flac.exe 2005-08-24 20:19 . 2009-06-03 07:56 6966 ----a-w- c:\program files\x264.ico 2005-05-02 18:35 . 2005-05-02 18:35 13502 ----a-w- c:\program files\blue.ico 2005-05-02 18:35 . 2005-05-02 18:35 13502 ----a-w- c:\program files\black.ico 2004-05-30 12:30 . 2007-03-19 20:21 766 ----a-w- c:\program files\xvid.ico . ((((((((((((((((((((((((((((( SnapShot@2009-11-24_08.12.07 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-24 19:25 . 2009-11-24 19:25 16384 c:\windows\temp\Perflib_Perfdata_e0.dat + 2009-11-24 19:25 . 2009-11-24 19:25 16384 c:\windows\temp\Perflib_Perfdata_6f4.dat + 2004-08-19 00:03 . 2009-11-24 17:10 60288 c:\windows\system32\perfc009.dat - 2004-08-19 00:03 . 2009-11-05 16:45 60288 c:\windows\system32\perfc009.dat + 2004-08-19 00:03 . 2009-11-24 17:10 395904 c:\windows\system32\perfh009.dat - 2004-08-19 00:03 . 2009-11-05 16:45 395904 c:\windows\system32\perfh009.dat + 2009-11-24 08:40 . 2009-11-24 08:39 149280 c:\windows\system32\javaws.exe + 2009-11-24 08:40 . 2009-11-24 08:39 145184 c:\windows\system32\javaw.exe + 2009-11-24 08:40 . 2009-11-24 08:39 145184 c:\windows\system32\java.exe + 2009-11-24 09:54 . 2009-11-24 09:54 339968 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat + 2009-11-24 09:54 . 2008-08-07 23:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2009-11-24 09:54 . 2009-11-24 09:54 339968 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2009-11-24 09:54 . 2008-08-07 23:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2009-11-24 08:39 . 2009-11-24 08:39 1757696 c:\windows\Installer\1c64b.msi + 2009-11-24 09:54 . 2009-11-24 09:54 14663680 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat + 2009-11-24 09:54 . 2009-11-24 09:54 14663680 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-11-10 236016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-24 149280] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-07-12 843776] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-08-26 67584] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi9"=c:\progra~1\Adobe\ACROBA~1.0\jqt.bak 2yKOEBOFFO [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "System Session Manager Subsystem"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21861:TCP"= 21861:TCP:*:Disabled:port "27857:TCP"= 27857:TCP:*:Disabled:port "53:UDP"= 53:UDP:Promo [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/04/2009 10:33 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 10:33 AM 72944] R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [06/01/2009 4:28 AM 2208] S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [12/07/2007 5:20 PM 40832] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 10:33 AM 7408] S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?] S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ mSearch Bar = uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\1srshufj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-24 11:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1286611766-3543556633-2980138700-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C79B1C4-67F1-9B48-5EDA-87465C44A898}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iamflagkkdmhhfognk"=hex:6b,61,70,67,67,6b,62,61,67,6d,70,68,61,64,64,66,64,6d, 6c,66,67,61,00,00 "hacfnckbgjkooffj"=hex:6b,61,70,67,67,6b,62,61,67,6d,70,68,61,64,64,66,64,6d, 6c,66,67,61,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(800) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(2024) c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\tcpsvcs.exe c:\windows\System32\snmp.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\devldr32.exe . ************************************************************************** . Completion time: 2009-11-24 11:32 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-24 19:32 Pre-Run: 139,361,099,776 bytes free Post-Run: 139,388,833,792 bytes free - - End Of File - - E725F15E91CAA4ED0F50472EAA6A9CE3
  7. OTL Extras logfile created on: 24/11/2009 9:34:52 AM - Run 1 OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Kelly\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 81.96% Memory free 3.35 Gb Paging File | 3.19 Gb Available in Paging File | 95.17% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 153.38 Gb Total Space | 129.91 Gb Free Space | 84.69% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-C191A06AD4 Current User Name: Kelly Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1 .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [!ezcddaxa] -- "C:\Program Files\Easy CD-DA Extractor 10\convert.exe" "%1" () Directory [!ezcddaxb] -- "C:\Program Files\Easy CD-DA Extractor 10\burn.exe" "%1" () Directory [!ezcddaxc] -- "C:\Program Files\Easy CD-DA Extractor 10\burn2.exe" "%1" () Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "21861:TCP" = 21861:TCP:*:Disabled:port "27857:TCP" = 27857:TCP:*:Disabled:port "53:UDP" = 53:UDP:*:Enabled:Promo ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{56BED62F-278A-407B-8BCD-E645EC96D2ED}" = Roxio Media Manager "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software "{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{779C40FF-9211-427B-A5C4-2026B85A1033}" = Nero 7 Essentials "{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C93EE22-9F85-4AA8-B4FB-20553DE64F51}" = BlackBerry Desktop Software 4.7 "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{D8C6F2D1-96C2-4C4A-83A0-4492E7A48491}" = Audiochecker "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AoA Audio Extractor_is1" = AoA Audio Extractor 1.0 "AVI MPEG RM WMV Joiner_is1" = AVI/MPEG/RM/WMV Joiner 4.82 "AVI Splitter_is1" = AVI Splitter "BlackBerry_{9C93EE22-9F85-4AA8-B4FB-20553DE64F51}" = BlackBerry Desktop Software 4.7 "CCleaner" = CCleaner "coreavc_is1" = CoreAVC Pro 1.8.5.0 "DFX for Winamp" = DFX for Winamp "DVD Audio Extractor_is1" = DVD Audio Extractor 4.3.0 "DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.9.8.5 "DVDInfoPro" = DVDInfoPro "Easy CD-DA Extractor 10" = Easy CD-DA Extractor 10 "Exact Audio Copy" = Exact Audio Copy 0.99pb4 "FLAC" = FLAC Installer 1.1.2a (remove only) "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ImgBurn" = ImgBurn "KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.6 (Full) "LeechFTP" = LeechFTP DEC PACK "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "mIRC" = mIRC "MKVtoolnix" = MKVtoolnix 2.4.0 "Monkey's Audio_is1" = Monkey's Audio "Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7) "NewsLeecher_is1" = NewsLeecher v3.8 Final "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Postal Fudge Pack" = Postal Fudge Pack "Quake 3 Arena Demo" = Quake 3 Arena Demo "QuickPar" = QuickPar 0.9 "VLC media player" = VLC media player 1.0.3 "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Winamp" = Winamp "Winamp Essentials Pack" = Winamp Essentials Pack v5.35 "Windows Media Format Runtime" = Windows Media Format Runtime "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 24/11/2009 4:06:15 AM | Computer Name = YOUR-C191A06AD4 | Source = EventSystem | ID = 4609 Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erro Error - 24/11/2009 4:06:15 AM | Computer Name = YOUR-C191A06AD4 | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Error - 24/11/2009 4:38:24 AM | Computer Name = YOUR-C191A06AD4 | Source = EventSystem | ID = 4609 Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erro Error - 24/11/2009 4:38:25 AM | Computer Name = YOUR-C191A06AD4 | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Error - 24/11/2009 5:09:44 AM | Computer Name = YOUR-C191A06AD4 | Source = EventSystem | ID = 4609 Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erro Error - 24/11/2009 5:09:44 AM | Computer Name = YOUR-C191A06AD4 | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Error - 24/11/2009 5:46:45 AM | Computer Name = YOUR-C191A06AD4 | Source = EventSystem | ID = 4609 Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erro Error - 24/11/2009 5:46:45 AM | Computer Name = YOUR-C191A06AD4 | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Error - 24/11/2009 6:16:29 AM | Computer Name = YOUR-C191A06AD4 | Source = EventSystem | ID = 4609 Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erro Error - 24/11/2009 6:16:29 AM | Computer Name = YOUR-C191A06AD4 | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. [ System Events ] Error - 24/11/2009 6:15:22 AM | Computer Name = YOUR-C191A06AD4 | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 24/11/2009 6:16:29 AM | Computer Name = YOUR-C191A06AD4 | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 24/11/2009 6:16:44 AM | Computer Name = YOUR-C191A06AD4 | Source = Service Control Manager | ID = 7001 Description = The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: %%1058 Error - 24/11/2009 6:16:44 AM | Computer Name = YOUR-C191A06AD4 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Beep bufolbhd Error - 24/11/2009 6:16:51 AM | Computer Name = YOUR-C191A06AD4 | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 24/11/2009 1:08:23 PM | Computer Name = YOUR-C191A06AD4 | Source = SRService | ID = 104 Description = The System Restore initialization process failed. Error - 24/11/2009 1:08:29 PM | Computer Name = YOUR-C191A06AD4 | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Display Driver Service service failed to start due to the following error: %%2 Error - 24/11/2009 1:08:29 PM | Computer Name = YOUR-C191A06AD4 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect. Error - 24/11/2009 1:08:29 PM | Computer Name = YOUR-C191A06AD4 | Source = Service Control Manager | ID = 7023 Description = The System Restore Service service terminated with the following error: %%2 Error - 24/11/2009 1:09:49 PM | Computer Name = YOUR-C191A06AD4 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Beep bufolbhd < End of report >
  8. OTL logfile created on: 24/11/2009 9:34:52 AM - Run 1 OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Kelly\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 81.96% Memory free 3.35 Gb Paging File | 3.19 Gb Available in Paging File | 95.17% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 153.38 Gb Total Space | 129.91 Gb Free Space | 84.69% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-C191A06AD4 Current User Name: Kelly Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Kelly\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Kelly\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NVSvc) -- File not found SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions) SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions) SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions) SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions) SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation) SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation) SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- File not found DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (nxsIO32) -- C:\WINDOWS\system32\drivers\nxsIO32.sys () DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation) DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola) DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd) DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc) DRV - (Pcouffin) -- C:\WINDOWS\system32\drivers\Pcouffin.sys (VSO Software) DRV - (FETND5BV) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys (VIA Technologies, Inc. ) DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (FETNDISB) -- C:\WINDOWS\system32\drivers\fetnd5b.sys (VIA Technologies, Inc. ) DRV - (viagfx) -- C:\WINDOWS\system32\drivers\vtmini.sys (Copyright © VIA/S3 Graphics, Inc.) DRV - (viamraid) -- C:\WINDOWS\system32\DRIVERS\viamraid.sys (VIA Technologies inc,.ltd) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.) DRV - (hidgame) -- C:\WINDOWS\system32\drivers\hidgame.sys (Microsoft Corporation) DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.) DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.) DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.) DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://www.google.ca/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1 FF - prefs.js..extensions.enabledItems: {BC305617-6031-4C9A-A7AF-5C74F6EDABFD}:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7 FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/24 00:39:49 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/01 02:05:31 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/24 00:40:03 | 00,000,000 | ---D | M] [2009/05/28 23:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Extensions [2009/05/28 23:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/06/23 15:39:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\1srshufj.default\extensions [2009/06/23 15:39:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\1srshufj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/11/24 00:40:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/05/28 23:25:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/11/24 00:40:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009/02/19 17:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/02/19 17:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/11/24 00:39:48 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2009/02/19 17:43:35 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2009/02/19 11:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/02/19 11:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/02/19 11:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/02/19 11:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/02/19 11:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/02/19 11:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml O1 HOSTS File: (21 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.168.13 64.59.168.15 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/25 03:56:12 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ] O32 - AutoRun File - [2007/04/02 10:34:24 | 00,000,065 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found MsConfig - Services: "System Session Manager Subsystem" MsConfig - Services: "NVSvcNVSvc" MsConfig - Services: "Iprip" MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.) Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation) Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) ========== Files/Folders - Created Within 30 Days ========== [2009/11/24 09:21:54 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys [2009/11/24 09:21:54 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys [2009/11/24 09:19:54 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/11/24 09:14:34 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.exe [2009/11/24 02:08:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\WinRAR [2009/11/24 01:54:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009/11/24 01:38:36 | 00,000,000 | ---D | C] -- C:\SDFix [2009/11/24 00:40:03 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/11/24 00:40:03 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/11/24 00:40:03 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/11/24 00:40:03 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/11/24 00:40:03 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/11/24 00:39:44 | 00,000,000 | ---D | C] -- C:\Program Files\Java [2009/11/24 00:17:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009/11/24 00:04:31 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe [2009/11/24 00:04:31 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe [2009/11/23 23:59:05 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/11/23 23:59:05 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/11/23 23:59:05 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/11/23 23:59:05 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/11/23 23:58:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/11/23 23:58:46 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/11/23 17:31:21 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx [2009/11/23 14:23:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET [2009/11/23 11:37:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2009/11/23 11:31:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/23 11:31:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/23 11:31:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/23 02:57:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Local Settings\Application Data\Threat Expert [2009/11/22 23:44:50 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\housecall.guid.cache [2009/11/22 23:01:25 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Kelly\Recent [2009/11/22 22:20:45 | 00,000,000 | ---D | C] -- C:\Avenger [2009/11/22 19:26:32 | 00,000,000 | ---D | C] -- C:\Program Files\UnHackMe [2009/11/22 19:13:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\AVG8 [2009/11/22 17:39:23 | 00,000,000 | ---D | C] -- C:\RootkitNO [2009/11/22 09:15:12 | 00,000,000 | ---D | C] -- C:\Hjt2 [2009/11/21 20:59:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\Queen - 2009 - Absolute Greatest [2009/11/20 17:09:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\vlc [2009/11/20 15:29:12 | 00,000,000 | ---D | C] -- C:\Program Files\DVDInfoPro [2009/11/19 23:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\2006 - Dear Love; A Beautiful Discord [2009/11/19 23:10:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\2007 - Plagues [2009/11/19 23:08:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\The Devil Wears Prada - With Roots Above And Branches Below (2009) [2009/11/19 14:46:01 | 00,000,000 | ---D | C] -- C:\Program Files\AoA DVD Ripper [2009/11/18 01:11:44 | 00,860,160 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2009/11/18 01:11:44 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2009/11/18 01:11:44 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2009/11/18 01:11:43 | 00,683,520 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll [2009/11/18 01:11:43 | 00,081,920 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll [2009/11/18 00:28:31 | 00,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema [2009/11/15 00:39:19 | 00,618,496 | ---- | C] (Virusface Industries) -- C:\WINDOWS\System32\MSSTTFTTM.ocx [2009/11/15 00:39:19 | 00,212,992 | ---- | C] (WeOnlyDo! COM) -- C:\WINDOWS\System32\sql.dll [2009/11/15 00:39:19 | 00,098,304 | ---- | C] (Evova Technology) -- C:\WINDOWS\System32\Msdxm11.ocx [2009/11/15 00:11:53 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll [2009/11/14 11:08:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\FLV Extract [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Documents and Settings\Kelly\My Documents\*.tmp files -> C:\Documents and Settings\Kelly\My Documents\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/11/24 09:29:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/24 