Jump to content

subzerobob

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

 Content Type 

Everything posted by subzerobob

  1. subzerobob
    but is my information (logs, etc) that I posted up there safe to sit out there like that on the internet?
  2. subzerobob
    how do I delete this topic and all of our communications?
  3. subzerobob
    Ok, I think we are all set now. I read all of the above. Thanks!
  4. subzerobob
    it's almost time to leave the county, and I am panicking now, because ESET found threat! AND IT IS A FALSE POSITIVE! I hope this won't take much longer because I really have to go now... here is the log: C:\WINDOWS\FixCamera.exe a variant of Win32/KillProc.A application cleaned by deleting - quarantined In regards to XP SP3, i really don't want to install it due to personal preference and also my co-workers at work say that SP3 really brings more hassles than benefits... But after running XP update request, here is the results: Select High-Priority Updates To help protect your computer against security threats and performance problems, we strongly recommend you install all high-priority updates. Restore and Check Again Only selected updates will appear the next time you check for updates. Review and install updates Total: 0 updates , 0 KB , 0 minutes High-priority updates No high-priority updates for your computer are available. To select other updates, use the options to the left. Optional software updates Microsoft Windows XP Optional: Update for Root Certificates [May 2010] (KB931125) Download size: 328 KB , less than 1 minute This item updates the list of root certificates on your computer to the list that is accepted by Microsoft as part of the Microsoft Root Certificate Program. Adding additional root certificates to your computer enables you to use Extended Validation (EV) certificates in Internet Explorer 7, a greater range of security enhanced Web browsing, encrypted e-mail, and security enhanced code delivery. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed. Details... Don't show this update again Microsoft .NET Framework 2.0 Service Pack 2 Update for Windows Server 2003 and Windows XP x86 (KB976569) Download size: 11.2 MB , 4 minutes Install this update to resolve some known incompatibilities in generic types using the BinaryFormatter or NetDataContractSerializer serialized and deserialized across a mixed .NET Framework 3.5 SP1 and .NET Framework 4 environment. After you install this item, you may have to restart your computer. Details... Don't show this update again Windows Search 4.0 for Windows XP (KB940157) Download size: 5.3 MB , 2 minutes Windows Search 4.0 helps you to find, preview, and use your documents, e-mail, music, photos, and other items. On an upgrade from previous versions, you will need to rebuild your index. After you install this item, you may have to restart your computer. Details... Don't show this update again Microsoft Office 2007 Update for Microsoft Office Excel 2007 Help (KB963678) Download size: 19.5 MB , 7 minutes This update installs the latest assistance content for the Microsoft Office Excel 2007 Help file and the Office Excel 2007 Developer Help file. Details... Don't show this update again Update for Microsoft Office Outlook 2007 Help (KB963677) Download size: 17.4 MB , 6 minutes This update installs the latest assistance content for the Microsoft Office Outlook 2007 Help file and the Office Outlook 2007 Developer Help file. Details... Don't show this update again Update for Microsoft Office PowerPoint 2007 Help (KB963669) Download size: 14.5 MB , 5 minutes This update installs the latest assistance content for the Microsoft Office PowerPoint 2007 Help file and the Office PowerPoint 2007 Developer Help file. Details... Don't show this update again Update for Microsoft Office Word 2007 Help (KB963665) Download size: 14.7 MB , 5 minutes This update installs the latest assistance content for the Microsoft Office Word 2007 Help file and the Office Word 2007 Developer Help file. Details... Don't show this update again Update for Microsoft Office Access 2007 Help (KB963663) Download size: 18.9 MB , 6 minutes This update installs the latest assistance content for the Microsoft Office Access 2007 Help file and the Office Access 2007 Developer Help file. Details... Don't show this update again Update for the 2007 Microsoft Office System Help for Common Features (KB963673) Download size: 1.2 MB , less than 1 minute This update installs the latest assistance content for the Microsoft Office 2007 Help file. Details... Don't show this update again Update for Microsoft Office Publisher 2007 Help (KB963667) Download size: 9.2 MB , 3 minutes This update installs the latest assistance content for the Microsoft Office Publisher 2007 Help file and the Office Publisher 2007 Developer Help file. Details... Don't show this update again Update for Microsoft Script Editor Help (KB963671) Download size: 4.9 MB , 2 minutes This update installs the latest assistance content for the Microsoft Script Editor Help file that is included with the 2007 Office System. Details... Don't show this update again I really don't want to update any of these optionals unless really necessary and unless you strongly recommend it to go with these optionals... How much longer is this going to take? I hope we can be finished today!
