Jump to content

miikegeezy

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by miikegeezy

  1. Awesome! I really appreciate everything. Is it essential to remove those programs or are you just suggesting it in case I don't want to use up the space on my hard drive ?
  2. Scan Log Version of virus signature database: 5093 (20100506) Date: 5/6/2010 Time: 10:25:49 PM Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\ C:\pagefile.sys - error opening [4] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
  3. Hey, everything seems to be fine now! I already have ESET installed on my computer. Should I just run a scan ?
  4. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 5/5/2010 4:45:37 PM mbam-log-2010-05-05 (16-45-37).txt Scan type: Full scan (C:\|) Objects scanned: 189161 Time elapsed: 1 hour(s), 21 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  5. ComboFix 10-05-02.01 - Booty 05/04/2010 12:34:37.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.96 [GMT -4:00] Running from: c:\documents and settings\Booty\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Booty\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} file zipped: c:\windows\system32\o.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\o.sys . ((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 ))))))))))))))))))))))))))))))) . 2010-05-03 23:15 . 2008-04-14 00:12 15360 -c--a-w- c:\windows\system32\dllcache\ctfmon.exe 2010-05-03 23:15 . 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe 2010-05-02 01:37 . 2010-05-02 01:37 -------- d-----w- c:\documents and settings\Booty\Application Data\Malwarebytes 2010-05-02 01:35 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-02 01:34 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-02 01:34 . 2010-05-02 01:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-01 21:37 . 2010-05-01 21:36 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-01 21:09 . 2010-02-26 05:43 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-05-01 21:09 . 2010-02-26 05:43 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll 2010-05-01 21:00 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-05-01 01:38 . 2010-05-01 01:38 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2010-04-28 19:26 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-04-28 19:26 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-04-27 23:51 . 2010-04-27 23:51 -------- d-----w- c:\program files\Microsoft Silverlight 2010-04-25 02:47 . 2010-04-25 02:47 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint 2010-04-25 02:46 . 2002-05-14 20:50 11264 ------w- c:\windows\system32\Spool\prtprocs\w32x86\wfxprint2000.dll 2010-04-25 02:46 . 2010-04-25 02:46 -------- d-----w- c:\program files\FaxTools 2010-04-25 02:46 . 2010-04-25 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2010-04-25 02:42 . 2010-05-03 23:15 -------- d-----w- c:\program files\Lexmark X74-X75 2010-04-25 02:42 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-04-25 02:42 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-04-25 02:42 . 2001-08-18 02:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2010-04-25 02:42 . 2001-08-18 02:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll 2010-04-25 02:42 . 1997-04-09 00:08 299520 ----a-w- c:\windows\uninst.exe 2010-04-25 02:42 . 2010-04-25 02:42 -------- d-----w- c:\documents and settings\Booty\WINDOWS 2010-04-18 01:20 . 2010-04-18 01:20 -------- d-----w- c:\program files\ESET 2010-04-18 01:20 . 2010-04-18 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-04-18 01:02 . 2010-04-18 01:02 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2010-04-18 01:02 . 2010-04-18 01:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-04-16 04:51 . 2010-04-16 04:51 -------- d-----w- c:\documents and settings\charlie rose\Application Data\Malwarebytes 2010-04-16 04:51 . 2010-04-16 04:51 -------- d-----w- c:\documents and settings\charlie rose\Application Data\Apple Computer 2010-04-16 04:51 . 2010-04-16 04:51 -------- d-----w- c:\documents and settings\charlie rose\Local Settings\Application Data\avG 2010-04-16 04:51 . 2010-04-16 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avG 2010-04-16 04:50 . 2010-04-25 02:51 -------- d-----w- c:\documents and settings\Booty\Application Data\AdobeUM 2010-04-16 04:46 . 2010-04-16 04:46 -------- d-----w- c:\documents and settings\Booty\Local Settings\Application Data\Apple 2010-04-16 04:45 . 2010-04-16 04:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2010-04-16 04:22 . 2010-04-16 04:22 -------- d-sh--w- c:\documents and settings\charlie rose\PrivacIE 2010-04-16 04:21 . 2010-04-16 04:21 -------- d-----w- c:\documents and settings\charlie rose\Local Settings\Application Data\Apple Computer 2010-04-16 04:21 . 2010-04-16 04:21 -------- d-----w- c:\documents and settings\charlie rose\Application Data\BellSouth 2010-04-16 04:21 . 2010-04-16 04:21 20136 ----a-w- c:\documents and settings\charlie rose\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-16 04:20 . 2010-04-16 04:20 -------- d-sh--w- c:\documents and settings\charlie rose\IETldCache 2010-04-16 04:20 . 2010-04-16 04:36 -------- d-----w- c:\documents and settings\charlie rose\Local Settings\Application Data\Microsoft 2010-04-16 04:20 . 2010-04-16 04:36 -------- d-----w- c:\documents and settings\charlie rose 2010-04-14 05:22 . 2010-04-14 05:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-04-14 05:16 . 2010-04-14 05:16 -------- d-----w- c:\documents and settings\Booty\Local Settings\Application Data\Adobe 2010-04-13 18:18 . 2010-04-13 18:18 -------- d-----w- c:\documents and settings\Booty\Local Settings\Application Data\Identities 2010-04-13 07:03 . 2010-05-02 15:50 -------- d-----w- c:\windows\ie8updates 2010-04-13 06:02 . 2010-04-13 06:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-04-12 07:26 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-04-12 07:26 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-04-12 07:26 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-04-12 07:26 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-04-12 07:26 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-04-12 04:58 . 2010-04-16 04:49 -------- d-----w- c:\program files\iPod 2010-04-12 04:57 . 2010-05-03 23:15 -------- d-----w- c:\program files\iTunes 2010-04-12 04:57 . 2010-04-12 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-12 04:53 . 2010-05-04 16:34 -------- d-----w- c:\program files\QuickTime 2010-04-12 04:50 . 2010-04-16 04:46 -------- d-----w- c:\program files\Bonjour 2010-04-12 04:39 . 2010-04-12 04:39 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-04-12 04:39 . 2005-06-02 03:37 463872 ----a-w- c:\windows\system32\drivers\BLKWGD.sys 2010-04-12 04:38 . 2010-04-16 04:46 -------- d-----w- c:\program files\Belkin 2010-04-12 04:27 . 2004-08-23 01:28 61440 ------w- c:\windows\system32\W32N50.dll 2010-04-12 04:27 . 2002-09-10 20:44 81920 ------w- c:\windows\system32\PLCLIB.dll 2010-04-12 04:27 . 2002-09-10 20:44 16720 ------w- c:\windows\system32\PLCNDIS4.sys 2010-04-12 04:27 . 2002-09-10 20:44 17018 ------w- c:\windows\system32\PLCNDIS5.sys 2010-04-12 04:26 . 2010-04-16 04:46 -------- d-----w- c:\program files\Linksys 2010-04-12 04:02 . 2010-04-12 04:02 -------- d-sh--w- c:\documents and settings\Booty\PrivacIE 2010-04-12 03:48 . 2010-04-12 03:48 -------- d-sh--w- c:\documents and settings\Booty\IETldCache 2010-04-08 21:34 . 2010-04-16 04:45 -------- d-----w- c:\documents and settings\Booty\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-03 23:15 . 2004-11-01 23:46 -------- d-----w- c:\program files\Winamp 2010-05-03 22:42 . 2010-04-30 19:58 112 ----a-w- c:\documents and settings\All Users\Application Data\RfxmGE.dat 2010-04-30 19:56 . 2004-11-02 01:02 35844 ----a-w- c:\windows\system32\VTTimer.exe 2010-04-29 22:12 . 2003-03-31 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-04-25 02:46 . 2004-11-09 13:23 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-16 04:48 . 2010-03-12 07:00 -------- d-----w- c:\program files\Common Files\Apple 2010-04-12 04:47 . 2010-04-12 04:47 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe 2010-03-30 21:29 . 2010-03-30 21:29 503808 ----a-w- c:\documents and settings\Booty\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a5fbdc1-n\msvcp71.dll 2010-03-30 21:29 . 2010-03-30 21:29 348160 ----a-w- c:\documents and settings\Booty\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a5fbdc1-n\msvcr71.dll 2010-03-30 21:29 . 2010-03-30 21:29 499712 ----a-w- c:\documents and settings\Booty\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a5fbdc1-n\jmc.dll 2010-03-30 21:29 . 2010-03-30 21:29 61440 ----a-w- c:\documents and settings\Booty\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1bf0984c-n\decora-sse.dll 2010-03-30 21:29 . 2010-03-30 21:29 12800 ----a-w- c:\documents and settings\Booty\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1bf0984c-n\decora-d3d.dll 2010-03-30 21:23 . 2010-03-30 21:23 -------- d-----w- c:\documents and settings\Booty\Application Data\BellSouth 2010-03-30 21:22 . 2010-03-30 21:22 20136 ----a-w- c:\documents and settings\Booty\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-23 16:45 . 2004-11-01 23:33 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2010-03-23 16:08 . 2010-02-09 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-03-23 16:06 . 2006-07-06 18:41 -------- d-----w- c:\program files\blstoolbar 2010-03-22 23:16 . 2010-03-22 23:16 -------- d-----w- c:\program files\Common Files\Java 2010-03-22 23:16 . 2010-03-22 23:16 503808 ----a-w- c:\documents and settings\cmp\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16b0aaed-n\msvcp71.dll 2010-03-22 23:16 . 2010-03-22 23:16 499712 ----a-w- c:\documents and settings\cmp\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16b0aaed-n\jmc.dll 2010-03-22 23:16 . 2010-03-22 23:16 348160 ----a-w- c:\documents and settings\cmp\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16b0aaed-n\msvcr71.dll 2010-03-22 23:16 . 2010-03-22 23:16 61440 ----a-w- c:\documents and settings\cmp\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26aa90f8-n\decora-sse.dll 2010-03-22 23:16 . 2010-03-22 23:16 12800 ----a-w- c:\documents and settings\cmp\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26aa90f8-n\decora-d3d.dll 2010-03-22 23:14 . 2010-03-22 23:14 -------- d-----w- c:\program files\Java 2010-03-12 07:19 . 2010-03-12 07:07 -------- d-----w- c:\documents and settings\cmp\Application Data\Apple Computer 2010-03-12 07:06 . 2010-03-12 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-03-12 07:05 . 2010-03-12 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-03-12 07:03 . 2010-03-12 07:03 -------- d-----w- c:\program files\Apple Software Update 2010-03-12 07:00 . 2010-03-12 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-03-09 11:09 . 2003-03-31 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-02-26 05:43 . 2003-03-31 12:00 667136 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2003-03-31 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 13:10 . 2003-03-31 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2002-08-29 01:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-02-12 04:33 . 2003-03-31 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2003-03-31 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-02-09 07:09 . 2007-03-28 17:06 20136 ----a-w- c:\documents and settings\cmp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-09 06:37 . 2006-07-07 20:43 244 -c--a-w- c:\windows\freedom.backup.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2003-04-02 12288] "VTTimer"="VTTimer.exe" [2010-04-30 35844] "BellSouthAlertManager.exe"="c:\program files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [2006-01-10 1896448] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360] "Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-25 57344] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Belkin Wireless Utility.lnk - c:\program files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe [2005-8-18 1388544] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 7:26 AM 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 7:24 AM 735960] R3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [4/12/2010 12:39 AM 463872] R3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [4/21/2004 6:51 PM 16384] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232] S3 PLCNDIS5;PLCNDIS5;c:\windows\system32\PLCNDIS5.sys [4/12/2010 12:27 AM 17018] . Contents of the 'Scheduled Tasks' folder 2010-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://facebook.com/ mStart Page = hxxp://www.yahoo.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Booty\Application Data\Mozilla\Firefox\Profiles\ou8j1um8.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-04 12:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,d9,f3,21,13,8d,74,47,83,49,9b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,d9,f3,21,13,8d,74,47,83,49,9b,\ . Completion time: 2010-05-04 12:46:10 ComboFix-quarantined-files.txt 2010-05-04 16:46 ComboFix2.txt 2010-05-03 23:39 ComboFix3.txt 2010-05-02 20:23 Pre-Run: 22,184,001,536 bytes free Post-Run: 22,165,901,312 bytes free - - End Of File - - D3FD9C5B0F680C04BED642E7A618E712 Upload was successful
