Jump to content

My computer....


Recommended Posts

My computer has been starting to like "glitch" up lately. I have ran malwarebytes and it says nothing is wrong, but when i changed the properties (The name, and compatibility or the icon) it says Rundll32.exe is infected, then i removed it. Ever since then it has been messing with the way my screen looks. My clock or parts of my desktop will disappear unless i click on it or run my mouse over it. My icons change, when i minimize my screen part of the old window shows up on my desktop or new window. I have pictures if this can help at all.

Also if i am in the wrong type of forum please tell me because i didn't know weather it would be a virus or error.

(i put the pictures in paint and put red arrows to what is missing)

untitled_3.bmp

untitled2.bmp

untitled.bmp

BTW this all goes away when i restart my computer, but if im on the internet for more than a hour or two then it comes back.

Link to post
Share on other sites

Download GMER Antirootkit Here, click on Download EXE and save to your Desktop

  • Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
  • Double-click Gmer.exe to run the program.
  • When the program opens, click the "Rootkit" Tab
  • On the right-side, check all the items to be scanned, but leave "Show All" unchecked
  • Select all drives that are connected to your system to be scanned
  • Click the Scan button
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Save the gmer scan log and post it in your next reply.
  • Close Gmer
  • Open a command prompt (Start | run |type cmd and hit Enter)
    • Type or paste the following to unload the gmer driver:
    • net stop gmer
    • Hit Enter
    • Exit the command prompt.

    [*]Re-enable all active protection.

Link to post
Share on other sites

My computer got massively slower when i was done with scanning it and i tried to unload the gmer driver using the cmd thing

and it said something like that there was no specific driver or something so i turned off my computer and turned it back on

and now everythings running pretty smooth but i tried the cmd thing again to see if i can get what it said and now it says

' stop' is not recognized as an internal or external command,

operable program or batch file.

anyways here is my gmer log

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-01-06 19:35:36

Windows 5.1.2600 Service Pack 3

Running: 8vu00875.exe; Driver: C:\DOCUME~1\CRAZYP~1\LOCALS~1\Temp\uflyyuow.sys

---- System - GMER 1.0.15 ----

SSDT spot.sys ZwCreateKey [0xF74120E0]

SSDT spot.sys ZwEnumerateKey [0xF7430CA2]

SSDT spot.sys ZwEnumerateValueKey [0xF7431030]

SSDT spot.sys ZwOpenKey [0xF74120C0]

SSDT spot.sys ZwQueryKey [0xF7431108]

SSDT spot.sys ZwQueryValueKey [0xF7430F88]

SSDT spot.sys ZwSetValueKey [0xF743119A]

INT 0x73 ? 867D8BF8

INT 0x73 ? 867D8BF8

INT 0x73 ? 867D8BF8

INT 0x73 ? 867D8BF8

INT 0x73 ? 867D7BF8

INT 0x73 ? 867D7BF8

INT 0x73 ? 867D8BF8

INT 0x94 ? 867D7BF8

INT 0xA4 ? 867D7BF8

INT 0xB4 ? 867D7BF8

---- Kernel code sections - GMER 1.0.15 ----

? spot.sys The system cannot find the file specified. !

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6431000, 0x22AD47, 0xE8000020]

.text USBPORT.SYS!DllUnload F63CF8AC 5 Bytes JMP 867D71D8

? System32\Drivers\a8s80hic.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[496] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012DEDC0 C:\Program Files\McAfee\SiteAdvisor\saPlugin.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7413040] spot.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F741313C] spot.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74130BE] spot.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74137FC] spot.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74136D2] spot.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61449CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6144AE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [61449C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenu] [61449B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenuEx] [61449B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6144AE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!AnimateWindow] [61449D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TrackPopupMenuEx] [61449B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DefWindowProcA] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetSysColor] [61449C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DefWindowProcW] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetSysColorBrush] [61449CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TrackPopupMenu] [61449B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 867D61F8

Device \FileSystem\Fastfat \FatCdrom 86217500

Device \Driver\usbuhci \Device\USBPDO-0 867671F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 867681F8

Device \Driver\dmio \Device\DmControl\DmConfig 867681F8

Device \Driver\dmio \Device\DmControl\DmPnP 867681F8

Device \Driver\dmio \Device\DmControl\DmInfo 867681F8

Device \Driver\usbuhci \Device\USBPDO-1 867671F8

Device \Driver\usbuhci \Device\USBPDO-2 867671F8

Device \Driver\usbehci \Device\USBPDO-3 867DA1F8

Device \Driver\usbehci \Device\USBPDO-4 867DA1F8

Device \Driver\usbuhci \Device\USBPDO-5 867671F8

Device \Driver\PCI_PNP6868 \Device\00000049 spot.sys

Device \Driver\usbuhci \Device\USBPDO-6 867671F8

Device \Driver\usbuhci \Device\USBPDO-7 867671F8

Device \Driver\Ftdisk \Device\HarddiskVolume1 867D91F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 867D91F8

