adamajah

Honorary Members

View Profile See their activity

Posts
22
Joined
February 7, 2010
Last visited
March 3, 2010

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by adamajah

Happy Birthday sho-dan!

adamajah replied to SpiderLover's topic in General Chat

Nice headband sho-dan
- February 19, 2010
- 11 replies
"Global hacking offensive"

adamajah replied to adamajah's topic in General Chat

I was getting fake virus detection pop-ups on my machine, until kahdah on this forum helped me clean it up. Now it seems fine. I have a full virus protection app, and scan with ESET and Malwarebytes regularly.
- February 18, 2010
- 3 replies
"Global hacking offensive"

adamajah posted a topic in General Chat

Has anyone experienced this first hand at home or at their company? I think I might have, as I was getting lots of fake virus detector pop-ups until recently. News Article: Scary "global hacking offensive" finally outed
- February 18, 2010
- 3 replies
Wow, some people really aren't that bright

adamajah posted a topic in General Chat

Just heard about this site listing all the dufusses out there who post up on Twitter and the like when they leave home... http://pleaserobme.com/
- February 18, 2010
- 1 reply
Super bowl commercials

adamajah replied to ginger7childs's topic in General Chat

ditto
- February 18, 2010
- 20 replies
Man Buys Windows 98 CD For $3 Billion

adamajah replied to pondus's topic in Tailwaggers and Jokes

The link seems to be "broked". Did he actually have to pay? Not like he could.
- February 17, 2010
- 24 replies
For those who are a bit bored -

adamajah replied to noknojon's topic in Tailwaggers and Jokes

doh
- February 17, 2010
- 3 replies
My Ex girlfriend

adamajah replied to Kenny94's topic in Tailwaggers and Jokes

A lot of reading, but good payoff.. Great!
- February 17, 2010
- 7 replies
Happy V-Day!

adamajah replied to Bobc8's topic in General Chat

I hope you had a happy Valentine's Day and not a happy Virus Day... :X
- February 17, 2010
- 2 replies
Android Viruses

adamajah posted a topic in General Chat

The Android mobile OS is becoming ever more popular (for abvious reasons... it's great!), and there are some antivirus apps in the Android Market. I've never really heard of viruses on this OS. Has anyone had one? Why would this be a target for viruses? Thanks
- February 17, 2010
Keylogger

adamajah replied to don99anytime's topic in General Chat

Have you used Keyscrambler? It's the only such software I see on cnet.
- February 17, 2010
- 6 replies
Can't Edit Post

adamajah replied to Jamin4u's topic in Malwarebytes for Windows

this is an unfortunate rule.
- February 17, 2010
- 20 replies
Riddle

adamajah replied to goldhound's topic in Tailwaggers and Jokes

seatbelt jerker
- February 17, 2010
- 4 replies
Unable to execute file: mbam.exe

adamajah replied to adamajah's topic in Resolved Malware Removal Logs

Thanks again kahdah. My machine seems to be running ok now. I still have half a mind to format my hard drive and reinstall windows just to start over with a clean slate.
- February 14, 2010
- 15 replies
Unable to execute file: mbam.exe