  6. ComboFix 10-05-02.01 - Booty 05/03/2010 19:15:46.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.105 [GMT -4:00] Running from: c:\documents and settings\Booty\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Booty\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\7Fg0OqVS.exe . --------------- FCopy --------------- c:\windows\servicepackfiles\i386\ctfmon.exe --> c:\windows\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_K -------\Service_k ((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 ))))))))))))))))))))))))))))))) . 2010-05-03 23:15 . 2008-04-14 00:12 15360 -c--a-w- c:\windows\system32\dllcache\ctfmon.exe 2010-05-03 23:15 . 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe 2010-05-02 01:37 . 2010-05-02 01:37 -------- d-----w- c:\documents and settings\Booty\Application Data\Malwarebytes 2010-05-02 01:35 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-02 01:34 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-02 01:34 . 2010-05-02 01:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-01 21:37 . 2010-05-01 21:36 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-01 21:09 . 2010-02-26 05:43 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-05-01 21:09 . 2010-02-26 05:43 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll 2010-05-01 21:00 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-05-01 01:38 . 2010-05-01 01:38 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2010-04-30 19:58 . 2010-04-30 19:58 4736 ----a-w- c:\windows\system32\o.sys 2010-04-28 19:26 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-04-28 19:26 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-04-27 23:51 . 2010-04-27 23:51 -------- d-----w- c:\program files\Microsoft Silverlight 2010-04-25 02:47 . 2010-04-25 02:47 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint 2010-04-25 02:46 . 2002-05-14 20:50 11264 ------w- c:\windows\system32\Spool\prtprocs\w32x86\wfxprint2000.dll 2010-04-25 02:46 . 2010-04-25 02:46 -------- d-----w- c:\program files\FaxTools 2010-04-25 02:46 . 2010-04-25 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2010-04-25 02:42 . 2010-05-03 23:15 -------- d-----w- c:\program files\Lexmark X74-X75 2010-04-25 02:42 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-04-25 02:42 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-04-25 02:42 . 2001-08-18 02:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2010-04-25 02:42 . 2001-08-18 02:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll 2010-04-25 02:42 . 1997-04-09 00:08 299520 ----a-w- c:\windows\uninst.exe 2010-04-25 02:42 . 2010-04-25 02:42 -------- d-----w- c:\documents and settings\Booty\WINDOWS 2010-04-18 01:20 . 2010-04-18 01:20 -------- d-----w- c:\program files\ESET 2010-04-18 01:20 . 2010-04-18 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-04-18 01:02 . 2010-04-18 01:02 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2010-04-18 01:02 . 2010-04-18 01:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-04-16 04:51 . 2010-04-16 04:51 -------- d-----w- c:\documents and settings\charlie rose\Application Data\Malwarebytes 2010-04-16 04:51 . 2010-04-16 04:51 -------- d-----w- c:\documents and settings\charlie rose\Application Data\Apple Computer 2010-04-16 04:51 . 2010-04-16 04:51 -------- d-----w- c:\documents and settings\charlie rose\Local Settings\Application Data\avG 2010-04-16 04:51 . 2010-04-16 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avG 2010-04-16 04:50 . 2010-04-25 02:51 -------- d-----w- c:\documents and settings\Booty\Application Data\AdobeUM 2010-04-16 04:46 . 2010-04-16 04:46 -------- d-----w- c:\documents and settings\Booty\Local Settings\Application Data\Apple 2010-04-16 04:45 . 2010-04-16 04:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2010-04-16 04:22 . 2010-04-16 04:22 -------- d-sh--w- c:\documents and settings\charlie rose\PrivacIE 2010-04-16 04:21 . 2010-04-16 04:21 -------- d-----w- c:\documents and settings\charlie rose\Local Settings\Application Data\Apple Computer 2010-04-16 04:21 . 2010-04-16 04:21 -------- d-----w- c:\documents and settings\charlie rose\Application Data\BellSouth 2010-04-16 04:21 . 2010-04-16 04:21 20136 ----a-w- c:\documents and settings\charlie rose\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-16 04:20 . 2010-04-16 04:20 -------- d-sh--w- c:\documents and settings\charlie rose\IETldCache 2010-04-16 04:20 . 2010-04-16 04:36 -------- d-----w- c:\documents and settings\charlie rose\Local Settings\Application Data\Microsoft 2010-04-16 04:20 . 2010-04-16 04:36 -------- d-----w- c:\documents and settings\charlie rose 2010-04-14 05:22 . 2010-04-14 05:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-04-14 05:16 . 2010-04-14 05:16 -------- d-----w- c:\documents and settings\Booty\Local Settings\Application Data\Adobe 2010-04-13 18:18 . 2010-04-13 18:18 -------- d-----w- c:\documents and settings\Booty\Local Settings\Application Data\Identities 2010-04-13 07:03 . 2010-05-02 15:50 -------- d-----w- c:\windows\ie8updates 2010-04-13 06:02 . 2010-04-13 06:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-04-12 07:26 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-04-12 07:26 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-04-12 07:26 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-04-12 07:26 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-04-12 07:26 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-04-12 04:58 . 2010-04-16 04:49 -------- d-----w- c:\program files\iPod 2010-04-12 04:57 . 2010-05-03 23:15 -------- d-----w- c:\program files\iTunes 2010-04-12 04:57 . 2010-04-12 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-12 04:53 . 2010-05-03 23:15 -------- d-----w- c:\program files\QuickTime 2010-04-12 04:50 . 2010-04-16 04:46 -------- d-----w- c:\program files\Bonjour 2010-04-12 04:39 . 2010-04-12 04:39 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-04-12 04:39 . 2005-06-02 03:37 463872 ----a-w- c:\windows\system32\drivers\BLKWGD.sys 2010-04-12 04:38 . 2010-04-16 04:46 -------- d-----w- c:\program files\Belkin 2010-04-12 04:27 . 2004-08-23 01:28 61440 ------w- c:\windows\system32\W32N50.dll 2010-04-12 04:27 . 2002-09-10 20:44 81920 ------w- c:\windows\system32\PLCLIB.dll 2010-04-12 04:27 . 2002-09-10 20:44 16720 ------w- c:\windows\system32\PLCNDIS4.sys 2010-04-12 04:27 . 2002-09-10 20:44 17018 ------w- c:\windows\system32\PLCNDIS5.sys 2010-04-12 04:26 . 2010-04-16 04:46 -------- d-----w- c:\program files\Linksys 2010-04-12 04:02 . 2010-04-12 04:02 -------- d-sh--w- c:\documents and settings\Booty\PrivacIE 2010-04-12 03:48 . 2010-04-12 03:48 -------- d-sh--w- c:\documents and settings\Booty\IETldCache 2010-04-08 21:34 . 2010-04-16 04:45 -------- d-----w- c:\documents and settings\Booty\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-03 23:15 . 2004-11-01 23:46 -------- d-----w- c:\program files\Winamp 2010-05-03 22:42 . 2010-04-30 19:58 112 ----a-w- c:\documents and settings\All Users\Application Data\RfxmGE.dat 2010-04-30 19:56 . 2004-11-02 01:02 35844 ----a-w- c:\windows\system32\VTTimer .exe 2010-04-29 22:12 . 2003-03-31 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-04-25 02:46 . 2004-11-09 13:23 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-16 04:48 . 2010-03-12 07:00 -------- d-----w- c:\program files\Common Files\Apple 2010-04-12 04:47 . 2010-04-12 04:47 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe 2010-03-30 21:29 . 2010-03-30 21:29 503808 ----a-w- c:\documents and settings\Booty\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a5fbdc1-n\msvcp71.dll 2010-03-30 21:29 . 2010-03-30 21:29 348160 ----a-w- c:\documents and settings\Booty\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a5fbdc1-n\msvcr71.dll 2010-03-30 21:29 . 2010-03-30 21:29 499712 ----a-w- c:\documents and settings\Booty\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a5fbdc1-n\jmc.dll 2010-03-30 21:29 . 2010-03-30 21:29 61440 ----a-w- c:\documents and settings\Booty\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1bf0984c-n\decora-sse.dll 2010-03-30 21:29 . 2010-03-30 21:29 12800 ----a-w- c:\documents and settings\Booty\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1bf0984c-n\decora-d3d.dll 2010-03-30 21:23 . 2010-03-30 21:23 -------- d-----w- c:\documents and settings\Booty\Application Data\BellSouth 2010-03-30 21:22 . 2010-03-30 21:22 20136 ----a-w- c:\documents and settings\Booty\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-23 16:45 . 2004-11-01 23:33 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2010-03-23 16:08 . 2010-02-09 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-03-23 16:06 . 2006-07-06 18:41 -------- d-----w- c:\program files\blstoolbar 2010-03-22 23:16 . 2010-03-22 23:16 -------- d-----w- c:\program files\Common Files\Java 2010-03-22 23:16 . 2010-03-22 23:16 503808 ----a-w- c:\documents and settings\cmp\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16b0aaed-n\msvcp71.dll 2010-03-22 23:16 . 2010-03-22 23:16 499712 ----a-w- c:\documents and settings\cmp\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16b0aaed-n\jmc.dll 2010-03-22 23:16 . 2010-03-22 23:16 348160 ----a-w- c:\documents and settings\cmp\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16b0aaed-n\msvcr71.dll 2010-03-22 23:16 . 2010-03-22 23:16 61440 ----a-w- c:\documents and settings\cmp\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26aa90f8-n\decora-sse.dll 2010-03-22 23:16 . 2010-03-22 23:16 12800 ----a-w- c:\documents and settings\cmp\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26aa90f8-n\decora-d3d.dll 2010-03-22 23:14 . 2010-03-22 23:14 -------- d-----w- c:\program files\Java 2010-03-12 07:19 . 2010-03-12 07:07 -------- d-----w- c:\documents and settings\cmp\Application Data\Apple Computer 2010-03-12 07:06 . 2010-03-12 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-03-12 07:05 . 2010-03-12 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-03-12 07:03 . 2010-03-12 07:03 -------- d-----w- c:\program files\Apple Software Update 2010-03-12 07:00 . 2010-03-12 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-03-09 11:09 . 2003-03-31 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-02-26 05:43 . 2003-03-31 12:00 667136 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2003-03-31 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 13:10 . 2003-03-31 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2002-08-29 01:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-02-12 04:33 . 2003-03-31 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2003-03-31 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-02-09 07:09 . 2007-03-28 17:06 20136 ----a-w- c:\documents and settings\cmp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-09 06:37 . 2006-07-07 20:43 244 -c--a-w- c:\windows\freedom.backup.dat . <pre> c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\windows\system32\VTTimer .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2003-04-02 12288] "VTTimer"="VTTimer.exe" [N/A] "BellSouthAlertManager.exe"="c:\program files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [2006-01-10 1896448] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360] "Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-25 57344] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Belkin Wireless Utility.lnk - c:\program files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe [2005-8-18 1388544] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 7:26 AM 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 7:24 AM 735960] R3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [4/12/2010 12:39 AM 463872] R3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [4/21/2004 6:51 PM 16384] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232] S3 PLCNDIS5;PLCNDIS5;c:\windows\system32\PLCNDIS5.sys [4/12/2010 12:27 AM 17018] . Contents of the 'Scheduled Tasks' folder 2010-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://facebook.com/ mStart Page = hxxp://www.yahoo.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Booty\Application Data\Mozilla\Firefox\Profiles\ou8j1um8.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-03 19:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,d9,f3,21,13,8d,74,47,83,49,9b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,d9,f3,21,13,8d,74,47,83,49,9b,\ . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\windows\system32\acs.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-05-03 19:39:26 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-03 23:39 ComboFix2.txt 2010-05-02 20:23 Pre-Run: 22,290,415,616 bytes free Post-Run: 22,206,742,528 bytes free - - End Of File - - 74F6AFB0D0B02515BE1D978E0511C94D