  5. subzerobob
    ok, please kindly give me the unistall directions for combofix. Should I enable the defogger now? Should I delete this tread once we are done? [How safe is it to have my log files posted out there on the internet like that]? by the way, you never told me - What is FraudPack and how does it affect my computer? Here is the MBAM log that you requested, hope case is closed now? Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4786 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 10/9/2010 1:50:18 PM mbam-log-2010-10-09 (13-50-18).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 215096 Time elapsed: 1 hour(s), 4 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  6. subzerobob
    looks good! does this mean that I am free of malware and keyloggers? Can I go ahead and activate the defogger now? You know - I have to tell you that I used ccleaner as soon as I saw that file disappear when I double clicked it... Do you think ccleaner wiped it before the damn thing go a chance to stick (I didn't reboot until I ran malwarebytes and superantispyware, those two did some fixes too). The combofix also did some fixing, i located the following log file [it's called ComboFix-quarantined-files] in the C:\ directory 2010-10-08 13:19:44 . 2010-10-08 13:19:44 173 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat 2010-10-08 13:12:13 . 2010-10-08 13:12:13 22,533 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2010-10-08 13:06:54 . 2010-10-08 13:06:54 51 ----a-w- C:\Qoobox\Quarantine\catchme.log is this last one - 'catchme.log' something to do with it?? I mean is it this keylogger thing you were talking about? To answer your question about the proxy, yes I have this proxy put into my internet options in internet explorer [under the connections tab, under the LAN settings] but it is not selected right now (it is inactive as far as I know). I usually use it only for certain websites like espn3, but it doesn't work anymore, so I just leave it inactive (i take off the check mark from the box). But yeah, I have set it that way: under address I put 72.51.41.235 and under port I put 3128 Is there a problem with this proxy or something? I can just try to delete then...
  7. subzerobob
    ComboFix 10-10-07.02 - Owner 10/08/2010 8:09.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1270 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 ))))))))))))))))))))))))))))))) . 2010-10-04 13:46 . 2010-10-04 13:46 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-10-04 13:46 . 2010-10-04 13:46 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-10-04 13:46 . 2010-10-04 13:46 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-10-04 13:45 . 2010-10-04 13:45 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2010-10-04 13:45 . 2010-10-04 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-10-04 13:45 . 2010-10-06 01:23 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-10-02 20:42 . 2010-10-02 20:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2010-10-02 20:42 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-02 20:42 . 2010-10-02 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-02 20:42 . 2010-10-02 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-02 20:42 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-02 20:12 . 2010-10-02 20:12 -------- d-----w- c:\documents and settings\Owner\.thumbnails 2010-09-13 22:41 . 2010-08-30 19:34 1496064 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3dfvigpy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-09-13 22:41 . 2010-08-30 19:33 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3dfvigpy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-09-13 22:41 . 2010-08-30 19:33 338944 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3dfvigpy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-09-13 22:41 . 2010-08-30 19:33 346112 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3dfvigpy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-09-10 11:46 . 2010-09-10 11:46 -------- d-----w- c:\program files\Common Files\Java . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-08 12:43 . 2010-04-23 23:26 -------- d-----w- c:\documents and settings\Owner\Application Data\FreeFLVConverter 2010-10-07 18:59 . 2009-04-16 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-10-03 09:40 . 2009-07-01 04:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic 2010-10-02 23:56 . 2009-04-08 00:46 -------- d-----w- c:\program files\Microsoft Silverlight 2010-10-02 20:26 . 2009-05-01 03:37 -------- d-----w- c:\program files\Windows Live Safety Center 2010-09-26 16:18 . 2009-05-10 15:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype 2010-09-26 15:55 . 2009-05-10 15:47 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM 2010-09-25 04:21 . 2010-05-01 04:52 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\27510\AdobeARM.exe 2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\27510\AdobeExtractFiles.dll 2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\27510\ReaderUpdater.exe 2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\27510\AcrobatUpdater.exe 2010-09-17 12:09 . 2009-04-15 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-09-13 01:34 . 2009-11-23 02:14 -------- d-----w- c:\program files\SamsungMitsLabs 2010-09-10 11:46 . 2009-10-17 22:32 -------- d-----w- c:\program files\Java 2010-09-07 15:12 . 2010-07-01 02:23 38848 ----a-w- c:\windows\avastSS.scr 2010-09-07 15:11 . 2009-04-08 03:20 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-09-07 14:52 . 2009-04-08 03:21 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-09-07 14:52 . 2009-04-08 03:21 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-09-07 14:47 . 2009-04-08 03:21 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-09-07 14:47 . 2009-04-08 03:21 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-09-07 14:47 . 2009-04-08 03:21 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-09-07 14:47 . 2009-04-08 03:21 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-09-07 14:46 . 2009-04-08 03:21 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-09-07 00:28 . 2010-09-07 00:28 -------- d-----w- c:\program files\Bankarama 2010-09-06 17:57 . 2009-04-15 12:21 -------- d-----w- c:\program files\Microsoft.NET 2010-09-06 12:18 . 2010-03-17 11:59 -------- d-----w- c:\documents and settings\Owner\Application Data\FreeVideoConverter 2010-09-06 12:17 . 