adamajah replied to adamajah's topic in Resolved Malware Removal Logs

OK, here's the latest OTL log: OTL logfile created on: 2/10/2010 9:42:50 PM - Run 2 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\adam\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 510.00 Mb Available Physical Memory | 50.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.46 Gb Total Space | 29.56 Gb Free Space | 39.70% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ADAM Current User Name: adam Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color="#E56717"]========== Processes (SafeList) ==========[/color] PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Documents and Settings\adam\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Nexon\MapleStory\npkcmsvc.exe (INCA Internet Co., Ltd.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (Musicmatch Inc.) PRC - C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe (Wacom Technology, Corp.) PRC - C:\WINDOWS\SYSTEM32\Tablet.exe (Wacom Technology, Corp.) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE (Macrovision) PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\WINDOWS\SYSTEM32\ati2evxx.exe () PRC - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe () PRC - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe () PRC - C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell) PRC - C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe () PRC - C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe () PRC - C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering) [color="#E56717"]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\adam\Desktop\OTL.exe (OldTimer Tools) [color="#E56717"]========== Win32 Services (SafeList) ==========[/color] SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (npkcmsvc) -- C:\Nexon\MapleStory\npkcmsvc.exe (INCA Internet Co., Ltd.) SRV - (ATI Smart) -- C:\WINDOWS\SYSTEM32\ati2sgag.exe () SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (iPodService) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.) SRV - (TabletService) -- C:\WINDOWS\SYSTEM32\Tablet.exe (Wacom Technology, Corp.) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE (Macrovision) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (Ati HotKey Poller) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe () SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia) SRV - (maya70docserver) -- C:\Program Files\Alias\Maya7.0\docs\wrapper.exe () SRV - (maya65docserver) -- C:\Program Files\Alias\Maya6.5\docs\wrapper.exe () SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation) [color="#E56717"]========== Driver Services (SafeList) ==========[/color] DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (LVPr2Mon) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys () DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\SYSTEM32\DRIVERS\LV561AV.SYS (Logitech Inc.) DRV - (npkcrypt) -- C:\Nexon\MapleStory\npkcrypt.sys (INCA Internet Co., Ltd.) DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Secdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (grmnusb) -- C:\WINDOWS\SYSTEM32\DRIVERS\grmnusb.sys (GARMIN Corp.) DRV - (AnyDVD) -- C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys (SlySoft, Inc.) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ElbyCDIO) -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (Haspnt) -- C:\WINDOWS\SYSTEM32\DRIVERS\Haspnt.sys (Aladdin Knowledge Systems) DRV - (Hardlock) -- C:\WINDOWS\SYSTEM32\DRIVERS\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (GEARAspiWDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (MarvinBus) -- C:\WINDOWS\SYSTEM32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH) DRV - (CdaC15BA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC15BA.SYS (Macrovision Europe Ltd) DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology) DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology) DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.) DRV - (Ptilink) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS (Parallel Technologies, Inc.) DRV - (ASAPIW2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\asapiW2k.sys (Pinnacle Systems GmbH) DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology) DRV - (BENDER) -- C:\WINDOWS\SYSTEM32\DRIVERS\bender.sys (Pinnacle Systems GmbH) DRV - (WmHidLo) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmHidLo.sys (Logitech Inc.) DRV - (WmFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys (Logitech Inc.) DRV - (WmXlCore) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys (Logitech Inc.) DRV - (smwdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys (Analog Devices, Inc.) DRV - (E100B) Intel® -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation) DRV - (aeaudio) -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys (Andrea Electronics Corporation) DRV - (PCLEPCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\Pclepci.sys (Pinnacle Systems GmbH) DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (Sntnlusb) -- C:\WINDOWS\SYSTEM32\DRIVERS\SNTNLUSB.SYS (Rainbow Technologies Inc.) DRV - (PenClass) -- C:\WINDOWS\system32\Drivers\PenClass.sys (Wacom Technology Corporation) DRV - (DS1410D) -- C:\WINDOWS\SYSTEM32\DRIVERS\ds1410d.sys () [color="#E56717"]========== Standard Registry (All) ==========[/color] [color="#E56717"]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 [color="#E56717"]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "start:blank" FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.0.2 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716 FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6 FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 00:17:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/09 23:02:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/09 23:03:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/06 17:39:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/30 15:15:53 | 000,000,000 | ---D | M] [2009/03/14 18:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Extensions [2009/03/14 18:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\adam\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/02/09 23:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\a7gowdq9.default\extensions [2009/09/05 18:34:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\a7gowdq9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/11/07 15:11:51 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\a7gowdq9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010/01/31 14:15:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\a7gowdq9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/01/31 14:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\a7gowdq9.default\extensions\firefox@ghostery.com [2009/03/14 18:40:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/01/30 15:15:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/01/30 15:15:34 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/01/30 15:15:34 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2004/09/08 22:03:50 | 000,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll [2006/09/18 10:11:12 | 001,851,392 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll [2006/09/18 10:11:22 | 000,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll [2010/01/30 15:15:45 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL [2004/12/14 02:19:18 | 000,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll [2010/01/30 15:15:48 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/01/30 15:15:48 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/02/09 23:15:25 | 000,001,345 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml [2010/01/30 15:15:48 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/01/30 15:15:48 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/01/30 15:15:48 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/01/30 15:15:48 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/01/30 15:15:48 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/02/08 23:31:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering) O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (Musicmatch Inc.) O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe (Wacom Technology, Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} [url="http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab"]http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab[/url] (SupportSoft SmartIssue) O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} [url="http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab"]http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab[/url] (SupportSoft Script Runner Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab"]http://download.macromedia.com/pub/shockwa...director/sw.cab[/url] (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [url="http://go.microsoft.com/fwlink/?linkid=39204"]http://go.microsoft.com/fwlink/?linkid=39204[/url] (Windows Genuine Advantage Validation Tool) O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} [url="http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab"]http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab[/url] (LSSupCtl Class) O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} [url="http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab"]http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab[/url] (Yahoo! Audio Conferencing) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [url="http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab"]http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab[/url] (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [url="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232127371750"]http://update.microsoft.com/microsoftupdat...b?1232127371750[/url] (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [url="http://download.eset.com/special/eos/OnlineScanner.cab"]http://download.eset.com/special/eos/OnlineScanner.cab[/url] (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab"]http://java.sun.com/products/plugin/autodl...indows-i586.cab[/url] (Java Plug-in 1.4.2) O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} [url="http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB"]http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB[/url] (GDIChk Object) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} [url="http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab"]http://java.sun.com/products/plugin/autodl...indows-i586.cab[/url] (Java Plug-in 1.4.2) O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} [url="http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab"]http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab[/url] (ActiveDataInfo Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab[/url] (Shockwave Flash Object) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444555400000} [url="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]http://download.macromedia.com/pub/shockwa...ash/swflash.cab[/url] (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.) O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} [url="http://www.gamespot.com/KDX22/download/kdx.cab"]http://www.gamespot.com/KDX22/download/kdx.cab[/url] (Secure Delivery) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/03/20 09:58:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color="#E56717"]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/02/09 23:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/02/09 23:03:52 | 000,000,000 | -H-D | C] -- C:\$AVG [2010/02/09 00:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google [2010/02/09 00:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adam\Local Settings\Application Data\AVG Security Toolbar [2010/02/09 00:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2010/02/09 00:23:36 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2010/02/09 00:23:35 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2010/02/09 00:23:35 | 000,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys [2010/02/09 00:23:29 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2010/02/09 00:23:27 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2010/02/09 00:23:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg [2010/02/09 00:18:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2010/02/09 00:18:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2010/02/09 00:02:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/02/08 23:28:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/02/08 23:14:27 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/02/08 23:13:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/02/08 23:13:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/02/08 23:13:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/02/08 23:13:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/02/08 23:13:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/02/08 23:12:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/02/08 22:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2010/02/08 22:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2010/02/08 21:48:25 | 000,000,000 | ---D | C] -- C:\_OTL [2010/02/07 16:21:51 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\adam\Desktop\OTL.exe [2010/02/07 15:54:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/02/07 15:54:09 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/02/07 15:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/02/06 17:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/02/06 16:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adam\Application Data\Malwarebytes [2010/02/06 15:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/02/05 20:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2010/02/05 20:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2010/01/31 11:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adam\My Documents\Downloads [2010/01/12 21:55:37 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2004/06/11 00:27:12 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color="#E56717"]========== Files - Modified Within 30 Days ==========[/color] [2010/02/10 21:40:42 | 055,441,810 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/02/10 21:38:36 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2010/02/10 21:37:10 | 000,029,929 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat [2010/02/10 21:36:54 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile [2010/02/10 21:36:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/02/10 21:36:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2010/02/10 21:36:32 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys [2010/02/10 09:55:27 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\adam\NTUSER.DAT [2010/02/10 09:55:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\adam\NTUSER.INI [2010/02/09 23:03:44 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2010/02/09 23:03:43 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2010/02/09 23:03:43 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2010/02/09 23:03:19 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk [2010/02/09 23:03:18 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys [2010/02/09 23:03:18 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2010/02/09 23:03:18 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2010/02/09 22:42:29 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/02/09 00:28:43 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2010/02/09 00:28:43 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2010/02/09 00:23:23 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2010/02/08 23:31:31 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/02/08 23:31:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts [2010/02/08 23:14:38 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI [2010/02/08 23:12:23 | 003,852,017 | R--- | M] () -- C:\Documents and Settings\adam\Desktop\ComboFix.exe [2010/02/07 18:06:50 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\adam\Desktop\9zgp0gev.exe [2010/02/07 16:21:59 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adam\Desktop\OTL.exe [2010/02/06 17:02:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\adam\Desktop\HijackThis.lnk [2010/02/06 12:19:55 | 002,651,756 | -H-- | M] () -- C:\Documents and Settings\adam\Local Settings\Application Data\IconCache.db [2010/02/05 21:52:54 | 000,166,084 | ---- | M] () -- C:\Documents and Settings\adam\Desktop\Abigail M V4446 Test1.rtf [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color="#E56717"]========== Files Created - No Company Name ==========[/color] [2010/02/09 23:03:19 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk [2010/02/09 23:03:18 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2010/02/09 00:23:23 | 055,441,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/02/09 00:23:23 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2010/02/09 00:23:23 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2010/02/09 00:23:23 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2010/02/08 23:14:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/02/08 23:14:34 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/02/08 23:13:23 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/02/08 23:13:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/02/08 23:13:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/02/08 23:13:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/02/08 23:13:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/02/08 23:12:17 | 003,852,017 | R--- | C] () -- C:\Documents and Settings\adam\Desktop\ComboFix.exe [2010/02/07 18:06:23 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\adam\Desktop\9zgp0gev.exe [2010/02/06 17:02:01 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\adam\Desktop\HijackThis.lnk [2010/02/06 15:45:20 | 1072,746,496 | -HS- | C] () -- C:\hiberfil.sys [2010/02/05 21:43:05 | 000,166,084 | ---- | C] () -- C:\Documents and Settings\adam\Desktop\Abigail M V4446 Test1.rtf [2009/12/14 21:00:41 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2007/01/02 19:35:48 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\adam\Local Settings\Application Data\73648-88365-27475-00IP7-22847 [2006/09/26 21:26:15 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\adam\Application Data\AutoGK.ini [2006/09/26 21:06:08 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\adam\Application Data\.zreglib [2006/08/11 09:35:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2006/08/11 09:31:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2006/07/27 08:21:52 | 000,000,388 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll [2006/07/27 08:19:46 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\gr6rlzay.dll [2006/02/27 05:48:36 | 000,856,064 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2006/02/27 05:30:32 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2006/01/26 00:23:42 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2006/01/26 00:23:32 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys [2005/10/09 16:30:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2005/08/18 20:55:24 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll [2004/11/05 21:48:37 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/10/19 21:44:33 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\adam\Application Data\iPod Access v2 Prefs [2004/10/19 21:42:45 | 000,000,011 | -H-- | C] () -- C:\Documents and Settings\adam\Application Data\iPodAccess_Time [2004/10/14 14:10:24 | 000,002,254 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2004/09/12 16:54:01 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\adam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/09/10 19:37:51 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\adam\Local Settings\Application Data\fusioncache.dat [2004/07/25 11:27:55 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2004/07/25 11:27:30 | 000,000,437 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2004/06/10 21:46:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2004/06/09 23:05:12 | 001,385,984 | ---- | C] () -- C:\WINDOWS\System32\telintf.DLL [2004/05/29 13:25:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/05/29 13:22:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004/05/29 13:17:06 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/05/29 12:54:20 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/03/20 10:21:34 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI [2004/03/19 14:37:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI [2004/03/18 07:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll [2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/10/15 14:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [1979/12/31 21:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll < End of report >
- February 11, 2010
- 15 replies
Unable to execute file: mbam.exe