  7. Just posted the ComboFix Log above. ^ I appreciate all of this by the way!
  8. ComboFix 10-05-02.01 - Booty 05/02/2010 16:02:17.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.44 [GMT -4:00] Running from: c:\documents and settings\Booty\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\7Fg0OqVS.exe c:\documents and settings\charlie rose\Local Settings\Temporary Internet Files\2jIUtI476.jpg c:\documents and settings\charlie rose\Local Settings\Temporary Internet Files\O5Ksj.jpg c:\documents and settings\charlie rose\Local Settings\Temporary Internet Files\SDhKf7566.jpg c:\documents and settings\charlie rose\Local Settings\Temporary Internet Files\VUfCj.jpg c:\program files\WindowsUpdate c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf c:\windows\system32\VTTimer .exe c:\windows\Tasks\At1.job c:\windows\Tasks\At101.job Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 ))))))))))))))))))))))))))))))) . 2010-05-02 01:37 . 2010-05-02 01:37 -------- d-----w- c:\documents and settings\Booty\Application Data\Malwarebytes 2010-05-02 01:35 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-02 01:34 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-02 01:34 . 2010-05-02 01:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-01 21:37 . 2010-05-01 21:36 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-01 21:09 . 2010-02-26 05:43 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-05-01 21:09 . 2010-02-26 05:43 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll 2010-05-01 21:00 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-05-01 01:38 . 2010-05-01 01:38 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2010-04-30 19:58 . 2010-04-30 19:58 4736 ----a-w- c:\windows\system32\o.sys 2010-04-28 19:26 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-04-28 19:26 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-04-27 23:51 . 2010-04-27 23:51 -------- d-----w- c:\program files\Microsoft Silverlight 2010-04-25 02:47 . 2010-04-25 02:47 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint 2010-04-25 02:46 . 2002-05-14 20:50 11264 ------w- c:\windows\system32\Spool\prtprocs\w32x86\wfxprint2000.dll 2010-04-25 02:46 . 2010-04-25 02:46 -------- d-----w- c:\program files\FaxTools 2010-04-25 02:46 . 2010-04-25 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2010-04-25 02:42 . 2010-04-30 19:57 -------- d-----w- c:\program files\Lexmark X74-X75 2010-04-25 02:42 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-04-25 02:42 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-04-25 02:42 . 2001-08-18 02:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2010-04-25 02:42 . 2001-08-18 02:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll 2010-04-25 02:42 . 1997-04-09 00:08 299520 ----a-w- c:\windows\uninst.exe 2010-04-25 02:42 . 2010-04-25 02:42 -------- d-----w- c:\documents and settings\Booty\WINDOWS 2010-04-18 01:20 . 2010-04-18 01:20 -------- d-----w- c:\program files\ESET 2010-04-18 01:20 . 2010-04-18 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-04-18 01:02 . 2010-04-18 01:02 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2010-04-18 01:02 . 2010-04-18 01:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-04-16 04:51 . 2010-04-16 04:51 -------- d-----w- c:\documents and settings\charlie rose\Application Data\Malwarebytes 2010-04-16 04:51 . 2010-04-16 04:51 -------- d-----w- c:\documents and settings\charlie rose\Application Data\Apple Computer 2010-04-16 04:51 . 2010-04-16 04:51 -------- d-----w- c:\documents and settings\charlie rose\Local Settings\Application Data\avG 2010-04-16 04:51 . 2010-04-16 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avG 2010-04-16 04:50 . 2010-04-25 02:51 -------- d-----w- c:\documents and settings\Booty\Application Data\AdobeUM 2010-04-16 04:46 . 2010-04-16 04:46 -------- d-----w- c:\documents and settings\Booty\Local Settings\Application Data\Apple 2010-04-16 04:45 . 2010-04-16 04:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2010-04-16 04:22 . 2010-04-16 04:22 -------- d-sh--w- c:\documents and settings\charlie rose\PrivacIE 2010-04-16 04:21 . 2010-04-16 04:21 -------- d-----w- c:\documents and settings\charlie rose\Local Settings\Application Data\Apple Computer 2010-04-16 04:21 . 2010-04-16 04:21 -------- d-----w- c:\documents and settings\charlie rose\Application Data\BellSouth 2010-04-16 04:21 . 2010-04-16 04:21 20136 ----a-w- c:\documents and settings\charlie rose\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-16 04:20 . 2010-04-16 04:20 -------- d-sh--w- c:\documents and settings\charlie rose\IETldCache 2010-04-16 04:20 . 2010-04-16 04:36 -------- d-----w- c:\documents and settings\charlie rose\Local Settings\Application Data\Microsoft 2010-04-16 04:20 . 2010-04-16 04:36 -------- d-----w- c:\documents and settings\charlie rose 2010-04-14 05:22 . 2010-04-14 05:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-04-14 05:16 . 2010-04-14 05:16 -------- d-----w- c:\documents and settings\Booty\Local Settings\Application Data\Adobe 2010-04-13 18:18 . 2010-04-13 18:18 -------- d-----w- c:\documents and settings\Booty\Local Settings\Application Data\Identities 2010-04-13 07:03 . 2010-05-02 15:50 -------- d-----w- c:\windows\ie8updates 2010-04-13 06:02 . 2010-04-13 06:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-04-12 07:26 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-04-12 07:26 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-04-12 07:26 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-04-12 07:26 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-04-12 07:26 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-04-12 04:58 . 2010-04-16 04:49 -------- d-----w- c:\program files\iPod 2010-04-12 04:57 . 2010-04-30 19:56 -------- d-----w- c:\program files\iTunes 2010-04-12 04:57 . 2010-04-12 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-12 04:53 . 2010-05-02 05:22 -------- d-----w- c:\program files\QuickTime 2010-04-12 04:50 . 2010-04-16 04:46 -------- d-----w- c:\program files\Bonjour 2010-04-12 04:39 . 2010-04-12 04:39 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-04-12 04:39 . 2005-06-02 03:37 463872 ----a-w- c:\windows\system32\drivers\BLKWGD.sys 2010-04-12 04:38 . 2010-04-16 04:46 -------- d-----w- c:\program files\Belkin 2010-04-12 04:27 . 2004-08-23 01:28 61440 ------w- c:\windows\system32\W32N50.dll 2010-04-12 04:27 . 2002-09-10 20:44 81920 ------w- c:\windows\system32\PLCLIB.dll 2010-04-12 04:27 . 2002-09-10 20:44 16720 ------w- c:\windows\system32\PLCNDIS4.sys 2010-04-12 04:27 . 2002-09-10 20:44 17018 ------w- c:\windows\system32\PLCNDIS5.sys 2010-04-12 04:26 . 2010-04-16 04:46 -------- d-----w- c:\program files\Linksys 2010-04-12 04:02 . 2010-04-12 04:02 -------- d-sh--w- c:\documents and settings\Booty\PrivacIE 2010-04-12 03:48 . 2010-04-12 03:48 -------- d-sh--w- c:\documents and settings\Booty\IETldCache 2010-04-08 21:34 . 2010-04-16 04:45 -------- d-----w- c:\documents and settings\Booty\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-02 18:18 . 2010-04-30 19:58 112 ----a-w- c:\documents and settings\All Users\Application Data\RfxmGE.dat 2010-04-30 19:56 . 2004-11-02 01:02 35844 ----a-w- c:\windows\system32\VTTimer.exe 2010-04-30 19:56 . 2004-11-01 23:46 -------- d-----w- c:\program files\Winamp 2010-04-29 22:12 . 2003-03-31 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-04-25 02:46 . 2004-11-09 13:23 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-16 04:48 . 2010-03-12 07:00 -------- d-----w- c:\program files\Common Files\Apple 2010-04-12 04:47 . 2010-04-12 04:47 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe 2010-03-30 21:29 . 2010-03-30 21:29 503808 ----a-w- c:\documents and settings\Booty\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a5fbdc1-n\msvcp71.dll 2010-03-30 21:29 . 2010-03-30 21:29 348160 ----a-w- c:\documents and settings\Booty\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a5fbdc1-n\msvcr71.dll 2010-03-30 21:29 . 2010-03-30 21:29 499712 ----a-w- c:\documents and settings\Booty\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a5fbdc1-n\jmc.dll 2010-03-30 21:29 . 2010-03-30 21:29 61440 ----a-w- c:\documents and settings\Booty\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1bf0984c-n\decora-sse.dll 2010-03-30 21:29 . 2010-03-30 21:29 12800 ----a-w- c:\documents and settings\Booty\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1bf0984c-n\decora-d3d.dll 2010-03-30 21:23 . 2010-03-30 21:23 -------- d-----w- c:\documents and settings\Booty\Application Data\BellSouth 2010-03-30 21:22 . 2010-03-30 21:22 20136 ----a-w- c:\documents and settings\Booty\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-23 16:45 . 2004-11-01 23:33 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2010-03-23 16:08 . 2010-02-09 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-03-23 16:06 . 2006-07-06 18:41 -------- d-----w- c:\program files\blstoolbar 2010-03-22 23:16 . 2010-03-22 23:16 -------- d-----w- c:\program files\Common Files\Java 2010-03-22 23:16 . 2010-03-22 23:16 503808 ----a-w- c:\documents and settings\cmp\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16b0aaed-n\msvcp71.dll 2010-03-22 23:16 . 2010-03-22 23:16 499712 ----a-w- c:\documents and settings\cmp\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16b0aaed-n\jmc.dll 2010-03-22 23:16 . 2010-03-22 23:16 348160 ----a-w- c:\documents and settings\cmp\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16b0aaed-n\msvcr71.dll 2010-03-22 23:16 . 2010-03-22 23:16 61440 ----a-w- c:\documents and settings\cmp\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26aa90f8-n\decora-sse.dll 2010-03-22 23:16 . 2010-03-22 23:16 12800 ----a-w- c:\documents and settings\cmp\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26aa90f8-n\decora-d3d.dll 2010-03-22 23:14 . 2010-03-22 23:14 -------- d-----w- c:\program files\Java 2010-03-12 07:19 . 2010-03-12 07:07 -------- d-----w- c:\documents and settings\cmp\Application Data\Apple Computer 2010-03-12 07:06 . 2010-03-12 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-03-12 07:05 . 2010-03-12 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-03-12 07:03 . 2010-03-12 07:03 -------- d-----w- c:\program files\Apple Software Update 2010-03-12 07:00 . 2010-03-12 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-02-26 05:43 . 2003-03-31 12:00 667136 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2003-03-31 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 13:10 . 2003-03-31 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2002-08-29 01:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-02-12 04:33 . 2003-03-31 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2003-03-31 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-02-09 07:09 . 2007-03-28 17:06 20136 ----a-w- c:\documents and settings\cmp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-09 06:37 . 2006-07-07 20:43 244 -c--a-w- c:\windows\freedom.backup.dat . <pre> c:\program files\BellSouth\Alert Manager\BellSouthAlertManager .exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier .exe c:\program files\Common Files\Java\Java Update\jusched .exe c:\program files\iTunes\iTunesHelper .exe c:\program files\Lexmark X74-X75\lxbbbmgr .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\Winamp\Winampa .exe </pre> ------- Sigcheck ------- [7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe c:\windows\System32\ctfmon.exe ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2010-04-30 35844] "VTTimer"="VTTimer.exe" [2010-04-30 35844] "BellSouthAlertManager.exe"="c:\program files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [2010-04-30 35844] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [N/A] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-30 35844] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360] "Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2010-04-30 35844] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-04-30 35844] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Belkin Wireless Utility.lnk - c:\program files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe [2005-8-18 1388544] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 7:26 AM 96408] R2 k;k;c:\windows\system32\o.sys [4/30/2010 3:58 PM 4736] R3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [4/12/2010 12:39 AM 463872] S3 PLCNDIS5;PLCNDIS5;c:\windows\system32\PLCNDIS5.sys [4/12/2010 12:27 AM 17018] S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [4/21/2004 6:51 PM 16384] . Contents of the 'Scheduled Tasks' folder 2010-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://facebook.com/ mStart Page = hxxp://www.yahoo.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Booty\Application Data\Mozilla\Firefox\Profiles\ou8j1um8.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-02 16:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,d9,f3,21,13,8d,74,47,83,49,9b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,d9,f3,21,13,8d,74,47,83,49,9b,\ . Completion time: 2010-05-02 16:23:55 ComboFix-quarantined-files.txt 2010-05-02 20:23 Pre-Run: 21,917,323,264 bytes free Post-Run: 22,283,345,920 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - 09EFB08634BEA17F057CA6129794500E