2010-09-06 12:17 -------- d-----w- c:\program files\Free Video Converter 2010-09-06 12:16 . 2010-09-06 12:16 -------- d-----w- c:\program files\Free FLV Converter 2010-09-06 12:13 . 2009-06-10 03:08 127877 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe 2010-09-06 12:13 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll 2010-09-06 12:13 . 2009-04-22 02:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks 2010-08-31 17:11 . 2010-08-31 17:11 3401880 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll 2010-08-31 16:55 . 2010-08-31 16:55 275096 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll 2010-08-31 16:39 . 2010-08-31 16:39 3734536 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll 2010-08-21 03:59 . 2010-08-21 03:59 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-38d785cc-n\msvcp71.dll 2010-08-21 03:59 . 2010-08-21 03:59 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-38d785cc-n\jmc.dll 2010-08-21 03:59 . 2010-08-21 03:59 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-38d785cc-n\msvcr71.dll 2010-08-21 03:59 . 2010-08-21 03:59 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-383a7437-n\decora-sse.dll 2010-08-21 03:59 . 2010-08-21 03:59 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-383a7437-n\decora-d3d.dll 2010-08-20 12:28 . 2009-04-17 23:52 -------- d-----w- c:\program files\Microsoft ActiveSync 2010-08-20 02:25 . 2009-04-23 23:32 4392 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat 2010-08-20 02:15 . 2010-08-20 01:12 162816 ----a-w- c:\windows\system32\fmod.dll 2010-08-15 11:51 . 2009-04-08 00:47 107408 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-15 11:41 . 2009-04-15 12:22 -------- d-----w- c:\program files\Microsoft Works 2010-08-12 04:50 . 2010-04-24 23:16 307200 ----a-w- c:\windows\system32\TubeFinder.exe 2010-07-17 10:00 . 2010-07-14 00:06 423656 ----a-w- c:\windows\system32\deployJava1.dll 2009-10-17 23:22 . 2009-10-17 23:22 53760 ----a-w- c:\program files\DRTCP021.exe 2008-03-15 23:55 . 2009-04-17 23:45 479744 ----a-w- c:\program files\AiglonDTMF.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-08 39408] "WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-09 65216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584] "FixCamera"="c:\windows\FixCamera.exe" [2007-01-30 20480] "tsnp2std"="c:\windows\tsnp2std.exe" [2007-01-05 258048] "snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "PhoneTray"="c:\program files\Traysoft\PhoneTray\PhoneTray.exe" [2007-09-30 1069056] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2010-03-14 867328] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-29 607584] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2007-02-07 06:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\APSHook.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\IBM\\Lotus\\Symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.0.200810171336\\win32\\x86\\symphony.exe"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= "c:\\Program Files\\Paltalk Messenger\\paltalk.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 0 (0x0) R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/7/2009 10:21 PM 165584] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 7:00 AM 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 7:00 AM 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/7/2009 10:21 PM 17744] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [4/7/2009 2:16 PM 88192] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/21/2005 11:19 AM 41216] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 5:06 AM 21632] R3 PhoneTrayDriver;PhoneTrayDriver;c:\windows\system32\drivers\ptdrv.sys [6/18/2007 5:01 PM 22272] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 10:05 PM 135664] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 10:35 AM 50704] S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [11/22/2009 9:17 PM 98560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . Contents of the 'Scheduled Tasks' folder 2010-10-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-10-08 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-08 02:21] 2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 03:05] 2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 03:05] 2010-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-682003330-839522115-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 03:06] 2010-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-682003330-839522115-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 03:06] 2010-10-08 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] 2010-10-07 c:\windows\Tasks\User_Feed_Synchronization-{D436695B-72F9-495D-A14D-C4A3671CCEB3}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=3200%20Series uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = 72.51.41.235:3128 IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report Trusted Zone: microsoft.com\office FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3dfvigpy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=3200%20Series FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3dfvigpy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3dfvigpy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1292428093-682003330-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(980) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll - - - - - - - > 'explorer.exe'(1748) c:\windows\system32\WININET.dll c:\windows\system32\APSHook.dll c:\program files\Ad Muncher\AM31376.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Hewlett-Packard\IAM\bin\asghost.exe c:\windows\system32\rundll32.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\windows\system32\fxssvc.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-10-08 08:20:35 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-08 13:20 Pre-Run: 46,880,661,504 bytes free Post-Run: 46,897,864,704 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 03971219256150CA83B8BF6300803777
  8. subzerobob
    RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 2) Number of processors #2 ============================================== >Drivers ============================================== 0xB9164000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 5238784 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver) 0xBF194000 C:\WINDOWS\System32\ati3duag.dll 3788800 bytes (ATI Technologies Inc. , ati3duag.dll) 0xB8D90000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 3637248 bytes (Intel Corporation, Intel
  9. subzerobob