adamajah replied to adamajah's topic in Resolved Malware Removal Logs

Here is my ESET online scanner log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=53a5adefae70ae41b54f565f51e3ee80 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-02-10 10:54:02 # local_time=2010-02-10 02:54:02 (-0800, Pacific Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1029 16777173 100 91 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=160316 # found=5 # cleaned=5 # scan_time=12465 C:\Documents and Settings\adam\Desktop\Downloads\Illustrate\DavidGould_Illustrate_v5.3_for_3DSMax_R6_WORKING-PARADOX.by.efish.rar a variant of Win32/Tool.TPE.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\adam\Desktop\Downloads\Illustrate\pdxill5w.rar a variant of Win32/Tool.TPE.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\adam\Desktop\Downloads\Illustrate\pdxpatcher.exe a variant of Win32/Tool.TPE.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP965\A0091080.dll a variant of Win32/Kryptik.CFX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP967\A0091382.exe a variant of Win32/Tool.TPE.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C AVG also spit out a threat alert during the scan: Process name: C:\WINDOWS\SYSTEM32\svchost.exe File: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP965\A0090862.dll
- February 10, 2010
- 15 replies
Unable to execute file: mbam.exe

adamajah replied to adamajah's topic in Resolved Malware Removal Logs

After running ComboFix and re-installing AVG Antivirus I was able to successfully run a Malwarebytes scan of my hard drives. Here is the log: Malwarebytes' Anti-Malware 1.44 Database version: 3712 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/9/2010 9:23:18 AM mbam-log-2010-02-09 (09-23-18).txt Scan type: Full Scan (C:\|F:\|) Objects scanned: 280784 Time elapsed: 1 hour(s), 20 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 9 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 11 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntispyware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntispyware) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\digezuru.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\tuyozula.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdra64.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP951\A0076409.dll (Trojan.Vundo.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP951\A0080554.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP951\A0081522.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP955\A0089714.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5BB5LPJX\PC_protect[1].exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. C:\_OTL\MovedFiles\02082010_214825\C_Program Files\adc32.dll (Rogue.ASCAntiSpyware) -> Quarantined and deleted successfully. C:\_OTL\MovedFiles\02082010_214825\C_WINDOWS\SYSTEM32\varofeje.dll (Trojan.Vundo.Gen) -> Quarantined and deleted successfully. C:\_OTL\MovedFiles\02082010_214825\C_WINDOWS\SYSTEM32\viliwesi.dll (Trojan.Vundo.Gen) -> Quarantined and deleted successfully.
- February 9, 2010
- 15 replies
Unable to execute file: mbam.exe