  9. GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-02 14:12:01 Windows 5.1.2600 Service Pack 3 Running: znmgukms.exe; Driver: C:\DOCUME~1\Booty\LOCALS~1\Temp\kgldrpod.sys ---- System - GMER 1.0.15 ---- SSDT 8202D580 ZwAssignProcessToJobObject SSDT 8202E100 ZwDebugActiveProcess SSDT 8202DB30 ZwDuplicateObject SSDT 8202CCC0 ZwOpenProcess SSDT 8202CFC0 ZwOpenThread SSDT 8202D9C0 ZwProtectVirtualMemory SSDT 8202D860 ZwSetContextThread SSDT 8202D6E0 ZwSetInformationThread SSDT 8202A700 ZwSetSecurityObject SSDT 8202D420 ZwSuspendProcess SSDT 8202D2C0 ZwSuspendThread SSDT 8202CE50 ZwTerminateProcess SSDT 8202D150 ZwTerminateThread SSDT 8202DF50 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF9A71794] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A .text C:\WINDOWS\Explorer.EXE[376] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A .text C:\WINDOWS\Explorer.EXE[376] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C .text C:\WINDOWS\System32\svchost.exe[1020] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A .text C:\WINDOWS\System32\svchost.exe[1020] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84] .text C:\WINDOWS\System32\svchost.exe[1020] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A .text C:\WINDOWS\System32\svchost.exe[1020] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C .text C:\WINDOWS\System32\svchost.exe[1020] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0656000A .text C:\WINDOWS\System32\svchost.exe[1020] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0655000A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1088] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1088] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1088] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1088] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1088] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1088] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1088] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1088] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1088] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1088] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1088] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1088] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1620] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Internet Explorer\iexplore.exe[1896] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A .text C:\Program Files\Internet Explorer\iexplore.exe[1896] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A .text C:\Program Files\Internet Explorer\iexplore.exe[1896] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C .text C:\Program Files\Internet Explorer\iexplore.exe[1896] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1896] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1896] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1896] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1896] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1896] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1896] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1896] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1896] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2108] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A .text C:\Program Files\Internet Explorer\iexplore.exe[2108] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A .text C:\Program Files\Internet Explorer\iexplore.exe[2108] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C .text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2108] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2108] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2108] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) Device -> \Driver\atapi \Device\Harddisk0\DR0 826A7AC8 ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6B1F3DAA-5606-11DF-AA33-00110904A065}.dat 4608 bytes File C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{71E48B40-5606-11DF-AA33-00110904A065}.dat 4608 bytes File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CP2RXMMH\geekets_com[2] 0 bytes File C:\WINDOWS\Temp\~DF40AD.tmp 0 bytes File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ----
  10. OTL Extras logfile created on: 5/2/2010 11:51:17 AM - Run 1 OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\Booty\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 255.00 Mb Total Physical Memory | 37.00 Mb Available Physical Memory | 15.00% Memory free 570.00 Mb Paging File | 236.00 Mb Available in Paging File | 41.00% Paging File free Paging file location(s): C:\pagefile.sys 336 672 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 38.28 Gb Total Space | 20.42 Gb Free Space | 53.36% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ROLL-TEK Current User Name: Booty Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found [HKEY_USERS\S-1-5-21-1123561945-1682526488-725345543-1008\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4468EF97-A253-4699-9E1C-88CAE2C6832D}" = ABBYY FineReader 5.0 Sprint "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5314FAC0-F8A5-4432-8980-251D055B2C5B}" = Belkin Wireless Utility "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes "{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0 "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{EFA800BF-C5C8-46D1-B49D-13920D05417C}" = ESET NOD32 Antivirus "{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "blstoolbar" = BellSouth Toolbar 1.0 "hp deskjet 656c series" = hp deskjet 656c series (Remove only) "InstallShield_{5314FAC0-F8A5-4432-8980-251D055B2C5B}" = Belkin Wireless Utility "Lexmark X74-X75" = Lexmark X74-X75 "Linksys" = Linksys "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "RadialpointClientGateway_is1" = BellSouth Internet Security - Alert Manager 1.3.20 "S3" = UniChrome IGP Driver and Utilities "VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter "VTDisplay" = S3 S3Display "VTGamma2" = S3 S3Gamma2 "VTInfo2" = S3 S3Info2 "VTOverlay" = S3 S3Overlay "Winamp" = Winamp (remove only) "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WinZip" = WinZip ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/19/2005 9:17:19 AM | Computer Name = ROLL-TEK | Source = Application Hang | ID = 1001 Description = Fault bucket 02011787. Error - 4/19/2005 9:18:01 AM | Computer Name = ROLL-TEK | Source = Application Hang | ID = 1002 Description = Hanging application EXCEL.EXE, version 9.0.0.2719, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/19/2005 9:18:03 AM | Computer Name = ROLL-TEK | Source = Application Hang | ID = 1001 Description = Fault bucket 02011787. Error - 4/22/2005 8:01:09 AM | Computer Name = ROLL-TEK | Source = Application Hang | ID = 1002 Description = Hanging application QBW32.EXE, version 15.0.4003.469, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/22/2005 8:06:41 AM | Computer Name = ROLL-TEK | Source = Application Hang | ID = 1002 Description = Hanging application QBW32.EXE, version 15.0.4003.469, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/15/2005 5:55:48 PM | Computer Name = ROLL-TEK | Source = Application Error | ID = 1000 Description = Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 6/16/2005 8:05:20 AM | Computer Name = ROLL-TEK | Source = Application Error | ID = 1004 Description = Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 6/24/2005 5:04:24 PM | Computer Name = ROLL-TEK | Source = Application Error | ID = 1000 Description = Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 6/27/2005 7:59:48 AM | Computer Name = ROLL-TEK | Source = Application Error | ID = 1004 Description = Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 7/11/2005 1:45:08 PM | Computer Name = ROLL-TEK | Source = Application Hang | ID = 1002 Description = Hanging application EXCEL.EXE, version 9.0.0.2719, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ Application Events ] Error - 4/19/2005 9:17:19 AM | Computer Name = ROLL-TEK | Source = Application Hang | ID = 1001 Description = Fault bucket 02011787. Error - 4/19/2005 9:18:01 AM | Computer Name = ROLL-TEK | Source = Application Hang | ID = 1002 Description = Hanging application EXCEL.EXE, version 9.0.0.2719, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/19/2005 9:18:03 AM | Computer Name = ROLL-TEK | Source = Application Hang | ID = 1001 Description = Fault bucket 02011787. Error - 4/22/2005 8:01:09 AM | Computer Name = ROLL-TEK | Source = Application Hang | ID = 1002 Description = Hanging application QBW32.EXE, version 15.0.4003.469, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/22/2005 8:06:41 AM | Computer Name = ROLL-TEK | Source = Application Hang | ID = 1002 Description = Hanging application QBW32.EXE, version 15.0.4003.469, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/15/2005 5:55:48 PM | Computer Name = ROLL-TEK | Source = Application Error | ID = 1000 Description = Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 6/16/2005 8:05:20 AM | Computer Name = ROLL-TEK | Source = Application Error | ID = 1004 Description = Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 6/24/2005 5:04:24 PM | Computer Name = ROLL-TEK | Source = Application Error | ID = 1000 Description = Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 6/27/2005 7:59:48 AM | Computer Name = ROLL-TEK | Source = Application Error | ID = 1004 Description = Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 7/11/2005 1:45:08 PM | Computer Name = ROLL-TEK | Source = Application Hang | ID = 1002 Description = Hanging application EXCEL.EXE, version 9.0.0.2719, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 5/2/2010 11:31:00 AM | Computer Name = ROLL-TEK | Source = SideBySide | ID = 16842786 Description = Component identity found in manifest does not match the identity of the component requested Error - 5/2/2010 11:31:00 AM | Computer Name = ROLL-TEK | Source = SideBySide | ID = 16842810 Description = Syntax error in manifest or policy file "C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Error - 5/2/2010 11:31:00 AM | Computer Name = ROLL-TEK | Source = SideBySide | ID = 16842811 Description = Generate Activation Context failed for C:\Program Files\ESET\ESET NOD32 Antivirus\MFC80U.DLL. Reference error message: The operation completed successfully. . Error - 5/2/2010 11:31:04 AM | Computer Name = ROLL-TEK | Source = SideBySide | ID = 16842786 Description = Component identity found in manifest does not match the identity of the component requested Error - 5/2/2010 11:31:04 AM | Computer Name = ROLL-TEK | Source = SideBySide | ID = 16842810 Description = Syntax error in manifest or policy file "C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Error - 5/2/2010 11:31:04 AM | Computer Name = ROLL-TEK | Source = SideBySide | ID = 16842811 Description = Generate Activation Context failed for C:\Program Files\ESET\ESET NOD32 Antivirus\MFC80U.DLL. Reference error message: The operation completed successfully. . Error - 5/2/2010 11:31:04 AM | Computer Name = ROLL-TEK | Source = SideBySide | ID = 16842786 Description = Component identity found in manifest does not match the identity of the component requested Error - 5/2/2010 11:31:04 AM | Computer Name = ROLL-TEK | Source = SideBySide | ID = 16842810 Description = Syntax error in manifest or policy file "C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Error - 5/2/2010 11:31:04 AM | Computer Name = ROLL-TEK | Source = SideBySide | ID = 16842811 Description = Generate Activation Context failed for C:\Program Files\ESET\ESET NOD32 Antivirus\MFC80U.DLL. Reference error message: The operation completed successfully. . Error - 5/2/2010 11:47:43 AM | Computer Name = ROLL-TEK | Source = DCOM | ID = 10010 Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. < End of report >