09:26:24 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini [2009/11/24 09:20:02 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009/11/24 09:14:36 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.exe [2009/11/24 09:10:51 | 00,463,192 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/24 09:10:51 | 00,395,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/24 09:10:51 | 00,060,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/24 09:08:03 | 00,000,104 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/11/24 09:07:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/24 09:06:34 | 14,680,064 | ---- | M] () -- C:\Documents and Settings\Kelly\ntuser.dat [2009/11/24 09:06:34 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Kelly\ntuser.ini [2009/11/24 09:06:18 | 00,001,167 | ---- | M] () -- C:\WINDOWS\win.ini [2009/11/24 09:06:18 | 00,000,211 | ---- | M] () -- C:\Boot.bak [2009/11/24 02:20:35 | 00,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2009/11/24 02:15:21 | 01,930,896 | -H-- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\IconCache.db [2009/11/24 00:39:48 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/11/24 00:39:48 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/11/24 00:39:48 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/11/24 00:39:48 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/11/24 00:39:48 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/11/23 23:56:10 | 03,573,838 | R--- | M] () -- C:\Documents and Settings\Kelly\Desktop\ComboFix.exe [2009/11/23 11:37:54 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2009/11/23 11:37:54 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2009/11/23 11:31:14 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/23 03:19:35 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009/11/22 23:44:50 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\housecall.guid.cache [2009/11/22 23:06:37 | 00,079,360 | ---- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/22 19:26:44 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/11/22 19:26:44 | 00,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2009/11/22 19:26:44 | 00,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat [2009/11/20 17:06:37 | 00,000,107 | ---- | M] () -- C:\WINDOWS\VobEdit.INI [2009/11/20 12:03:25 | 00,309,730 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\ncix_rmalabel.pdf [2009/11/19 19:44:41 | 00,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI [2009/11/19 15:11:34 | 00,000,413 | ---- | M] () -- C:\WINDOWS\IfoEdit.INI [2009/11/19 14:50:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\AoADVDRipper.INI [2009/11/19 12:47:57 | 00,000,961 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Media Player Classic.lnk [2009/11/15 00:11:53 | 00,356,352 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll [2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Documents and Settings\Kelly\My Documents\*.tmp files -> C:\Documents and Settings\Kelly\My Documents\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/24 00:00:01 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009/11/23 23:59:57 | 00,260,272 | ---- | C] () -- C:\cmldr [2009/11/23 23:59:05 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/11/23 23:59:05 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/11/23 23:59:05 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/11/23 23:59:05 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2009/11/23 23:59:05 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/11/23 23:56:03 | 03,573,838 | R--- | C] () -- C:\Documents and Settings\Kelly\Desktop\ComboFix.exe [2009/11/23 11:31:14 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/22 23:44:50 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\housecall.guid.cache [2009/11/22 22:42:35 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl [2009/11/22 17:37:34 | 00,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat [2009/11/20 12:03:25 | 00,309,730 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\ncix_rmalabel.pdf [2009/11/19 14:50:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI [2009/11/19 12:47:57 | 00,000,961 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\Media Player Classic.lnk [2009/11/18 01:11:45 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009/11/18 01:11:44 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2009/11/18 01:11:43 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009/11/18 01:11:43 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/11/18 01:11:43 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/11/08 20:50:28 | 01,945,088 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll [2009/10/12 10:17:58 | 00,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI [2009/07/15 08:10:43 | 00,000,053 | ---- | C] () -- C:\WINDOWS\REGKEYNT.INI [2009/06/02 23:56:31 | 00,006,966 | ---- | C] () -- C:\Program Files\x264.ico [2009/03/05 21:22:13 | 00,000,066 | ---- | C] () -- C:\WINDOWS\Power Video Converter.INI [2009/01/06 04:28:19 | 00,002,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\nxsIO32.sys [2009/01/06 02:54:01 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll [2008/09/15 16:18:00 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/04/26 22:54:35 | 00,000,066 | ---- | C] () -- C:\WINDOWS\System32\jesusincanyon.ini [2007/10/13 21:43:20 | 00,000,142 | ---- | C] () -- C:\WINDOWS\DemoEditor.INI [2007/09/17 09:37:18 | 00,262,144 | ---- | C] () -- C:\Program Files\flac.exe [2007/07/16 19:28:51 | 00,001,058 | ---- | C] () -- C:\WINDOWS\pae.ini [2007/06/18 10:21:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\zlib1d.dll [2007/05/17 12:19:29 | 00,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini [2007/05/06 00:23:15 | 00,003,427 | ---- | C] () -- C:\Documents and Settings\Kelly\Application Data\glide_wrapper.zbag.ini [2007/03/19 12:21:29 | 00,000,766 | ---- | C] () -- C:\Program Files\xvid.ico [2007/02/16 08:46:01 | 00,000,120 | ---- | C] () -- C:\Documents and Settings\Kelly\Application Data\FixVTS.ini [2007/01/16 17:15:02 | 00,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI [2006/03/15 01:24:30 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\DVDEncoder.dll [2006/03/04 15:10:13 | 00,000,413 