adamajah replied to adamajah's topic in Resolved Malware Removal Logs

kahdah- Below is my ComboFix log. The other step involving the OTL RunFix failed. It rebooted my machine but no log file popped up, nor could I find one on my desktop or in C:\ ----- ComboFix.txt ComboFix 10-02-08.06 - adam 02/08/2010 23:23:20.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.611 [GMT -8:00] Running from: c:\documents and settings\adam\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\LocalService\Start Menu\Programs\Your PC Protector c:\documents and settings\LocalService\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk c:\windows\EventSystem.log c:\windows\system32\comrepl.exe c:\windows\system32\lowsec c:\windows\system32\lowsec\local.ds c:\windows\system32\lowsec\user.ds c:\windows\system32\mezutilo.dll c:\windows\system32\petatusa.dll c:\windows\system32\sdra64.exe c:\windows\system32\vuwupajo.dll ----- BITS: Possible infected sites ----- hxxp://82.98.235.34 . ((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 ))))))))))))))))))))))))))))))) . 2010-02-09 05:48 . 2010-02-09 05:48 -------- d-----w- C:\_OTL 2010-02-07 23:54 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-07 23:54 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-07 23:54 . 2010-02-07 23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-07 01:01 . 2010-02-07 01:01 -------- d-----w- c:\program files\Trend Micro 2010-02-07 00:06 . 2010-02-07 00:06 -------- d-----w- c:\documents and settings\adam\Application Data\Malwarebytes 2010-02-06 23:37 . 2010-02-06 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-02-06 04:59 . 2010-02-06 04:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-02-06 04:54 . 2010-02-06 04:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-02-06 04:47 . 2010-02-06 04:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-01-13 05:55 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-09 07:30 . 2005-08-19 04:55 29929 ----a-w- c:\windows\system32\tablet.dat 2010-02-09 06:44 . 2009-10-28 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-02-09 05:50 . 2010-02-09 05:49 93696 ---ha-w- c:\windows\system32\BIT8.tmp 2010-02-09 05:49 . 2010-02-09 05:42 93696 ---ha-w- c:\windows\system32\BIT7.tmp 2010-02-06 04:54 . 2005-01-30 04:47 -------- d-----w- c:\program files\Google 2010-01-23 20:50 . 2009-01-25 04:08 -------- d-----w- c:\program files\Microsoft Silverlight 2009-12-21 19:14 . 2004-12-08 00:37 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-18 07:19 . 2009-12-15 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd 2009-12-15 08:35 . 2007-01-09 00:06 -------- d-----w- c:\documents and settings\adam\Application Data\Skype 2009-12-15 05:01 . 2009-12-15 04:59 -------- d-----w- c:\program files\Common Files\LogiShrd 2009-12-15 04:59 . 2004-06-10 05:22 -------- d-----w- c:\program files\Logitech 2009-12-15 04:50 . 2007-01-09 00:06 -------- d-----r- c:\program files\Skype 2009-12-15 04:50 . 2009-12-15 04:50 -------- d-----w- c:\program files\Common Files\Skype 1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\SYSTEM32\digezuru.dll 1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\SYSTEM32\tuyozula.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016] "mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248] "BtcMaestro"="c:\program files\KMaestro\KMaestro.exe" [2009-10-24 339968] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] TabUserW.exe.lnk - c:\windows\SYSTEM32\WTablet\TabUserW.exe [2005-8-18 114688] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Free WebSite Tools.lnk backup=c:\windows\pss\Free WebSite Tools.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920] 2003-06-02 18:25 270336 ----a-w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2006-01-21 06:06 1249280 ----a-w- c:\program files\Steam\steam.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\3dsmax6\\3dsmax.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= "c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"= "c:\\Program Files\\The All-Seeing Eye\\eye.exe"= "c:\\Program Files\\Steam\\SteamApps\\adam\\rag doll kung fu\\Rag_Doll_Kung_Fu_Steam.exe"= "c:\\Program Files\\Alias\\Maya6.5\\bin\\maya.exe"= "c:\\Program Files\\Alias\\DirectConnect 1.0\\java\\bin\\java.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\SYSTEM32\\Tablet.exe"= R2 maya65docserver;Maya 6.5 Documentation Server;c:\program files\Alias\Maya6.5\docs\wrapper.exe [7/16/2004 10:26 PM 126976] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 4:58 PM 24652] R3 BENDER;Pinnacle DV/AV Capture;c:\windows\SYSTEM32\DRIVERS\bender.sys [7/7/2005 10:05 PM 180480] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 8:54 PM 135664] . Contents of the 'Scheduled Tasks' folder 2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 04:54] 2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 04:54] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\adam\Application Data\Mozilla\Firefox\Profiles\a7gowdq9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - start:blank FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJPI142.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-08 23:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???h???????x???x???????????x???h???????x???x???????????????????????`????????????????D?w????????????7??w????x???x?????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,a7,9c,c1,1a,cb,11,4a,bc,a0,e0,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,a7,9c,c1,1a,cb,11,4a,bc,a0,e0,\ [HKEY_USERS\S-1-5-21-1741475881-4287049192-293904377-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:55,b5,4b,d1,8c,45,b7,8e,6b,34,f9,15,c2,87,9d,5a,9c,fe,c6,ce,26,49,57, fb,db,85,d0,d2,71,60,b1,75,83,96,26,31,69,f9,ff,f0,41,21,cd,93,49,19,a4,58,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ
- February 9, 2010
- 15 replies
Unable to execute file: mbam.exe

adamajah replied to adamajah's topic in Resolved Malware Removal Logs

kahdah- Update: I tried to run the GMER rootkit scanner all day yesterday and it seemed to always go for an hour or so and then just hang indefinitely and render my machine pretty much completely frozen. I had to hard reboot and try running it several times. Now it seems to be running, but it started last night and appears to still be running this morning. Is that normal? Should I skip this tool and go to ComboFix? Thanks again for the assistance.
- February 8, 2010
- 15 replies
Unable to execute file: mbam.exe