    OTL logfile created on: 10/7/2010 6:44:13 PM - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 93.15 Gb Total Space | 44.87 Gb Free Space | 48.17% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-756F53E69 Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/10/07 18:41:14 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe PRC - [2010/09/21 00:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010/03/14 11:40:46 | 000,867,328 | ---- | M] (Murray Hurps Corp Pty Ltd) -- C:\Program Files\Ad Muncher\AdMunch.exe PRC - [2009/11/09 00:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe PRC - [2009/07/29 14:29:48 | 001,455,480 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2009/07/29 14:29:48 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2009/04/07 22:17:47 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007/09/30 08:03:16 | 001,069,056 | ---- | M] () -- C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/02/07 01:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe PRC - [2007/01/30 17:50:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe PRC - [2007/01/09 15:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe PRC - [2007/01/05 17:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe PRC - [2007/01/05 17:12:58 | 000,258,048 | ---- | M] (SONIX) -- C:\WINDOWS\tsnp2std.exe PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2006/09/15 13:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe ========== Modules (SafeList) ========== MOD - [2010/10/07 18:41:14 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe MOD - [2010/03/14 11:40:46 | 000,030,208 | ---- | M] (Murray Hurps Corp Pty Ltd) -- C:\Program Files\Ad Muncher\AM31376.dll MOD - [2009/07/29 14:28:34 | 000,094,273 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll MOD - [2007/02/26 03:49:00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll MOD - [2006/12/04 09:31:00 | 000,090,112 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll MOD - [2004/08/04 07:00:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll MOD - [2004/08/04 07:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) SRV - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2008/12/23 10:35:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007/02/07 01:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/06/22 05:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS) DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009/11/22 21:16:52 | 000,098,560 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbser.sys -- (qcusbser) DRV - [2009/08/24 12:02:18 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2009/08/24 12:02:08 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2009/08/24 12:02:02 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2009/08/24 12:01:58 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2009/08/24 12:01:54 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2008/12/23 10:35:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel® DRV - [2008/07/04 02:33:34 | 003,230,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008/03/21 16:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008/01/18 10:49:24 | 000,220,640 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2008/01/14 05:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam) DRV - [2007/10/31 10:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel® DRV - [2007/10/01 13:27:40 | 000,281,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2007/08/28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007/07/24 08:21:46 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2007/06/18 17:01:58 | 000,022,272 | ---- | M] (Traysoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptdrv.sys -- (PhoneTrayDriver) DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007/01/24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2007/01/20 11:31:42 | 012,027,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) DRV - [2006/10/17 10:59:06 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2006/10/17 10:57:58 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2006/09/14 16:55:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21) DRV - [2006/02/27 16:43:36 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2004/08/04 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2001/08/17 07:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1292428093-682003330-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...M=3200%20Series IE - HKU\S-1-5-21-1292428093-682003330-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1292428093-682003330-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1292428093-682003330-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 72.51.41.235:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=3200%20Series" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 36 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {3ED591BC-7CC7-495B-A526-B2431356EDC1}:2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/04/15 21:24:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [2010/03/14 11:40:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/13 17:40:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/13 17:40:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [2010/03/14 11:40:46 | 000,000,000 | ---D | M] [2009/04/25 07:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2009/04/25 07:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\celtx@celtx.com [2010/10/03 09:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3dfvigpy.default\extensions [2010/04/27 08:03:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3dfvigpy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/13 17:41:50 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3dfvigpy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/08/05 22:31:39 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3dfvigpy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/10/03 09:39:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/07/13 19:06:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/09/10 06:46:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (no name) - {C9F97205-62A3-41F2-9F2C-D99392F882EB} - No CLSID value found. O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1292428093-682003330-839522115-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1292428093-682003330-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe (Murray Hurps Corp Pty Ltd) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe () O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PhoneTray] C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe () O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix) O4 - HKLM..