  11. OTL logfile created on: 5/2/2010 11:51:17 AM - Run 1 OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\Booty\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 255.00 Mb Total Physical Memory | 37.00 Mb Available Physical Memory | 15.00% Memory free 570.00 Mb Paging File | 236.00 Mb Available in Paging File | 41.00% Paging File free Paging file location(s): C:\pagefile.sys 336 672 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 38.28 Gb Total Space | 20.42 Gb Free Space | 53.36% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ROLL-TEK Current User Name: Booty Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/02 11:49:37 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Booty\Desktop\OTL.exe PRC - [2010/04/30 15:56:54 | 000,035,844 | ---- | M] () -- C:\WINDOWS\system32\VTTimer.exe PRC - [2010/04/02 01:10:28 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/03/26 01:10:02 | 000,142,120 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper .exe PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/02/18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched .exe PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009/09/11 07:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/01/10 16:56:58 | 001,896,448 | ---- | M] (BellSouth) -- C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager .exe PRC - [2005/08/18 17:09:58 | 001,388,544 | ---- | M] (Belkin) -- C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe PRC - [2005/05/05 01:53:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe PRC - [2004/01/15 08:33:44 | 000,049,152 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer .exe PRC - [2003/04/01 22:20:37 | 000,012,288 | ---- | M] () -- C:\Program Files\Winamp\Winampa .exe PRC - [2002/06/24 22:35:41 | 000,049,152 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X74-X75\lxbbbmon.exe PRC - [2002/06/24 22:11:28 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X74-X75\lxbbbmgr .exe ========== Modules (SafeList) ========== MOD - [2010/05/02 11:49:37 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Booty\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/09/11 07:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2005/05/05 01:53:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) ========== Driver Services (SafeList) ========== DRV - [2010/04/30 15:58:40 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\o.sys -- (k) DRV - [2009/09/11 07:26:26 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009/09/11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009/09/11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2005/06/01 23:37:28 | 000,463,872 | ---- | M] (Belkin Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGD.sys -- (BLKWGD) DRV - [2004/08/04 02:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004/04/21 18:51:34 | 000,016,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\wlanndi5.sys -- (wlanndi5) DRV - [2004/02/11 01:51:46 | 000,115,840 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM) DRV - [2003/07/02 08:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1) DRV - [2002/09/10 16:44:02 | 000,017,018 | ---- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PLCNDIS5.sys -- (PLCNDIS5) DRV - [2001/08/17 09:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124) DRV - [2001/08/17 09:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones) DRV - [2001/08/17 09:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft) DRV - [2001/08/17 09:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample) DRV - [2001/08/17 09:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56) DRV - [2001/08/17 09:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback) DRV - [2001/08/17 09:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax) DRV - [2001/08/17 09:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks) DRV - [2001/08/17 09:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 91 BE C4 5F E9 CA 01 [binary data] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 91 BE C4 5F E9 CA 01 [binary data] IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1123561945-1682526488-725345543-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/ IE - HKU\S-1-5-21-1123561945-1682526488-725345543-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1123561945-1682526488-725345543-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/20 22:42:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 17:37:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/04/17 21:21:08 | 000,000,000 | ---D | M] [2010/04/16 00:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Booty\Application Data\Mozilla\Extensions [2010/05/01 21:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Booty\Application Data\Mozilla\Firefox\Profiles\ou8j1um8.default\extensions [2010/05/01 17:39:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Booty\Application Data\Mozilla\Firefox\Profiles\ou8j1um8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010/05/01 21:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/05/01 17:37:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/05/01 17:37:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - Reg Error: Value error. File not found O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File not found O4 - HKLM..\Run: [bellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe () O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [Lexmark X74-X75] C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.) O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe () O4 - HKU\S-1-5-21-1123561945-1682526488-725345543-1008..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe File not found O4 - HKLM..\RunOnce: [iERESETATTRIB] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe (Belkin) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1123561945-1682526488-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Booty\Application Data\Mozilla\Firefox\Desktop Background.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Booty\Application Data\Mozilla\Firefox\Desktop Background.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/11/01 19:34:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2010/05/02 11:49:03 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Booty\Desktop\OTL.exe [2010/05/01 21:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Booty\Application Data\Malwarebytes [2010/05/01 21:35:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/05/01 21:34:24 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/05/01 21:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/05/01 17:37:46 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/05/01 17:37:45 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/05/01 17:37:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/05/01 17:37:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/05/01 17:37:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/05/01 17:09:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2010/05/01 17:09:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll [2010/05/01 17:09:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8 [2010/04/28 15:26:42 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2010/04/28 15:26:42 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2010/04/27 19:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2010/04/24 22:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 5.0 Sprint [2010/04/24 22:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\FaxTools [2010/04/24 22:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2010/04/24 22:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark X74-X75 [2010/04/24 22:42:20 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiafbdrv.dll [2010/04/24 22:42:20 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll [2010/04/24 22:42:20 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys [2010/04/24 22:42:10 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe [2010/04/24 22:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Booty\WINDOWS [2010/04/20 02:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/04/17 21:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/04/17 21:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET [2010/04/17 21:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Booty\Application Data\WinRAR [2010/04/17 21:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM [2010/04/17 21:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2010/04/17 21:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/04/17 20:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2010/04/16 00:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG [2010/04/16 00:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Booty\Application Data\AdobeUM [2010/04/16 00:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Booty\Local Settings\Application Data\Apple [2010/04/16 00:46:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010/04/16 00:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2010/04/16 00:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Booty\Application Data\Identities [2010/04/16 00:45:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Booty\SendTo [2010/04/16 00:45:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Booty\Recent [2010/04/16 00:45:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Booty\Start Menu [2010/04/16 00:45:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Booty\PrintHood [2010/04/16 00:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Booty\Desktop [2010/04/16 00:38:40 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010/04/14 01:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/04/14 01:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Booty\Local Settings\Application Data\Adobe [2010/04/14 01:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Booty\My Documents\My eBooks [2010/04/13 14:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Booty\Local Settings\Application Data\Identities [2010/04/13 03:03:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010/04/12 03:26:40 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010/04/12 03:26:40 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010/04/12 03:26:36 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010/04/12 00:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/04/12 00:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/04/12 00:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/04/12 00:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/04/12 00:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/04/12 00:39:06 | 000,463,872 | ---- | C] (Belkin Corporation.) -- C:\WINDOWS\System32\drivers\BLKWGD.sys [2010/04/12 00:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin [2010/04/12 00:27:01 | 000,081,920 | ---- | C] (Intellon, Inc.) -- C:\WINDOWS\System32\PLCLIB.dll [2010/04/12 00:27:01 | 000,061,440 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N50.dll [2010/04/12 00:27:01 | 000,017,018 | ---- | C] (Intellon, Inc.) -- C:\WINDOWS\System32\PLCNDIS5.sys [2010/04/12 00:27:01 | 000,016,720 | ---- | C] (Intellon, Inc.) -- C:\WINDOWS\System32\PLCNDIS4.sys [2010/04/12 00:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys [2010/04/12 00:02:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Booty\PrivacIE [2010/04/11 23:48:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Booty\IETldCache [2010/04/08 17:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Booty\Application Data\Apple Computer [9 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [38 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/05/02 11:49:37 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Booty\Desktop\OTL.exe [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At264.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At263.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At262.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At261.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At260.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At259.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At258.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At257.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At256.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At255.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At254.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At253.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At252.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At251.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At250.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At249.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At248.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At247.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At246.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At245.