adamajah replied to adamajah's topic in Resolved Malware Removal Logs

OK, here are the outputs. I ran Quick Scan accidentally and then the full Scan after that. They both spit out an OTL.txt, but only the Quick Scan spit out an Extras.txt. ----- Here you go: OTL.txt: OTL logfile created on: 2/7/2010 5:21:18 PM - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\adam\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 309.00 Mb Available Physical Memory | 30.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.46 Gb Total Space | 24.05 Gb Free Space | 32.30% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ADAM Current User Name: adam Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\adam\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\svchost.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgdumpx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\KMaestro\Kmaestro.exe (Kmaestro) PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Nexon\MapleStory\npkcmsvc.exe (INCA Internet Co., Ltd.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (Musicmatch Inc.) PRC - C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe (Wacom Technology, Corp.) PRC - C:\WINDOWS\SYSTEM32\Tablet.exe (Wacom Technology, Corp.) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE (Macrovision) PRC - C:\WINDOWS\SYSTEM32\ati2evxx.exe () PRC - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe () PRC - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe () PRC - C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell) PRC - C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe () PRC - C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe () PRC - C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering) PRC - C:\WINDOWS\SYSTEM32\LEXBCES.EXE (Lexmark International, Inc.) PRC - C:\WINDOWS\SYSTEM32\LEXPPS.EXE (Lexmark International, Inc.) ========== Modules (SafeList) ========== MOD - C:\WINDOWS\SYSTEM32\varofeje.dll () MOD - C:\WINDOWS\SYSTEM32\guzuyavu.dll () MOD - C:\Documents and Settings\adam\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\SYSTEM32\wsock32.dll (Microsoft Corporation) MOD - C:\WINDOWS\SYSTEM32\linkinfo.dll (Microsoft Corporation) MOD - C:\WINDOWS\SYSTEM32\cabinet.dll (Microsoft Corporation) MOD - C:\WINDOWS\SYSTEM32\rsaenh.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AdbUpd) -- C:\Program Files\svchost.exe () SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (npkcmsvc) -- C:\Nexon\MapleStory\npkcmsvc.exe (INCA Internet Co., Ltd.) SRV - (ATI Smart) -- C:\WINDOWS\SYSTEM32\ati2sgag.exe () SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (iPodService) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.) SRV - (TabletService) -- C:\WINDOWS\SYSTEM32\Tablet.exe (Wacom Technology, Corp.) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE (Macrovision) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (Ati HotKey Poller) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe () SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia) SRV - (maya70docserver) -- C:\Program Files\Alias\Maya7.0\docs\wrapper.exe () SRV - (maya65docserver) -- C:\Program Files\Alias\Maya6.5\docs\wrapper.exe () SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (LexBceS) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE (Lexmark International, Inc.) SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation) ========== Driver Services (SafeList) ========== DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (KeyMaestro) -- C:\WINDOWS\SYSTEM32\DRIVERS\Maestro1.sys (BTC) DRV - (LVPr2Mon) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys () DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\SYSTEM32\DRIVERS\LV561AV.SYS (Logitech Inc.) DRV - (npkcrypt) -- C:\Nexon\MapleStory\npkcrypt.sys (INCA Internet Co., Ltd.) DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Secdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (grmnusb) -- C:\WINDOWS\SYSTEM32\DRIVERS\grmnusb.sys (GARMIN Corp.) DRV - (AnyDVD) -- C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys (SlySoft, Inc.) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ElbyCDIO) -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (Haspnt) -- C:\WINDOWS\SYSTEM32\DRIVERS\Haspnt.sys (Aladdin Knowledge Systems) DRV - (Hardlock) -- C:\WINDOWS\SYSTEM32\DRIVERS\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (GEARAspiWDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (MarvinBus) -- C:\WINDOWS\SYSTEM32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH) DRV - (CdaC15BA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC15BA.SYS (Macrovision Europe Ltd) DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology) DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology) DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.) DRV - (Ptilink) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS (Parallel Technologies, Inc.) DRV - (ASAPIW2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\asapiW2k.sys (Pinnacle Systems GmbH) DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology) DRV - (BENDER) -- C:\WINDOWS\SYSTEM32\DRIVERS\bender.sys (Pinnacle Systems GmbH) DRV - (WmHidLo) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmHidLo.sys (Logitech Inc.) DRV - (WmFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys (Logitech Inc.) DRV - (WmXlCore) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys (Logitech Inc.) DRV - (smwdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys (Analog Devices, Inc.) DRV - (E100B) Intel® -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation) DRV - (aeaudio) -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys (Andrea Electronics Corporation) DRV - (PCLEPCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\Pclepci.sys (Pinnacle Systems GmbH) DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (Sntnlusb) -- C:\WINDOWS\SYSTEM32\DRIVERS\SNTNLUSB.SYS (Rainbow Technologies Inc.) DRV - (PenClass) -- C:\WINDOWS\system32\Drivers\PenClass.sys (Wacom Technology Corporation) DRV - (DS1410D) -- C:\WINDOWS\SYSTEM32\DRIVERS\ds1410d.sys () ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "start:blank" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716 FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005 FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.0.2 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6 FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/23 19:25:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 00:17:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/11 00:35:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/06 17:39:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/30 15:15:53 | 000,000,000 | ---D | M] [2009/03/14 18:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Extensions [2009/03/14 18:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\adam\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/01/31 14:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\a7gowdq9.default\extensions [2009/09/05 18:34:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\a7gowdq9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/11/07 15:11:51 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\a7gowdq9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010/01/31 14:15:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\a7gowdq9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/01/31 14:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\a7gowdq9.default\extensions\firefox@ghostery.com [2009/03/14 18:40:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/01/30 15:15:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/01/30 15:15:34 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/01/30 15:15:34 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2004/09/08 22:03:50 | 000,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll [2006/09/18 10:11:12 | 001,851,392 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll [2006/09/18 10:11:22 | 000,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll [2010/01/30 15:15:45 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL [2004/12/14 02:19:18 | 000,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2009/11/15 17:43:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll [2010/01/30 15:15:48 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/01/30 15:15:48 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/10/27 22:42:21 | 000,002,265 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml [2010/01/30 15:15:48 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/01/30 15:15:48 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/01/30 15:15:48 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/01/30 15:15:48 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/01/30 15:15:48 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2004/03/19 14:37:50 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (ADC PlugIn) - {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} - C:\Program Files\adc32.dll (ASC - AntiSpyware) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [btcMaestro] C:\Program Files\KMaestro\KMaestro.exe (Kmaestro) O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering) O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [lulajejuz] C:\WINDOWS\System32\varofeje.DLL () O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (Musicmatch Inc.) O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe (Wacom Technology, Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (SupportSoft SmartIssue) O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (SupportSoft Script Runner Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (LSSupCtl Class) O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab (Yahoo! Audio Conferencing) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1232127371750 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2) O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB (GDIChk Object) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2) O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444555400000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} http://www.gamespot.com/KDX22/download/kdx.cab (Secure Delivery) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\windows\system32\rifezufi.dll c:\windows\system32\varofeje.dll) - C:\WINDOWS\System32\rifezufi.dll File not found O20 - AppInit_DLLs: (guzuyavu.dll) - C:\WINDOWS\System32\guzuyavu.