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe (SONIX) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1292428093-682003330-839522115-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1292428093-682003330-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-1292428093-682003330-839522115-1003..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1292428093-682003330-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1292428093-682003330-839522115-1003\..Trusted Domains: microsoft.com ([office] http in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/66.12/uploader2.cab (UploadListView Class) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1239132152233 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1239132481115 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/04/07 13:51:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{540014c2-2379-11de-82ab-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{540014c2-2379-11de-82ab-806d6172696f}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/10/07 18:41:13 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2010/10/04 08:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com [2010/10/04 08:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2010/10/04 08:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010/10/04 08:44:17 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe [2010/10/03 07:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Bankarama+v1.1+Smartphone+200x [2010/10/02 15:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes [2010/10/02 15:42:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/10/02 15:42:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/10/02 15:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/10/02 15:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/10/02 15:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.thumbnails [2010/09/10 06:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/09/09 23:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder [2010/09/08 00:32:21 | 003,427,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Owner\Desktop\ccsetup235.exe [2010/09/06 19:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bankarama [2010/09/06 11:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RapidShare Bypasser [2010/09/06 07:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Threedef.Bankarama.v2.0.ARM.XScale.Smartphone200x [2010/09/06 07:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Converter [2010/09/06 07:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter [2010/09/06 06:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WindowsApplication1 [2010/08/19 20:12:17 | 000,162,816 | ---- | C] (Firelight Technologies Pty, Ltd) -- C:\WINDOWS\System32\fmod.dll [2010/08/15 06:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2010/08/15 06:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2010/07/31 10:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth [2009/10/17 18:22:01 | 000,053,760 | ---- | C] (Tolunay Orkun) -- C:\Program Files\DRTCP021.exe [2009/04/17 17:43:37 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll [2009/04/17 17:43:37 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/10/07 18:42:29 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE [2010/10/07 18:42:07 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\unconfirmed 83340.download [2010/10/07 18:41:14 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2010/10/07 18:41:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-682003330-839522115-1003UA.job [2010/10/07 18:25:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/10/07 13:59:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/10/07 13:25:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/10/07 11:04:01 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D436695B-72F9-495D-A14D-C4A3671CCEB3}.job [2010/10/07 06:41:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-682003330-839522115-1003Core.job [2010/10/05 22:55:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/10/05 22:16:21 | 000,026,317 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip [2010/10/05 22:10:11 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT [2010/10/05 22:05:31 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/10/05 22:04:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/10/05 22:02:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/10/05 22:02:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/10/05 22:02:19 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys [2010/10/05 06:59:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable [2010/10/05 06:57:30 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stxx2rs5.exe [2010/10/05 06:57:16 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr [2010/10/05 06:57:02 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe [2010/10/04 09:37:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini [2010/10/04 08:45:34 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/10/04 08:44:25 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe [2010/10/03 07:24:24 | 000,158,823 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Bankarama+v1.1+Smartphone+200x.rar [2010/10/03 07:13:54 | 000,040,677 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Bankarama.CAB [2010/10/03 04:40:55 | 000,014,656 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20101003_044049.reg [2010/10/02 16:23:35 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel [2010/09/26 10:55:07 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk [2010/09/24 23:21:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/09/13 16:13:45 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk [2010/09/12 11:15:41 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/10 18:22:29 | 000,031,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DIPLOMA CSULA.TIF [2010/09/08 06:20:29 | 000,020,289 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BIGGEST SPENDING REPORT EVER.xlsx [2010/09/08 05:29:27 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk [2010/09/08 00:32:31 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner\Desktop\ccsetup235.exe [2010/09/08 00:15:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2010/09/07 10:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010/09/07 09:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010/09/06 07:17:49 | 000,001,014 | ---- | M] () -- C:\WINDOWS\win.ini [2010/09/06 07:17:46 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk [2010/08/29 11:41:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/08/20 22:04:43 | 000,420,689 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Threedef.Bankarama.v2.0.ARM.XScale.Smartphone200x.zip [2010/08/19 21:25:15 | 000,004,392 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat [2010/08/19 21:15:18 | 000,162,816 | ---- | M] (Firelight Technologies Pty, Ltd) -- C:\WINDOWS\System32\fmod.dll [2010/08/17 18:35:17 | 000,028,952 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pos feedback shows under efotech.jpg [2010/08/17 18:33:12 | 000,054,617 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\left feedback.jpg [2010/08/17 18:30:25 | 000,108,674 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\item 190422712691.jpg [2010/08/15 09:55:14 | 000,001,560 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk [2010/08/15 06:51:03 | 000,107,408 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/08/15 06:49:57 | 000,389,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/15 06:38:01 | 000,212,030 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bissell order placed.jpg [2010/08/15 06:37:09 | 000,232,985 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\macys vacuum.jpg [2010/08/14 23:38:57 | 000,003,239 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bissell.jpg [2010/08/14 15:23:14 | 000,029,677 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sailor kiss nurse.jpg [2010/08/11 23:50:28 | 000,307,200 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe [2010/07/31 10:48:07 | 000,594,572 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/07/31 10:48:07 | 000,492,978 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/07/31 10:48:07 | 000,090,848 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/10/07 18:42:29 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE [2010/10/07 18:42:07 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\unconfirmed 83340.download [2010/10/05 22:16:21 | 000,026,317 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip [2010/10/05 06:59:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable [2010/10/05 06:57:29 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\stxx2rs5.exe [2010/10/05 06:57:14 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr [2010/10/05 06:57:01 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe [2010/10/04 08:45:34 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/10/03 07:24:24 | 000,158,823 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Bankarama+v1.1+Smartphone+200x.rar [2010/10/03 07:13:52 | 000,040,677 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Bankarama.CAB [2010/10/03 04:40:52 | 000,014,656 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20101003_044049.reg [2010/10/02 16:23:35 | 000,001,504 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel [2010/09/10 18:22:28 | 000,031,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DIPLOMA CSULA.TIF [2010/09/08 06:20:29 | 000,020,289 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BIGGEST SPENDING REPORT EVER.xlsx [2010/09/06 07:17:46 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk [2010/08/20 22:04:43 | 000,420,689 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Threedef.Bankarama.v2.0.ARM.XScale.Smartphone200x.zip [2010/08/17 18:35:17 | 000,028,952 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pos feedback shows under efotech.jpg [2010/08/17 18:33:12 | 000,054,617 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\left feedback.jpg [2010/08/17 18:30:25 | 000,108,674 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\item 190422712691.jpg [2010/08/15 09:55:14 | 000,001,560 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk [2010/08/15 06:38:01 | 000,212,030 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bissell order placed.jpg [2010/08/15 06:37:09 | 000,232,985 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\macys vacuum.jpg [2010/08/14 23:38:57 | 000,003,239 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bissell.jpg [2010/08/14 15:23:14 | 000,029,677 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sailor kiss nurse.jpg [2010/08/07 16:32:48 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll.bak [2010/07/18 23:21:43 | 000,002,533 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk [2010/07/18 23:21:39 | 000,002,491 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk [2010/06/11 19:16:35 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2010/04/03 16:20:20 | 000,000,067 | ---- | C] () -- C:\WINDOWS\viewlink.ini [2009/11/17 22:16:34 | 000,000,076 | ---- | C] () -- C:\WINDOWS\PPViewer.INI [2009/09/06 17:00:02 | 000,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/07/29 14:28:46 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2009/04/23 18:32:26 | 000,004,392 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat [2009/04/18 09:51:12 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [2009/04/17 18:54:03 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc [2009/04/17 18:45:27 | 000,479,744 | ---- | C] () -- C:\Program Files\AiglonDTMF.exe [2009/04/17 17:43:39 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys [2009/04/17 17:43:39 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini [2009/04/17 17:43:37 | 012,027,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys [2009/04/16 20:15:32 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/04/15 00:38:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI [2009/04/14 22:09:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2009/04/07 22:15:34 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/04/07 22:15:31 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/04/07 22:15:31 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/04/07 22:15:30 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009/04/07 22:15:28 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/04/07 22:15:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/04/07 15:10:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009/04/07 15:10:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009/04/07 15:10:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009/04/07 