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At244.job [2010/05/02 11:35:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At243.job [2010/05/02 11:35:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At242.job [2010/05/02 11:35:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At241.job [2010/05/02 11:34:16 | 000,000,339 | ---- | M] () -- C:\Documents and Settings\Booty\Desktop\My Documents.lnk [2010/05/02 11:33:01 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\RfxmGE.dat [2010/05/02 11:32:53 | 000,068,612 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7Fg0OqVS.exe [2010/05/02 11:30:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/05/02 11:29:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/02 11:29:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/05/02 01:41:18 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/05/02 01:39:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Booty\ntuser.ini [2010/05/02 01:39:18 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\Booty\NTUSER.DAT [2010/05/02 01:37:49 | 003,764,530 | -H-- | M] () -- C:\Documents and Settings\Booty\Local Settings\Application Data\IconCache.db [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At240.job [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At239.job [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At238.job [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At237.job [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At236.job [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At235.job [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At234.job [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At233.job [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At232.job [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At231.job [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At230.job [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At229.job [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At228.job [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At227.job [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At226.job [2010/05/02 01:24:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At225.job [2010/05/02 01:24:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At224.job [2010/05/02 01:24:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At223.job [2010/05/02 01:24:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At222.job [2010/05/02 01:24:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At221.job [2010/05/02 01:24:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At220.job [2010/05/02 01:24:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At219.job [2010/05/02 01:24:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At218.job [2010/05/02 01:24:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At217.job [2010/05/02 01:24:02 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2010/05/02 01:00:32 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job [2010/05/02 01:00:32 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job [2010/05/02 01:00:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job [2010/05/02 01:00:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At194.job [2010/05/02 01:00:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At170.job [2010/05/02 01:00:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At146.job [2010/05/02 01:00:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job [2010/05/02 01:00:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At122.job [2010/05/02 00:57:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At169.job [2010/05/02 00:54:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At193.job [2010/05/02 00:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job [2010/05/02 00:40:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job [2010/05/02 00:35:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At145.job [2010/05/02 00:31:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job [2010/05/02 00:24:07 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2010/05/02 00:19:13 | 000,499,490 | ---- | M] () -- C:\Documents and Settings\Booty\My Documents\10sadzb.jpg.gif [2010/05/02 00:17:08 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job [2010/05/02 00:17:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At121.job [2010/05/01 23:24:02 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2010/05/01 23:00:26 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job [2010/05/01 23:00:26 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job [2010/05/01 23:00:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At216.job [2010/05/01 23:00:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At192.job [2010/05/01 23:00:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At168.job [2010/05/01 23:00:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At144.job [2010/05/01 23:00:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job [2010/05/01 23:00:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job [2010/05/01 22:24:03 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2010/05/01 22:00:15 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job [2010/05/01 22:00:15 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job [2010/05/01 22:00:15 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job [2010/05/01 22:00:15 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At215.job [2010/05/01 22:00:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At191.job [2010/05/01 22:00:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At167.job [2010/05/01 22:00:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At143.job [2010/05/01 22:00:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job [2010/05/01 21:35:34 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At214.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At213.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At212.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At211.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At210.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At209.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At208.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At207.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At206.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At205.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At204.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At203.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At202.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At201.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At200.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At199.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At198.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At197.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At196.job [2010/05/01 21:25:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At195.job [2010/05/01 21:24:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2010/05/01 21:09:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job [2010/05/01 21:09:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job [2010/05/01 21:09:28 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At190.job [2010/05/01 21:09:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At166.job [2010/05/01 21:09:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At142.job [2010/05/01 21:09:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job [2010/05/01 21:09:08 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job [2010/05/01 20:24:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2010/05/01 20:04:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job [2010/05/01 20:04:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job [2010/05/01 20:04:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job [2010/05/01 20:04:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At189.job [2010/05/01 20:04:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At165.job [2010/05/01 20:04:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job [2010/05/01 20:03:44 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At141.job [2010/05/01 19:24:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At188.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At187.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At186.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At185.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At184.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At183.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At182.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At181.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At180.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At179.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At178.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At177.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At176.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At175.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At174.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At173.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At172.job [2010/05/01 19:21:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At171.job [2010/05/01 19:00:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job [2010/05/01 19:00:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job [2010/05/01 19:00:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At164.job [2010/05/01 19:00:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At140.job [2010/05/01 19:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job [2010/05/01 19:00:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job [2010/05/01 18:24:02 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2010/05/01 18:00:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job [2010/05/01 18:00:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job [2010/05/01 18:00:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job [2010/05/01 18:00:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At163.job [2010/05/01 18:00:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At139.job [2010/05/01 18:00:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job [2010/05/01 17:36:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/05/01 17:36:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/05/01 17:36:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/05/01 17:36:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/05/01 17:36:51 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/05/01 17:24:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2010/05/01 17:00:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job [2010/05/01 17:00:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job [2010/05/01 17:00:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job [2010/05/01 17:00:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At162.job [2010/05/01 17:00:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At138.job [2010/05/01 17:00:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job [2010/05/01 16:24:04 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2010/05/01 16:17:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At161.job [2010/05/01 16:17:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At160.job [2010/05/01 16:17:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At159.job [2010/05/01 16:17:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At158.job [2010/05/01 16:17:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At157.job [2010/05/01 16:17:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At156.job [2010/05/01 16:17:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At155.job [2010/05/01 16:17:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At154.job [2010/05/01 16:17:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At153.job [2010/05/01 16:17:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At152.job [2010/05/01 16:17:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At151.job [2010/05/01 16:17:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At150.job [2010/05/01 16:17:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At149.job [2010/05/01 16:17:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At148.job [2010/05/01 16:17:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At147.job [2010/05/01 16:00:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job [2010/05/01 16:00:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job [2010/05/01 16:00:03 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job [2010/05/01 16:00:03 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At137.job [2010/05/01 16:00:03 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job [2010/05/01 15:24:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2010/05/01 15:00:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job [2010/05/01 15:00:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job [2010/05/01 15:00:28 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At136.job [2010/05/01 15:00:28 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job [2010/05/01 15:00:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job [2010/05/01 14:24:02 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2010/05/01 14:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At135.job [2010/05/01 14:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At134.job [2010/05/01 14:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At133.job [2010/05/01 14:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At132.job [2010/05/01 14:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At131.job [2010/05/01 14:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At130.job [2010/05/01 14:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At129.job [2010/05/01 14:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At128.job [2010/05/01 14:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At127.job [2010/05/01 14:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At126.job [2010/05/01 14:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At125.job [2010/05/01 14:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At124.job [2010/05/01 14:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At123.job [2010/05/01 14:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job [2010/05/01 14:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job [2010/05/01 14:00:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job [2010/05/01 14:00:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job [2010/05/01 13:24:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2010/05/01 13:00:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job [2010/05/01 13:00:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job [2010/05/01 13:00:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job [2010/05/01 13:00:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job [2010/05/01 12:24:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2010/05/01 12:11:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job [2010/05/01 12:11:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job [2010/05/01 12:11:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job [2010/05/01 12:11:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job [2010/05/01 12:11:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job [2010/05/01 12:11:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job [2010/05/01 12:11:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job [2010/05/01 12:11:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job [2010/05/01 12:11:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job [2010/05/01 12:11:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job [2010/05/01 12:11:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job [2010/05/01 02:00:09 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job [2010/05/01 02:00:09 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job [2010/05/01 02:00:08 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job [2010/04/30 23:49:26 | 000,197,625 | ---- | M] () -- C:\Documents and Settings\Booty\My Documents\Everyone_Calm_Down.jpg [2010/04/30 21:26:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job [2010/04/30 21:26:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job [2010/04/30 21:26:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job [2010/04/30 21:26:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job [2010/04/30 21:26:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job [2010/04/30 21:26:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job [2010/04/30 21:26:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job [2010/04/30 21:26:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job [2010/04/30 21:26:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job [2010/04/30 21:26:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job [2010/04/30 18:26:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job [2010/04/30 18:26:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job [2010/04/30 18:26:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job [2010/04/30 18:26:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job [2010/04/30 18:26:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job [2010/04/30 18:26:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job [2010/04/30 18:26:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job [2010/04/30 18:26:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job [2010/04/30 18:26:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job [2010/04/30 18:26:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job [2010/04/30 16:01:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job [2010/04/30 16:01:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job [2010/04/30 16:01:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job [2010/04/30 16:01:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job [2010/04/30 16:01:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job [2010/04/30 16:01:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job [2010/04/30 16:01:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job [2010/04/30 16:01:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job [2010/04/30 16:01:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job [2010/04/30 16:01:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job [2010/04/30 15:58:40 | 000,004,736 | ---- | M] () -- C:\WINDOWS\System32\o.sys [2010/04/30 15:57:05 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2010/04/30 15:57:05 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2010/04/30 15:57:05 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2010/04/30 15:57:05 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2010/04/30 15:57:05 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2010/04/30 15:57:05 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2010/04/30 15:57:05 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2010/04/30 15:57:05 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2010/04/30 15:57:05 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2010/04/30 15:57:05 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2010/04/30 15:56:54 | 000,035,844 | ---- | M] () -- C:\WINDOWS\System32\VTTimer.exe [2010/04/30 02:03:24 | 000,019,529 | ---- | M] () -- C:\Documents and Settings\Booty\My Documents\ghhgf.jpg [2010/04/30 02:01:56 | 000,024,435 | ---- | M] () -- C:\Documents and Settings\Booty\My Documents\haya.jpg [2010/04/30 01:56:26 | 000,389,485 | ---- | M] () -- C:\Documents and Settings\Booty\My Documents\mhar.jpg [2010/04/30 01:55:57 | 000,389,485 | ---- | M] () -- C:\Documents and Settings\Booty\My Documents\mi.jpg [2010/04/29 18:12:51 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys [2010/04/29 17:54:04 | 000,000,228 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI [2010/04/28 17:26:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/04/27 01:21:17 | 000,050,083 | ---- | M] () -- C:\Documents and Settings\Booty\My Documents\cat#.gif [2010/04/24 22:48:26 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lexmark X74-X75 All-In-One Center.lnk [2010/04/21 17:18:35 | 000,013,010 | -HS- | M] () -- C:\Documents and Settings\Booty\Local Settings\Application Data\50vGiJ1FW7x2 [2010/04/21 17:18:35 | 000,013,010 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\50vGiJ1FW7x2 [2010/04/21 13:52:05 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2010/04/20 17:58:06 | 000,054,335 | ---- | M] () -- C:\Documents and Settings\Booty\My Documents\elaina.jpg [2010/04/20 17:55:58 | 000,052,305 | ---- | M] () -- C:\Documents and Settings\Booty\My Documents\elaina3.jpg [2010/04/20 17:55:34 | 000,032,418 | ---- | M] () -- C:\Documents and Settings\Booty\My Documents\elaina2.jpg [2010/04/17 22:46:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/04/17 21:22:00 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\Booty\Desktop\ESET NOD32 Antivirus.lnk [2010/04/17 20:31:43 | 000,012,962 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2509137411 [2010/04/17 20:31:42 | 000,012,962 | -HS- | M] () -- C:\Documents and Settings\Booty\Local Settings\Application Data\2509137411 [2010/04/14 16:30:28 | 000,013,318 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3469191438 [2010/04/13 14:48:47 | 000,000,132 | ---- | M] () -- C:\WINDOWS\winamp.ini [2010/04/12 00:54:22 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/04/12 00:38:49 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk [2010/04/12 00:38:49 | 000,000,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belkin Wireless Utility.lnk [2010/04/12 00:27:03 | 000,001,530 | ---- | M] () -- C:\Documents and Settings\Booty\Desktop\PowerLine Configuration Utility.LNK [9 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [38 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/02 11:35:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At264.job [2010/05/02 11:35:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At263.job [2010/05/02 11:35:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At262.job [2010/05/02 11:35:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At261.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At260.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At259.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At258.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At257.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At256.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At255.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At254.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At253.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At252.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At251.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At250.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At249.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At248.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At247.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At246.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At245.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At244.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At243.job [2010/05/02 11:35:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At242.job [2010/05/02 11:35:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At241.job [2010/05/02 11:34:14 | 000,000,339 | ---- | C] () -- C:\Documents and Settings\Booty\Desktop\My Documents.lnk [2010/05/02 01:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At240.job [2010/05/02 01:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At239.job [2010/05/02 01:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At238.job [2010/05/02 01:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At237.job [2010/05/02 01:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At236.job [2010/05/02 01:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At235.job [2010/05/02 01:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At234.job [2010/05/02 01:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At233.job [2010/05/02 01:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At232.job [2010/05/02 01:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At231.job [2010/05/02 01:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At230.job [2010/05/02 01:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At229.job [2010/05/02 01:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At228.job [2010/05/02 01:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At227.job [2010/05/02 01:24:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At226.job [2010/05/02 01:24:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At225.job [2010/05/02 01:24:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At224.job [2010/05/02 01:24:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At223.job [2010/05/02 01:24:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At222.job [2010/05/02 01:24:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At221.job [2010/05/02 01:24:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At220.job [2010/05/02 01:24:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At219.job [2010/05/02 01:24:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At218.job [2010/05/02 01:24:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At217.job [2010/05/02 00:18:49 | 000,499,490 | ---- | C] () -- C:\Documents and Settings\Booty\My Documents\10sadzb.jpg.gif [2010/05/01 21:35:34 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At216.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At215.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At214.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At213.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At212.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At211.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At210.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At209.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At208.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At207.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At206.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At205.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At204.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At203.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At202.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At201.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At200.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At199.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At198.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At197.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At196.