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation) O21 - SSODL: girekekod - {c8e8439f-bc60-441c-b323-d549d7da135d} - C:\WINDOWS\System32\rifezufi.dll File not found O21 - SSODL: pamotutat - {57f137d3-0910-4bc8-b9fa-75bc3c398bab} - C:\WINDOWS\SYSTEM32\varofeje.dll () O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {57f137d3-0910-4bc8-b9fa-75bc3c398bab} - tokatiluy - C:\WINDOWS\SYSTEM32\varofeje.dll () O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {c8e8439f-bc60-441c-b323-d549d7da135d} - gahurihor - C:\WINDOWS\System32\rifezufi.dll File not found O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/03/20 09:58:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* CREATERESTOREPOINT Restore point Set: OTL Restore Point (206158430208) ========== Files/Folders - Created Within 30 Days ========== [2010/02/07 16:21:51 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\adam\Desktop\OTL.exe [2010/02/07 15:54:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/02/07 15:54:09 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/02/07 15:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/02/07 14:00:00 | 000,962,560 | ---- | C] (ASC - AntiSpyware) -- C:\Program Files\adc32.dll [2010/02/06 17:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/02/06 16:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adam\Application Data\Malwarebytes [2010/02/06 15:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/02/05 20:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2010/02/05 20:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2010/01/31 11:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adam\My Documents\Downloads [2010/01/12 21:55:37 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2009/07/31 00:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/04/26 17:47:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009/03/14 18:41:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/03/14 18:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2004/06/11 00:27:12 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2099/01/01 12:00:00 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\System32\varofeje.dll [2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\System32\viliwesi.dll [2099/01/01 12:00:00 | 000,054,272 | -HS- | M] () -- C:\WINDOWS\System32\zelayira.dll [2099/01/01 12:00:00 | 000,054,272 | -HS- | M] () -- C:\WINDOWS\System32\luyehije.dll [2099/01/01 12:00:00 | 000,054,272 | -HS- | M] () -- C:\WINDOWS\System32\guzuyavu.dll [2099/01/01 12:00:00 | 000,054,272 | -HS- | M] () -- C:\WINDOWS\System32\gedekuye.dll [2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\sebajuyo.dll [2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\nojepake.dll [2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\difoyuro.dll [2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\biluguki.dll [2099/01/01 12:00:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\tojowebo.dll [2099/01/01 12:00:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\popiwoba.dll [2099/01/01 12:00:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\harunano.dll [2099/01/01 12:00:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\funeroga.dll [2010/02/07 17:28:35 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\vepogope [2010/02/07 17:27:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job [2010/02/07 17:00:02 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\fbahwrss.job [2010/02/07 17:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\fiopnqkg.job [2010/02/07 16:59:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/02/07 16:21:59 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adam\Desktop\OTL.exe [2010/02/07 16:19:59 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2010/02/07 16:19:47 | 000,029,929 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat [2010/02/07 16:19:26 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile [2010/02/07 16:19:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/02/07 16:19:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/02/07 16:18:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2010/02/07 16:18:56 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys [2010/02/07 15:57:52 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\adam\NTUSER.DAT [2010/02/07 15:57:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\adam\NTUSER.INI [2010/02/07 15:55:32 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/02/07 14:23:34 | 000,000,056 | ---- | M] () -- C:\Program Files\wp4.dat [2010/02/07 14:23:34 | 000,000,001 | ---- | M] () -- C:\Program Files\wp3.dat [2010/02/07 14:23:31 | 000,962,560 | ---- | M] (ASC - AntiSpyware) -- C:\Program Files\adc32.dll [2010/02/07 14:23:31 | 000,043,520 | ---- | M] () -- C:\Program Files\alggui.exe [2010/02/07 14:23:30 | 000,001,530 | ---- | M] () -- C:\Your PC Protector.lnk [2010/02/07 14:02:39 | 055,244,748 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/02/07 13:59:55 | 000,000,009 | ---- | M] () -- C:\Program Files\nuar.old [2010/02/07 13:59:48 | 000,037,376 | ---- | M] () -- C:\Program Files\svchost.exe [2010/02/07 13:59:46 | 000,000,036 | ---- | M] () -- C:\Program Files\skynet.dat [2010/02/07 13:59:25 | 000,000,181 | -HS- | M] () -- C:\WINDOWS\System32\wahewozi.dll [2010/02/06 17:02:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\adam\Desktop\HijackThis.lnk [2010/02/06 12:19:55 | 002,651,756 | -H-- | M] () -- C:\Documents and Settings\adam\Local Settings\Application Data\IconCache.db [2010/02/06 11:28:56 | 000,000,181 | -HS- | M] () -- C:\WINDOWS\System32\mezutilo.dll [2010/02/05 21:52:54 | 000,166,084 | ---- | M] () -- C:\Documents and Settings\adam\Desktop\Abigail Mueller V4446 Test1.rtf [2010/02/05 20:47:33 | 000,000,181 | -HS- | M] () -- C:\WINDOWS\System32\henemate.dll [2010/01/31 22:54:51 | 000,000,181 | -HS- | M] () -- C:\WINDOWS\System32\wopazere.dll [2010/01/22 22:55:49 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2010/01/13 01:15:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2099/01/01 12:00:00 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\varofeje.dll [2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\viliwesi.dll [2099/01/01 12:00:00 | 000,054,272 | -HS- | C] () -- C:\WINDOWS\System32\zelayira.dll [2099/01/01 12:00:00 | 000,054,272 | -HS- | C] () -- C:\WINDOWS\System32\luyehije.dll [2099/01/01 12:00:00 | 000,054,272 | -HS- | C] () -- C:\WINDOWS\System32\guzuyavu.dll [2099/01/01 12:00:00 | 000,054,272 | -HS- | C] () -- C:\WINDOWS\System32\gedekuye.dll [2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\sebajuyo.dll [2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\nojepake.dll [2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\difoyuro.dll [2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\biluguki.dll [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\vepogope [2099/01/01 12:00:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\tojowebo.dll [2099/01/01 12:00:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\popiwoba.dll [2099/01/01 12:00:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\harunano.dll [2099/01/01 12:00:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\funeroga.dll [2010/02/07 15:55:32 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/02/07 14:03:39 | 000,001,530 | ---- | C] () -- C:\Your PC Protector.lnk [2010/02/07 14:00:02 | 000,043,520 | ---- | C] () -- C:\Program Files\alggui.exe [2010/02/07 13:59:55 | 000,000,009 | ---- | C] () -- C:\Program Files\nuar.old [2010/02/07 13:59:48 | 000,037,376 | ---- | C] () -- C:\Program Files\svchost.exe [2010/02/07 13:59:48 | 000,000,001 | ---- | C] () -- C:\Program Files\wp3.dat [2010/02/07 13:59:47 | 000,000,056 | ---- | C] () -- C:\Program Files\wp4.dat [2010/02/07 13:59:46 | 000,000,036 | ---- | C] () -- C:\Program Files\skynet.dat [2010/02/07 13:59:25 | 000,000,181 | -HS- | C] () -- C:\WINDOWS\System32\wahewozi.dll [2010/02/06 17:02:01 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\adam\Desktop\HijackThis.lnk [2010/02/06 15:45:20 | 1072,746,496 | -HS- | C] () -- C:\hiberfil.sys [2010/02/06 11:28:56 | 000,000,181 | -HS- | C] () -- C:\WINDOWS\System32\mezutilo.dll [2010/02/06 11:28:43 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\fbahwrss.job [2010/02/05 21:43:05 | 000,166,084 | ---- | C] () -- C:\Documents and Settings\adam\Desktop\Abigail Mueller V4446 Test1.rtf [2010/02/05 20:54:28 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/02/05 20:54:27 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/02/05 20:47:33 | 000,000,181 | -HS- | C] () -- C:\WINDOWS\System32\henemate.dll [2010/01/31 22:54:51 | 000,000,181 | -HS- | C] () -- C:\WINDOWS\System32\wopazere.dll [2010/01/31 10:54:45 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\fiopnqkg.job [2009/12/14 21:00:41 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2007/01/02 19:35:48 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\adam\Local Settings\Application Data\73648-88365-27475-00IP7-22847 [2006/09/26 21:26:15 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\adam\Application Data\AutoGK.ini [2006/09/26 21:06:08 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\adam\Application Data\.zreglib [2006/08/11 09:35:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2006/08/11 09:31:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2006/07/27 08:21:52 | 000,000,388 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll [2006/07/27 08:19:46 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\gr6rlzay.dll [2006/02/27 05:48:36 | 000,856,064 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2006/02/27 05:30:32 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2006/01/26 00:23:42 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2006/01/26 00:23:32 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys [2005/10/09 16:30:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2005/08/18 20:55:24 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll [2004/11/05 21:48:37 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/10/19 21:44:33 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\adam\Application Data\iPod Access v2 Prefs [2004/10/19 21:42:45 | 000,000,011 | -H-- | C] () -- C:\Documents and Settings\adam\Application Data\iPodAccess_Time [2004/10/14 14:10:24 | 000,002,254 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2004/09/12 16:54:01 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\adam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/09/10 19:37:51 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\adam\Local Settings\Application Data\fusioncache.dat [2004/08/11 18:42:24 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini [2004/07/25 11:27:55 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2004/07/25 11:27:30 | 000,000,437 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2004/06/10 21:46:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2004/06/09 23:05:12 | 001,385,984 | ---- | C] () -- C:\WINDOWS\System32\telintf.DLL [2004/05/29 13:25:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/05/29 13:22:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004/05/29 13:17:06 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/05/29 12:54:20 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/03/20 10:21:34 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI [2004/03/19 14:37:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI [2004/03/18 07:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll [2003/01/07 13:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini [2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll [2002/10/15 14:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [1979/12/31 21:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll ========== LOP Check ========== [2006/03/12 12:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\.bittorrent [2009/10/16 23:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\.purple [2005/05/31 08:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Aim [2005/05/15 16:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Aladdin Systems [2004/06/16 18:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Axaware [2009/01/21 22:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Bioshock [2009/07/13 21:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Canon [2004/09/26 21:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\CoffeeCup Software [2005/08/30 21:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\DigiDelivery [2009/05/26 22:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\GARMIN [2004/08/24 00:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\GlobalSCAPE [2004/10/19 21:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\iPodSoft [2004/06/09 21:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Kontiki [2004/06/04 22:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Leadertech [2006/01/26 21:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\MayaWebBrowser [2009/06/27 19:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Musicmatch [2009/01/20 22:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Nexon [2005/06/29 22:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Publish Providers [2006/09/26 21:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\SlySoft [2005/06/29 22:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Sony [2006/09/22 21:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\uTorrent [2007/01/18 21:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Viewpoint [2005/12/27 00:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\{27ABEAD9-B7C4-4994-891F-48F5F48861FA} [2004/12/22 12:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk [2010/02/07 17:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2010/02/04 23:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2004/07/25 11:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2009/07/13 21:18:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2005/07/07 22:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle [2005/07/07 22:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc [2009/10/27 22:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp [2004/10/20 18:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2010/02/07 17:00:02 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\fbahwrss.job [2010/02/07 17:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\fiopnqkg.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2004/03/20 09:58:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2006/01/26 18:56:24 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI [2004/03/20 09:58:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2006/02/03 17:16:57 | 000,000,127 | ---- | M] () -- C:\CountCyclesWMVDecLog.txt [2004/12/21 19:06:14 | 000,000,188 | ---- | M] () -- C:\CurrentDefaults.ini [2004/05/29 12:57:48 | 000,004,842 | RH-- | M] () -- C:\DELL.SDR [2009/01/17 11:38:13 | 000,038,640 | ---- | M] () -- C:\devicetable.log [2004/06/11 01:05:53 | 000,000,000 | ---- | M] () -- C:\except.log [2010/02/07 16:18:56 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys [2005/12/27 09:47:48 | 000,000,169 | ---- | M] () -- C:\INSTALL.LOG [2004/03/20 09:58:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS [2006/01/12 20:56:27 | 000,000,492 | ---- | M] () -- C:\Launch Portfolio.html.lnk [2009/03/21 14:33:25 | 000,003,549 | ---- | M] () -- C:\LGSInst.Log [2004/06/11 01:10:14 | 000,001,525 | ---- | M] () -- C:\log.log [2007/01/08 15:34:29 | 000,001,621 | ---- | M] () -- C:\lvcoinst.log [2004/03/20 09:58:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS [2005/02/11 00:06:20 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009/01/16 09:58:47 | 000,250,048 | RHS- | M] () -- C:\NTLDR [2010/02/07 16:18:55 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2010/02/07 15:52:28 | 000,000,415 | ---- | M] () -- C:\rkill.log [2004/07/25 11:28:21 | 000,000,168 | ---- | M] () -- C:\setupfax.log [2004/06/11 01:10:09 | 000,001,288 | ---- | M] () -- C:\timer.log [1997/08/15 03:03:00 | 000,000,500 | RHS- | M] () -- C:\winpage.sys [1999/09/18 03:03:23 | 000,037,125 | RHS- | M] () -- C:\winstat.sys [2010/02/07 14:23:30 | 000,001,530 | ---- | M] () -- C:\Your PC Protector.lnk < MD5 for: AGP440.SYS > [2005/02/11 00:01:45 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys [2009/01/16 09:51:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys [2005/02/11 00:01:45 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2009/01/16 09:51:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys [2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2001/08/17 10:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS < MD5 for: ATAPI.SYS > [2004/03/19 14:43:04 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys [2004/03/19 14:43:04 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys [2005/02/11 00:01:45 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys [2009/01/16 09:51:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys [2005/02/11 00:01:45 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2009/01/16 09:51:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2004/03/19 14:43:04 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331060$\ATAPI.SYS [2002/08/28 22:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys [2002/08/28 22:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys [2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2003/04/23 06:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll [2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2004/03/19 14:37:08 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL < MD5 for: NETLOGON.DLL > [2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll [2004/03/19 14:40:30 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL [2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2004/03/19 14:42:24 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL [2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav > [2004/03/20 09:49:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV [2004/03/20 09:49:04 | 000,626,688 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV [2004/03/20 09:49:02 | 000,421,888 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\difoyuro.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < End of report > ----- Extras.txt: OTL Extras logfile created on: 2/7/2010 4:23:58 PM - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\adam\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 468.00 Mb Available Physical Memory | 46.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.46 Gb Total Space | 24.64 Gb Free Space | 33.10% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ADAM Current User Name: adam Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Minimal Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\3dsmax6\3dsmax.exe" = C:\Program Files\3dsmax6\3dsmax.exe:*:Enabled:3ds max application -- (Discreet, a division of Autodesk, Inc.) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- (America Online, Inc.) "C:\WINDOWS\SYSTEM32\LEXPPS.EXE" = C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.) "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004 -- (Macromedia, Inc.) "C:\Program Files\The All-Seeing Eye\eye.exe" = C:\Program Files\The All-Seeing Eye\eye.exe:*:Disabled:The All-Seeing Eye -- (Yahoo! Inc.) "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer -- (Microsoft Corporation) "C:\Program Files\Steam\SteamApps\adamyeager\rag doll kung fu\Rag_Doll_Kung_Fu_Steam.exe" = C:\Program Files\Steam\SteamApps\adamyeager\rag doll kung fu\Rag_Doll_Kung_Fu_Steam.exe:*:Enabled:Rag_Doll_Kung_Fu_Steam -- () "C:\Program Files\Alias\Maya6.5\bin\maya.exe" = C:\Program Files\Alias\Maya6.5\bin\maya.exe:*:Enabled:Maya -- (Alias) "C:\Program Files\Alias\DirectConnect 1.0\java\bin\java.exe" = C:\Program Files\Alias\DirectConnect 1.0\java\bin\java.exe:*:Enabled:java -- () "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found "C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- File not found "C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe -- File not found "C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe -- File not found "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation) "C:\WINDOWS\SYSTEM32\Tablet.exe" = C:\WINDOWS\SYSTEM32\Tablet.exe:*:Enabled:Tablet -- (Wacom Technology, Corp.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004 "{08E4AE58-748D-4983-9B8A-495E2341769F}" = Garmin POI Loader new "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600" = Canon MP600 "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center "{146ED22B-BC11-4017-BBE8-E393848AA92A}" = MUSICMATCH iPod Plug-in "{16E217EA-C3E0-402D-8D4F-6189DB74497A}" = Studio 9.4 Patch "{170F1230-783D-404A-AE43-0594601F9B15}_is1" = GTR DEMO v2.0 "{17B41A19-7FD5-4B0C-A2AB-1A065669F8A3}" = Maya 6.5 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004 "{2FD94FBC-07AE-475C-B522-BFE899B9048E}" = Garmin WebUpdater "{3191ADFC-5BA3-474D-BCBA-1B5615ABFFC1}" = character studio 4.2 "{319BA4BD-5288-4108-B300-64F025777815}" = Spam Bully 2 for Outlook "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{3F866D37-22D0-435D-94F1-31A64D566D0E}" = Pinnacle device drivers "{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement "{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task "{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC "{5676E8F9-B222-49FB-81B7-7998D17EDC4B}" = Digidesign DigiDelivery "{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource "{60580317-9E57-4502-B38D-B015F25E7948}" = MapleStory "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69E6A869-8B59-4619-A9E9-58DDFA7C05B8}" = 3ds max 6 "{6B629F70-BE1D-456E-AA97-73619020E7A1}" = Sony Sound Forge 7.0b "{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC "{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7D863662-0AB4-40BD-AD9F-A2ED548C3187}" = StuffIt Standard "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84CC9583-C2D6-42E6-A373-6FDDDA6A8BA6}" = Garmin Communicator Plugin "{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C48E464-EB9F-43B8-82C5-245EE6B196DF}" = Doom 3 "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch
- February 8, 2010
- 15 replies
Unable to execute file: mbam.exe