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI [2005/12/05 13:13:56 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll [2005/12/05 13:13:56 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll [2005/09/01 10:34:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/06/18 20:15:27 | 00,109,277 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI [2005/06/17 11:41:14 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2005/05/16 02:08:39 | 00,000,127 | ---- | C] () -- C:\WINDOWS\SP3D.ini [2005/05/03 10:44:44 | 00,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll [2005/05/03 10:43:44 | 00,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll [2005/05/02 10:35:10 | 00,013,502 | ---- | C] () -- C:\Program Files\blue.ico [2005/05/02 10:35:10 | 00,013,502 | ---- | C] () -- C:\Program Files\black.ico [2005/05/02 00:06:06 | 00,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll [2005/05/02 00:06:06 | 00,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini [2005/05/02 00:05:32 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini [2005/03/31 21:33:15 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2005/03/01 15:30:20 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2005/01/13 18:10:46 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini [2005/01/12 12:39:57 | 00,155,648 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2005/01/10 18:48:26 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2005/01/10 18:31:31 | 00,079,360 | ---- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/01/10 17:08:34 | 01,930,896 | -H-- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\IconCache.db [2005/01/10 17:08:34 | 00,057,616 | ---- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2005/01/10 17:08:34 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Kelly\Application Data\desktop.ini [2004/10/06 07:30:31 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/09/28 11:52:34 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll [2004/09/28 11:50:58 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2004/09/28 11:50:58 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll [2004/09/08 12:43:04 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2004/08/25 03:56:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2004/08/25 03:52:25 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2004/08/25 03:52:25 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2004/08/25 03:51:08 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2004/08/25 03:51:06 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2004/08/24 20:46:08 | 00,463,192 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2004/08/24 20:46:06 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/24 20:45:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2004/08/18 16:03:47 | 00,001,534 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/08/18 16:03:42 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll [2004/08/18 16:03:41 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll [2004/08/18 16:03:17 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2004/08/18 16:03:17 | 00,001,167 | ---- | C] () -- C:\WINDOWS\win.ini [2004/08/18 16:03:12 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2004/08/18 16:03:12 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2004/08/18 16:03:11 | 00,000,253 | ---- | C] () -- C:\WINDOWS\system.ini [2004/08/18 16:03:03 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2004/08/18 16:03:03 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2004/08/18 16:03:01 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll [2004/08/18 16:03:01 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2004/08/18 16:03:01 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll [2004/08/18 16:03:01 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll [2004/08/18 16:03:01 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll [2004/08/18 16:03:01 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll [2004/08/18 16:03:01 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2004/08/18 16:03:01 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2004/08/18 16:03:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2004/08/18 16:03:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2004/08/18 16:03:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2004/08/18 16:03:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2004/08/18 16:02:55 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2004/08/18 16:02:55 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2004/08/18 16:02:55 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2004/08/18 16:02:55 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2004/08/18 16:02:55 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2004/08/18 16:02:55 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2004/08/18 16:02:55 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2004/08/18 16:02:55 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2004/08/18 16:02:55 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2004/08/18 16:02:55 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2004/08/18 16:02:49 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2004/08/18 16:02:49 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2004/08/18 16:02:49 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2004/08/18 16:02:45 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll [2004/08/18 16:02:43 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2004/08/18 16:02:43 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2004/08/18 16:02:43 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2004/08/18 16:02:40 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2004/08/18 16:02:37 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2004/08/18 16:02:37 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2004/08/18 16:02:22 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll [2004/08/18 16:02:21 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll [2004/08/18 16:02:21 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2004/08/18 16:02:18 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2004/08/18 16:02:17 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2004/08/18 16:02:17 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2003/01/25 