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At195.job [2010/05/01 21:25:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At194.job [2010/05/01 21:25:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At193.job [2010/05/01 19:21:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At192.job [2010/05/01 19:21:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At191.job [2010/05/01 19:21:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At190.job [2010/05/01 19:21:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At189.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At188.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At187.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At186.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At185.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At184.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At183.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At182.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At181.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At180.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At179.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At178.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At177.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At176.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At175.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At174.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At173.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At172.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At171.job [2010/05/01 19:21:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At170.job [2010/05/01 19:21:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At169.job [2010/05/01 16:17:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At168.job [2010/05/01 16:17:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At167.job [2010/05/01 16:17:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At166.job [2010/05/01 16:17:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At165.job [2010/05/01 16:17:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At164.job [2010/05/01 16:17:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At163.job [2010/05/01 16:17:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At162.job [2010/05/01 16:17:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At161.job [2010/05/01 16:17:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At160.job [2010/05/01 16:17:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At159.job [2010/05/01 16:17:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At158.job [2010/05/01 16:17:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At157.job [2010/05/01 16:17:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At156.job [2010/05/01 16:17:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At155.job [2010/05/01 16:17:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At154.job [2010/05/01 16:17:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At153.job [2010/05/01 16:17:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At152.job [2010/05/01 16:17:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At151.job [2010/05/01 16:17:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At150.job [2010/05/01 16:17:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At149.job [2010/05/01 16:17:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At148.job [2010/05/01 16:17:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At147.job [2010/05/01 16:17:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At146.job [2010/05/01 16:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At145.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At144.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At143.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At142.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At141.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At140.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At139.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At138.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At137.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At136.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At135.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At134.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At133.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At132.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At131.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At130.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At129.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At128.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At127.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At126.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At125.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At124.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At123.job [2010/05/01 14:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At122.job [2010/05/01 14:14:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At121.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job [2010/05/01 12:11:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job [2010/05/01 12:11:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job [2010/04/30 23:49:14 | 000,197,625 | ---- | C] () -- C:\Documents and Settings\Booty\My Documents\Everyone_Calm_Down.jpg [2010/04/30 21:26:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At96.job [2010/04/30 21:26:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At95.job [2010/04/30 21:26:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At94.job [2010/04/30 21:26:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At93.job [2010/04/30 21:26:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job [2010/04/30 21:26:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At91.job [2010/04/30 21:26:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job [2010/04/30 21:26:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At89.job [2010/04/30 21:26:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job [2010/04/30 21:26:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At87.job [2010/04/30 21:26:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job [2010/04/30 21:26:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At85.job [2010/04/30 21:26:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job [2010/04/30 21:26:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At83.job [2010/04/30 21:26:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job [2010/04/30 21:26:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At81.job [2010/04/30 21:26:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job [2010/04/30 21:26:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At79.job [2010/04/30 21:26:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job [2010/04/30 21:26:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At77.job [2010/04/30 21:26:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job [2010/04/30 21:26:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At75.job [2010/04/30 21:26:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job [2010/04/30 21:26:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At73.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job [2010/04/30 18:26:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job [2010/04/30 16:01:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job [2010/04/30 16:01:00 | 000,068,612 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7Fg0OqVS.exe [2010/04/30 16:01:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job [2010/04/30 15:58:40 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\o.sys [2010/04/30 15:58:39 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\RfxmGE.dat [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At9.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At8.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At7.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At6.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At5.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At4.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At24.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At23.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At22.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At21.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At20.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At19.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At18.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At17.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At16.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At15.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At14.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At13.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At12.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At11.job [2010/04/30 15:57:05 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At10.job [2010/04/30 15:57:04 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At3.job [2010/04/30 15:57:04 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2010/04/30 15:57:04 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2010/04/30 02:03:22 | 000,019,529 | ---- | C] () -- C:\Documents and Settings\Booty\My Documents\ghhgf.jpg [2010/04/30 02:01:54 | 000,024,435 | ---- | C] () -- C:\Documents and Settings\Booty\My Documents\haya.jpg [2010/04/30 01:56:23 | 000,389,485 | ---- | C] () -- C:\Documents and Settings\Booty\My Documents\mhar.jpg [2010/04/30 01:55:50 | 000,389,485 | ---- | C] () -- C:\Documents and Settings\Booty\My Documents\mi.jpg [2010/04/27 01:21:02 | 000,050,083 | ---- | C] () -- C:\Documents and Settings\Booty\My Documents\cat#.gif [2010/04/24 22:48:26 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lexmark X74-X75 All-In-One Center.lnk [2010/04/24 22:43:42 | 000,000,228 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2010/04/20 17:55:57 | 000,052,305 | ---- | C] () -- C:\Documents and Settings\Booty\My Documents\elaina3.jpg [2010/04/20 17:55:30 | 000,032,418 | ---- | C] () -- C:\Documents and Settings\Booty\My Documents\elaina2.jpg [2010/04/20 17:54:26 | 000,054,335 | ---- | C] () -- C:\Documents and Settings\Booty\My Documents\elaina.jpg [2010/04/17 21:22:00 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\Booty\Desktop\ESET NOD32 Antivirus.lnk [2010/04/14 16:28:10 | 000,013,318 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3469191438 [2010/04/14 16:28:10 | 000,012,962 | -HS- | C] () -- C:\Documents and Settings\Booty\Local Settings\Application Data\2509137411 [2010/04/14 16:28:02 | 000,013,010 | -HS- | C] () -- C:\Documents and Settings\Booty\Local Settings\Application Data\50vGiJ1FW7x2 [2010/04/14 16:28:02 | 000,012,962 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2509137411 [2010/04/14 16:27:17 | 000,013,010 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\50vGiJ1FW7x2 [2010/04/14 16:27:17 | 000,012,378 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\50vGiJ1FW7x2 [2010/04/12 01:01:07 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/04/12 00:54:22 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/04/12 00:38:49 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk [2010/04/12 00:38:49 | 000,000,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belkin Wireless Utility.lnk [2010/04/12 00:27:02 | 000,001,530 | ---- | C] () -- C:\Documents and Settings\Booty\Desktop\PowerLine Configuration Utility.LNK [2010/04/12 00:27:01 | 000,015,941 | ---- | C] () -- C:\WINDOWS\System32\PLCNDIS3.vxd [2010/03/12 03:09:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.cmp.ini [2006/07/07 07:41:07 | 000,000,070 | ---- | C] () -- C:\WINDOWS\DC630EAA.ini [2006/07/06 14:26:53 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll [2006/07/06 14:26:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll [2005/09/07 13:53:59 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2005/07/26 14:05:55 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.User.ini [2004/11/09 09:18:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004/11/01 21:03:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll [2004/11/01 21:02:46 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/11/01 19:46:58 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini [2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2002/06/24 22:59:00 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\lxbbcoin.ini [1999/01/22 22:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL < End of report >
  12. ^That keeps randomly popping up on my desk top over and over. Then when I click OK or close them out, a bunch of Internet Explorer windows will open up. (I use Firefox) Then a few minutes later the pop ups will show up again! I'm worried it may be some sort of malware infection. Does anyone know anything about this ? What do you suggest I do ?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.