adamajah replied to adamajah's topic in Resolved Malware Removal Logs

Thanks for the reply kahdah! I'm taking a leap of faith here and blindly DLing the app you posted. I figure my situation can't get any worse than it already is, and I have a little faith in humanity left. I'll definitely throw you a donation if this works. ...OK, I'm running OTL right now and my AVG Antivirus keeps popping up a window called "Resident Shield alert" that says: Threat detected! File name C:\Windows\System32\difoyuro.dll Trojan Horse Generic16.AYTK Deteced on open Process Name: C:\Documents and Settings ... \Desktop\OTL.exe I'm ignoring it and letting it continue to run for now, but why would this happen? -adamajah
- February 8, 2010
- 15 replies
Unable to execute file: mbam.exe

adamajah posted a topic in Resolved Malware Removal Logs

Hi, I'm having the same problem as odd1 was in his now abandoned thread "malwarebytes won't install". I'm trying to install Malwarebytes on my WinXP-Pro machine and when it finishes the install process and attempts to launch the program, windows can't find mbam.exe. The error says: "Unable to execute file: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe CreateProcess failed; code 2 The system cannot find the file specified." Indeed, when I go to the install directory in "C:\Program Files\Malwarebytes' Anti-Malware" there is no such file in there. What do I need to do to install it properly? --- Here's my HJT Log: Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Alias\Maya6.5\docs\wrapper.exe C:\Program Files\Alias\Maya7.0\docs\wrapper.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Nexon\MapleStory\npkcmsvc.exe C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\KMaestro\KMaestro.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [btcMaestro] "C:\Program Files\KMaestro\KMaestro.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [lulajejuz] Rundll32.exe "c:\windows\system32\varofeje.dll",a O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232127371750 O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\windows\system32\rifezufi.dll c:\windows\system32\varofeje.dll,guzuyavu.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O21 - SSODL: girekekod - {c8e8439f-bc60-441c-b323-d549d7da135d} - c:\windows\system32\rifezufi.dll (file missing) O21 - SSODL: pamotutat - {57f137d3-0910-4bc8-b9fa-75bc3c398bab} - c:\windows\system32\varofeje.dll O22 - SharedTaskScheduler: gahurihor - {c8e8439f-bc60-441c-b323-d549d7da135d} - c:\windows\system32\rifezufi.dll (file missing) O22 - SharedTaskScheduler: tokatiluy - {57f137d3-0910-4bc8-b9fa-75bc3c398bab} - c:\windows\system32\varofeje.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11387 bytes --- Some background info: I have a WinXP Pro Dell with AVG Antivirus 9 (paid version). A few days ago I started getting pop-ups for the first time in about 4 years of owning this machine. AVG notified me of a "Vundo.kl" trojan detected but couldn't do anything about it. After some research on the cnet virus forums, I was directed to your solfware and here I am. Symptoms are iexplorer pop-ups even though I use Firefox, random re-directs in Firefox when I click on links or do searches, my CPU is running at 100% in task manager, coomputer is sluggish and often unresponsive. Thanks for your help!
- February 7, 2010
- 15 replies

Events

Profiles

Forums

Everything posted by adamajah

Important Information