15:10:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009/04/07 15:09:59 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009/04/07 15:09:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009/04/07 14:26:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\AtStart.txt [2008/12/23 10:33:18 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2007/05/15 17:20:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/12/13 23:01:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/12/13 23:01:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2004/01/13 18:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [1998/05/07 02:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll ========== LOP Check ========== [2010/03/14 11:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad Muncher [2010/06/23 06:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2009/04/28 17:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder [2009/04/17 21:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2010/05/16 02:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Readon [2010/01/13 19:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2009/04/18 09:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp [2010/05/12 13:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2009/04/14 23:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/08/06 17:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009/04/28 17:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DonationCoder [2010/04/18 09:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook [2010/09/06 06:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreeFLVConverter [2010/09/06 07:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreeVideoConverter [2010/01/01 19:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN [2009/04/15 08:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo [2009/04/14 23:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo [2009/04/19 19:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ManyCam [2010/03/04 19:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Paltalk [2009/04/23 18:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template [2009/04/15 17:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Live Writer [2009/04/07 21:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search [2009/12/06 16:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WordWeb [2010/10/05 22:05:31 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2010/10/07 11:04:01 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D436695B-72F9-495D-A14D-C4A3671CCEB3}.job ========== Purity Check ========== < End of report > OTL Extras logfile created on: 10/7/2010 6:44:13 PM - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 93.15 Gb Total Space | 44.87 Gb Free Space | 48.17% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-756F53E69 Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-1292428093-682003330-839522115-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.200810171336\win32\x86\symphony.exe" = C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.200810171336\win32\x86\symphony.exe:*:Enabled:Lotus Symphony -- (IBM) "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google) "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google) "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene -- (AVM Software Inc.) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Documents and Settings\Owner\Desktop\rtmpdump-2.3-windows\rtmpdump-2.3\rtmpgw.exe" = C:\Documents and Settings\Owner\Desktop\rtmpdump-2.3-windows\rtmpdump-2.3\rtmpgw.exe:*:Enabled:rtmpgw -- File not found "C:\Documents and Settings\Owner\Desktop\rtmpdump-2.3-windows\rtmpdump-2.3\rtmpsuck.exe" = C:\Documents and Settings\Owner\Desktop\rtmpdump-2.3-windows\rtmpdump-2.3\rtmpsuck.exe:*:Enabled:rtmpsuck -- File not found "C:\Documents and Settings\Owner\Desktop\rtmpdump-2.3-windows\rtmpdump-2.3\rtmpsrv.exe" = C:\Documents and Settings\Owner\Desktop\rtmpdump-2.3-windows\rtmpdump-2.3\rtmpsrv.exe:*:Enabled:rtmpsrv -- File not found "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01597873-6B79-B0C2-4585-25DD4D52DA7E}" = CCC Help English "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{0428F876-0FAF-D8AD-DEB3-1569AF154738}" = Catalyst Control Center Localization Italian "{055A2D62-65BC-E469-3258-E580E43B8E71}" = Catalyst Control Center Localization Polish "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{0691317B-A10A-96FF-8242-7E165ACF48C0}" = Catalyst Control Center Localization Swedish "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1A433E62-EFC7-B640-A518-6B2D57706F54}" = Catalyst Control Center Localization Dutch "{1B3C844A-46BA-0AA4-6E1D-6C0E8E878D7A}" = Skins "{1B8C7328-9FD2-6317-1BF0-6BFF142A2471}" = CCC Help Norwegian "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{21E1167C-F8AB-FC5D-A34D-D72BDF27CB49}" = CCC Help Finnish "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22DBA7C5-D97A-9A6C-BF27-50B2B4019547}" = Catalyst Control Center Localization Turkish "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 21 "{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{28EDA0C7-4075-D9E0-5F47-16AB23851178}" = Catalyst Control Center Localization Chinese Traditional "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{2BAE85F1-BE4D-3CA7-4E39-75E7F44BA41A}" = Catalyst Control Center Graphics Full New "{2BD8A364-A690-C4EB-E6A8-677B2BFFA248}" = Catalyst Control Center Graphics Light "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{324F3551-D183-E6E7-4F4C-C085A257BD29}" = ccc-utility "{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9 "{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module "{3627D595-F62A-5BE9-8D9A-6D97FEEB7516}" = CCC Help Chinese Traditional "{3B28C95D-F8CD-151D-FDDC-5816A05E31A0}" = CCC Help Japanese "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery "{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36 "{43826648-62A5-4EEF-401C-A33B8DF88ABB}" = CCC Help Danish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B722F6C-B6BC-A5E6-7A98-BD6F2FDAA88B}" = CCC Help Portuguese "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{5A3A7C67-0F52-18D1-F4B2-9314F6D9EAF2}" = Catalyst Control Center Localization Greek "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype
  10. subzerobob