10:52:14 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/11/01 15:17:50 | 00,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini [2002/07/04 14:05:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini [2001/12/26 15:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/12/14 12:34:46 | 00,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll [2001/09/03 22:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/08/17 14:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [2001/07/30 15:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/23 21:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini [1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll ========== LOP Check ========== [2005/05/22 18:06:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2009/07/15 08:37:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2009/07/15 08:38:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2008/10/07 17:28:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2004/08/24 20:45:41 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2009/07/15 12:41:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX [2009/11/23 14:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2008/06/11 08:05:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2009/01/21 18:00:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2006/07/26 23:27:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kazaa Lite [2008/09/09 21:41:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2006/08/19 21:47:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2008/01/29 16:02:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2008/09/15 16:01:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero [2008/12/22 16:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles [2009/06/23 21:53:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio [2005/01/31 13:38:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2009/01/21 18:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic [2007/08/20 23:38:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2009/05/05 19:40:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2006/02/14 12:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith [2009/11/23 03:12:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/01/27 21:55:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue [2006/08/12 20:43:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2009/07/15 08:40:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2005/05/02 10:35:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\.BitTornado [2005/04/29 22:38:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\.bittorrent [2009/10/13 11:16:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\AccurateRip [2008/06/16 19:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Adobe [2005/07/17 12:15:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\AdobeUM [2008/09/15 16:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Ahead [2009/07/15 08:44:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Apple Computer [2009/11/22 19:13:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\AVG8 [2009/11/24 02:54:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Azureus [2007/05/28 23:15:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\BitTyrant [2008/10/07 17:28:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\CyberLink [2004/08/24 20:45:41 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Kelly\Application Data\desktop.ini [2009/11/19 14:51:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\dvdcss [2007/02/16 18:08:15 | 00,000,120 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\FixVTS.ini [2009/11/14 11:09:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\FLV Extract [2009/10/11 22:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\foobar2000 [2009/04/18 22:56:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\GetRightToGo [2007/05/06 00:26:22 | 00,003,427 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\glide_wrapper.zbag.ini [2007/07/01 18:23:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\GrabIt [2009/04/18 23:02:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\GrabPro [2005/01/16 10:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Help [2004/08/25 03:56:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Identities [2009/08/09 23:48:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\ImgBurn [2009/11/23 03:11:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\InstallShield [2009/05/28 10:27:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\IObit [2006/08/19 21:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Lavasoft [2005/01/18 22:24:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Macromedia [2008/09/09 21:41:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Malwarebytes [2009/06/02 22:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Media Player Classic [2009/11/22 19:07:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Kelly\Application Data\Microsoft [2007/10/13 21:49:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Moyea [2009/05/28 23:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla [2008/01/29 16:04:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\NCH Swift Sound [2009/08/15 23:21:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\NewsLeecher [2009/11/21 20:50:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Orbit [2009/06/23 22:24:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Research In Motion [2006/02/14 13:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\River Past G4 [2009/05/19 01:03:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Roxio [2007/05/28 20:56:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Shareaza [2005/08/27 23:06:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Sun [2009/05/05 19:40:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\SUPERAntiSpyware.com [2009/01/12 19:34:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Syntrillium [2008/05/27 11:27:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Uniblue [2009/11/23 14:17:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\vlc [2009/07/15 12:40:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Winamp [2009/11/24 02:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\WinRAR [2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/11/24 09:29:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Custom Scans ========== < > < %SYSTEMDRIVE%\*.exe > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < %SYSTEMDRIVE%\eventlog.dll /s /md5 > [2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll [2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2004/08/04 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2004/08/04 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004/08/04 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > < %SYSTEMDRIVE%\nvatabus.sys /s /md5 > < %SYSTEMDRIVE%\viamraid.sys /s /md5 > [2004/08/26 15:37:45 | 00,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\PnPDrivers\SCS\viamraid.sys [2004/08/26 15:37:48 | 00,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\PnPDrivers\VIA\Floppy\RAID\2003IA32\viamraid.sys [2004/08/26 15:37:47 | 00,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\PnPDrivers\VIA\Floppy\RAID\Win2000\viamraid.sys [2004/08/26 15:37:47 | 00,080,576 | ---- | M] (VIA Technologies inc,.ltd) MD5=9CF8BAD2B61BD1617E1AEC88FFECAEF3 -- C:\PnPDrivers\VIA\Floppy\RAID\Winnt40\viamraid.sys [2004/08/26 15:37:47 | 00,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\PnPDrivers\VIA\Floppy\RAID\Winxp\viamraid.sys [2004/08/26 15:37:45 | 00,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\PnPDrivers\VIA\VIARaid\driver\Winxp\viamraid.sys [2004/08/26 15:37:45 | 00,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\system32\drivers\viamraid.sys < %SYSTEMDRIVE%\nvata.sys /s /md5 > < %SYSTEMDRIVE%\nvgts.sys /s /md5 > < > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34C58556 @Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1940DBE8 @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22 @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 < End of report >
  9. ComboFix 09-11-23.02 - Kelly 24/11/2009 9:21.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.2047.1706 [GMT -8:00] Running from: c:\documents and settings\Kelly\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Kelly\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Kelly\Application Data\uTorrent c:\documents and settings\Kelly\Application Data\uTorrent\dht.dat c:\documents and settings\Kelly\Application Data\uTorrent\dht.dat.old c:\documents and settings\Kelly\Application Data\uTorrent\resume.dat c:\documents and settings\Kelly\Application Data\uTorrent\resume.dat.old c:\documents and settings\Kelly\Application Data\uTorrent\rss.dat c:\documents and settings\Kelly\Application Data\uTorrent\rss.dat.old c:\documents and settings\Kelly\Application Data\uTorrent\settings.dat c:\documents and settings\Kelly\Application Data\uTorrent\settings.dat.old c:\documents and settings\Kelly\Application Data\uTorrent\utorrent.lng c:\documents and settings\Kelly\Local Settings\Application Data\jnvcmq c:\documents and settings\Kelly\Local Settings\Application Data\kxybmv c:\documents and settings\Kelly\Local Settings\Application Data\stxtde . --------------- FCopy --------------- c:\windows\system32\dllcache\beep.sys --> c:\windows\System32\drivers\beep.sys . ((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 ))))))))))))))))))))))))))))))) . 2009-11-24 17:21 . 2004-08-04 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-11-24 17:21 . 2004-08-04 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-11-24 09:54 . 2009-11-24 09:54 -------- d-----w- c:\windows\ERUNT 2009-11-24 09:38 . 2009-11-24 10:27 -------- d-----w- C:\SDFix 2009-11-24 08:40 . 2009-11-24 08:39 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-24 08:39 . 2009-11-24 08:39 -------- d-----w- c:\program files\Java 2009-11-24 08:04 . 2004-08-04 12:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe 2009-11-24 08:04 . 2004-08-04 12:00 50176 ----a-w- c:\windows\system32\proquota.exe 2009-11-23 22:23 . 2009-11-23 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2009-11-23 19:37 . 2009-11-24 17:21 -------- d-----w- c:\windows\system32\CatRoot2 2009-11-23 19:31 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-23 19:31 . 2009-11-24 09:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-23 19:31 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-23 10:57 . 2009-11-23 10:57 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Threat Expert 2009-11-23 03:26 . 2009-11-23 06:23 -------- d-----w- c:\program files\UnHackMe 2009-11-23 03:13 . 2009-11-23 03:13 -------- d-----w- c:\documents and settings\Kelly\Application Data\AVG8 2009-11-23 01:39 . 2009-11-23 02:47 -------- d-----w- C:\RootkitNO 2009-11-23 01:37 . 2009-11-23 03:26 2 --shatr- c:\windows\winstart.bat 2009-11-22 17:15 . 2009-11-23 19:13 -------- d-----w- C:\Hjt2 2009-11-21 01:09 . 2009-11-23 22:17 -------- d-----w- c:\documents and settings\Kelly\Application Data\vlc 2009-11-20 23:29 . 2009-11-20 23:43 -------- d-----w- c:\program files\DVDInfoPro 2009-11-19 22:46 . 2009-11-19 22:53 -------- d-----w- c:\program files\AoA DVD Ripper 2009-11-18 09:11 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2009-11-18 09:11 . 2008-07-25 08:34 81920 ----a-w- c:\windows\system32\dpl100.dll 2009-11-18 09:11 . 2008-07-25 08:34 683520 ----a-w- c:\windows\system32\divx.dll 2009-11-18 09:11 . 2008-07-23 16:50 3596288 ----a-w- c:\windows\system32\qt-dx331.dll 2009-11-18 09:11 . 2008-06-12 18:36 7680 ----a-w- c:\windows\system32\ff_vfw.dll 2009-11-18 08:28 . 2009-11-18 08:54 -------- d-----w- c:\program files\MPC HomeCinema 2009-11-15 08:39 . 2004-11-14 14:27 212992 ----a-w- c:\windows\system32\sql.dll 2009-11-15 08:11 . 2009-11-15 08:11 356352 ----a-w- c:\windows\eSellerateEngine.dll 2009-11-14 19:08 . 2009-11-14 19:09 -------- d-----w- c:\documents and settings\Kelly\Application Data\FLV Extract 2009-11-09 04:50 . 2007-04-18 08:53 1945088 ----a-w- c:\windows\system32\avcodec.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-24 17:10 . 2008-11-25 09:09 -------- d-----w- c:\program files\Azureus 2009-11-24 11:09 . 2009-05-06 03:41 117760 ----a-w- c:\documents and settings\Kelly\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-11-24 10:54 . 2005-05-02 22:50 -------- d-----w- c:\documents and settings\Kelly\Application Data\Azureus 2009-11-23 11:13 . 2007-01-12 00:17 -------- d-----w- c:\program files\DFX 2009-11-23 11:12 . 