    Oh, yeah - one more problem that I have is that I followed the instructions on this post: http://forums.malwarebytes.org/index.php?showtopic=9573 and it tells me, quote: "Disable CD-ROM Emulation Software DeFogger - Disable . Do not re-enable these drivers until otherwise instructed." So I've already disabled these drivers thinking that I will be working with somebody who follows those procedures, but it seems like you have a whole other list of procedures, which might already be in conflict with what I've done based on the instructions given to me on this post: http://forums.malwarebytes.org/index.php?showtopic=9573 I just hope that you can work with me with those instructions listed on that post [which I already followed] and hopefully not have me mess up something even more... Thanks Bob
  11. subzerobob
    Hi Elise, Thanks for you reply Pretty standard [format] reply on your side, no? But did you see in my first message that I fully described the problem and that I already followed the instructions which were given to me in this post: http://forums.malwarebytes.org/index.php?showtopic=9573 I am not sure why now I have to download new software and generate new logs, are the above stated logs not good? I will be leaving the country on Oct 11TH and I will leave this 'infected' computer at home, if this is going to take long, then maybe I should just leave it for when I come back on October 28TH? Thanks again for your reply and willingness to work with me! Bob
  12. subzerobob
    for complete details of what I've done, please see my other post on malwarebytes here: http://forums.malwarebytes.org/index.php?s...mp;#entry322292 - also, can you please kindly explain to me exactly What is FraudPack and what does it do to my computer? Here now I am following the instructions to post all the logs, and hope that someone can get back to me with detailed instructions on how I can become virus free?? Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4736 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 10/3/2010 5:09:44 AM mbam-log-2010-10-03 (05-09-44).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 27126 Time elapsed: 5 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Owner\Desktop\New Folder\crack.45155.exe (Trojan.Fakealert.Gen) -> Quarantined and deleted successfully. DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 7:01:14.60 on Tue 10/05/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1343 [GMT -5:00] AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\System32\svchost.exe -k Cognizance C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe svchost.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Ad Muncher\AdMunch.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\WordWeb\wweb32.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=3200%20Series uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = 72.51.41.235:3128 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: {C9F97205-62A3-41F2-9F2C-D99392F882EB} - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [FixCamera] c:\windows\FixCamera.exe mRun: [tsnp2std] c:\windows\tsnp2std.exe mRun: [snp2std] c:\windows\vsnp2std.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [PhoneTray] c:\program files\traysoft\phonetray\PhoneTray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Ad Muncher] "c:\program files\ad muncher\AdMunch.exe" /bt mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL Trusted Zone: microsoft.com\office DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/66.12/uploader2.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239132152233 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239132481115 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll AppInit_DLLs: APSHook.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = scecli ASWLNPkg ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\3dfvigpy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=3200%20Series FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\3dfvigpy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071500000347.dll FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\3dfvigpy.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-4-7 165584] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336] R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-7 17744] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-23 40384] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-7 55152] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-23 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-23 40384] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2009-4-7 88192] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 41216] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] R3 PhoneTrayDriver;PhoneTrayDriver;c:\windows\system32\drivers\ptdrv.sys [2007-6-18 22272] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664] S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704] S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2009-11-22 98560] =============== Created Last 30 ================ 2010-10-05 11:59:28 0 ----a-w- c:\documents and settings\owner\defogger_reenable 2010-10-04 13:45:43 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com 2010-10-04 13:45:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-10-04 13:45:32 0 d-----w- c:\program files\SUPERAntiSpyware 2010-10-02 21:23:35 1504 ----a-w- c:\documents and settings\owner\.recently-used.xbel 2010-10-02 20:42:58 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes 2010-10-02 20:42:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-02 20:42:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-02 20:42:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-02 20:42:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-10-02 20:12:41 0 d-----w- c:\documents and settings\owner\.thumbnails 2010-09-07 00:28:49 0 d-----w- c:\program files\Bankarama 2010-09-06 12:17:44 0 d-----w- c:\program files\Free Video Converter 2010-09-06 12:16:18 0 d-----w- c:\program files\Free FLV Converter ==================== Find3M ==================== 2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr 2010-08-20 02:25:15 4392 ----a-w- c:\docume~1\owner\applic~1\wklnhst.dat 2010-08-20 02:15:18 162816 ----a-w- c:\windows\system32\fmod.dll 2010-08-12 04:50:28 307200 ----a-w- c:\windows\system32\TubeFinder.exe 2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll 2009-10-17 23:22:02 53760 ----a-w- c:\program files\DRTCP021.exe 2008-03-15 23:55:02 479744 ----a-w- c:\program files\AiglonDTMF.exe ============= FINISH: 7:01:45.54 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.