2008-05-24 03:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-23 11:11 . 2009-06-23 18:13 -------- d-----w- c:\documents and settings\Kelly\Application Data\InstallShield 2009-11-23 11:11 . 2004-09-08 20:48 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-23 06:53 . 2006-08-13 07:29 -------- d-----w- c:\program files\CCleaner 2009-11-22 04:50 . 2009-01-06 11:29 -------- d-----w- c:\documents and settings\Kelly\Application Data\Orbit 2009-11-21 01:03 . 2009-06-19 00:05 -------- d-----w- c:\program files\VideoLAN 2009-11-19 23:56 . 2009-01-09 06:38 -------- d-----w- c:\program files\Registry Clean Expert 2009-11-19 22:51 . 2009-04-17 08:04 -------- d-----w- c:\documents and settings\Kelly\Application Data\dvdcss 2009-11-19 06:46 . 2009-03-06 22:59 -------- d-----w- c:\program files\Audiochecker 2009-11-18 09:11 . 2009-01-19 21:01 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-10-13 19:25 . 2009-03-30 18:29 -------- d-----w- c:\program files\Exact Audio Copy 2009-10-13 19:16 . 2008-05-23 01:45 -------- d-----w- c:\documents and settings\Kelly\Application Data\AccurateRip 2009-10-12 06:19 . 2009-08-05 08:23 -------- d-----w- c:\documents and settings\Kelly\Application Data\foobar2000 2007-09-17 17:37 . 2007-09-17 17:37 262144 ----a-w- c:\program files\flac.exe 2005-08-24 20:19 . 2009-06-03 07:56 6966 ----a-w- c:\program files\x264.ico 2005-05-02 18:35 . 2005-05-02 18:35 13502 ----a-w- c:\program files\blue.ico 2005-05-02 18:35 . 2005-05-02 18:35 13502 ----a-w- c:\program files\black.ico 2004-05-30 12:30 . 2007-03-19 20:21 766 ----a-w- c:\program files\xvid.ico . ((((((((((((((((((((((((((((( SnapShot@2009-11-24_08.12.07 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-24 17:07 . 2009-11-24 17:07 16384 c:\windows\temp\Perflib_Perfdata_80.dat + 2009-11-24 17:08 . 2009-11-24 17:08 16384 c:\windows\temp\Perflib_Perfdata_534.dat + 2004-08-19 00:03 . 2009-11-24 17:10 60288 c:\windows\system32\perfc009.dat - 2004-08-19 00:03 . 2009-11-05 16:45 60288 c:\windows\system32\perfc009.dat + 2004-08-19 00:03 . 2009-11-24 17:10 395904 c:\windows\system32\perfh009.dat - 2004-08-19 00:03 . 2009-11-05 16:45 395904 c:\windows\system32\perfh009.dat + 2009-11-24 08:40 . 2009-11-24 08:39 149280 c:\windows\system32\javaws.exe + 2009-11-24 08:40 . 2009-11-24 08:39 145184 c:\windows\system32\javaw.exe + 2009-11-24 08:40 . 2009-11-24 08:39 145184 c:\windows\system32\java.exe + 2009-11-24 09:54 . 2009-11-24 09:54 339968 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat + 2009-11-24 09:54 . 2008-08-07 23:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2009-11-24 09:54 . 2009-11-24 09:54 339968 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2009-11-24 09:54 . 2008-08-07 23:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2009-11-24 08:39 . 2009-11-24 08:39 1757696 c:\windows\Installer\1c64b.msi + 2009-11-24 09:54 . 2009-11-24 09:54 14663680 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat + 2009-11-24 09:54 . 2009-11-24 09:54 14663680 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-11-10 236016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-24 149280] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-07-12 843776] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-08-26 67584] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "System Session Manager Subsystem"=2 (0x2) "NVSvcNVSvc"=2 (0x2) "Iprip"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21861:TCP"= 21861:TCP:*:Disabled:port "27857:TCP"= 27857:TCP:*:Disabled:port "53:UDP"= 53:UDP:Promo [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/04/2009 10:33 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 10:33 AM 72944] R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [06/01/2009 4:28 AM 2208] S0 bufolbhd;bufolbhd;c:\windows\system32\drivers\rrhzik.sys --> c:\windows\system32\drivers\rrhzik.sys [?] S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [12/07/2007 5:20 PM 40832] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 10:33 AM 7408] S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?] S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ mSearch Bar = uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\1srshufj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ . - - - - ORPHANS REMOVED - - - - HKCU-Run-RegClean Expert Scheduler - c:\program files\Registry Clean Expert\RCHelper.exe HKLM-Run-BMcb562e5a - c:\windows\system32\hlsialqt.dll HKLM-Run-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-24 09:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1286611766-3543556633-2980138700-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C79B1C4-67F1-9B48-5EDA-87465C44A898}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iamflagkkdmhhfognk"=hex:6b,61,70,67,67,6b,62,61,67,6d,70,68,61,64,64,66,64,6d, 6c,66,67,61,00,00 "hacfnckbgjkooffj"=hex:6b,61,70,67,67,6b,62,61,67,6d,70,68,61,64,64,66,64,6d, 6c,66,67,61,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(800) c:\program files\SUPERAntiSpyware\SASWINLO.dll . Completion time: 2009-11-24 09:29 ComboFix-quarantined-files.txt 2009-11-24 17:29 Pre-Run: 139,490,648,064 bytes free Post-Run: 139,457,687,552 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 45AF3A0682DA4D45A2AAE84D9EDC01C7
  10. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:42:42 AM, on 24/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\HJT\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing) O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- End of file - 3568 bytes
  11. Sorry...added wrong log file. Here is the correct Combofix: ComboFix.txt. I've tried uploading my Hijackthis log but this forum says: 'Upload failed. You are not permitted to upload this type of file'? It is a text file. I don't understand.
  12. Thank you for replying. Here is the Combofix log report: SDFix_report.txt
  13. Hi. Malwarebytes crashes 4 seconds after opening. I cannot install any anti-virus; anti-malware as it will also crash after trying to update definitions. Most Trend Micro products will not even open like Cwshredder and Rootkitbuster. Google searches redirect to odd sites. Windows explorer folders are not functioning properly. Media player classic will not open. I need help please.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.