Device \Driver\Cdrom \Device\CdRom0 864501F8

Device \Driver\Cdrom \Device\CdRom1 864501F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7348B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort0 [F7348B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort1 [F7348B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort2 [F7348B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort3 [F7348B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7348B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\Ftdisk \Device\HarddiskVolume3 867D91F8

Device \Driver\Cdrom \Device\CdRom2 864501F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 861E1500

Device \Driver\NetBT \Device\NetbiosSmb 861E1500

Device \Driver\NetBT \Device\NetBT_Tcpip_{65211607-850E-4EE4-9C1B-FD5529F9CB2E} 861E1500

Device \Driver\usbuhci \Device\USBFDO-0 867671F8

Device \Driver\usbuhci \Device\USBFDO-1 867671F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8619B500

Device \Driver\usbuhci \Device\USBFDO-2 867671F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 8619B500

Device \Driver\usbehci \Device\USBFDO-3 867DA1F8

Device \Driver\usbuhci \Device\USBFDO-4 867671F8

Device \Driver\sptd \Device\683496868 spot.sys

Device \Driver\Ftdisk \Device\FtControl 867D91F8

Device \Driver\usbuhci \Device\USBFDO-5 867671F8

Device \Driver\usbuhci \Device\USBFDO-6 867671F8

Device \Driver\usbehci \Device\USBFDO-7 867DA1F8

Device \Driver\a8s80hic \Device\Scsi\a8s80hic1Port5Path0Target0Lun0 864131F8

Device \Driver\a8s80hic \Device\Scsi\a8s80hic1 864131F8

Device \FileSystem\Fastfat \Fat 86217500

Device \FileSystem\Cdfs \Cdfs 861ED500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0x22 0x16 0x4B ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0xE5 0xA0 0xC7 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0A 0x5B 0x84 0xE0 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0x22 0x16 0x4B ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0xE5 0xA0 0xC7 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0A 0x5B 0x84 0xE0 ...

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Looks like you have daemon tools installed or a related program. Cd emulation software can cause a lot of problems. I would start with removing that first.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Extra Registry change it to Use SafeList.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Link to post
Share on other sites

OTL logfile created on: 1/7/2010 8:36:21 PM - Run 1

OTL by OldTimer - Version 3.1.21.1 Folder = C:\Documents and Settings\Crazypete3\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 700.00 Mb Available Physical Memory | 68.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 294.73 Gb Total Space | 162.22 Gb Free Space | 55.04% Space Free | Partition Type: NTFS

Drive D: | 605.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

Drive F: | 2.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BUTTERBALL

Current User Name: Crazypete3

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/07 20:35:25 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Crazypete3\Desktop\OTL.exe

PRC - [2009/11/10 15:39:26 | 00,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe

PRC - [2009/10/21 19:08:39 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009/09/13 00:10:56 | 00,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

PRC - [2009/05/16 03:15:54 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

PRC - [2009/02/23 18:43:12 | 00,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe

PRC - [2009/02/11 10:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/06/12 15:57:18 | 00,991,584 | ---- | M] (Vendio Services, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe

PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe

PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/09 15:25:04 | 16,859,648 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

PRC - [2007/09/26 17:05:58 | 00,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

PRC - [2007/08/02 11:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe

PRC - [2004/07/08 15:13:42 | 00,106,496 | ---- | M] (Sony Corporation.) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

PRC - [2003/11/21 20:02:42 | 00,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

========== Modules (SafeList) ==========

MOD - [2010/01/07 20:35:25 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Crazypete3\Desktop\OTL.exe

MOD - [2009/02/11 10:06:38 | 00,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009/05/16 03:15:54 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2009/02/11 10:06:36 | 00,210,216 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2007/08/02 11:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc)

SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009/05/16 03:58:46 | 04,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2009/03/12 11:18:44 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/02/26 19:57:53 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)

DRV - [2009/02/24 17:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2009/02/24 13:35:32 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2008/04/13 10:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2008/04/13 10:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/01/15 19:17:58 | 04,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/08/28 16:05:12 | 00,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)

DRV - [2007/06/26 09:39:02 | 00,035,600 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | Auto | Running] -- C:\Nexon\Mabinogi\npkcrypt.sys -- (npkcrypt)

DRV - [2007/04/13 20:33:34 | 00,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®

DRV - [2006/09/24 07:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)

DRV - [2004/12/13 15:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)

DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2004/03/08 11:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)

DRV - [2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2003/10/02 02:16:48 | 00,119,552 | ---- | M] ( ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\pnpshark.sys -- (pnpshark)

DRV - [2003/09/27 13:37:16 | 00,005,504 | ---- | M] ( ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\st3shark.sys -- (st3shark)

DRV - [2003/04/09 13:48:08 | 00,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV - [2002/10/15 21:41:06 | 00,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)

DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

DRV - [1996/04/03 13:33:26 | 00,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=20011&l=dis

IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="

FF - prefs.js..browser.search.order.1: "Ask"

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.selectedEngine: "Ask"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/"

FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2

FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.0.1

FF - prefs.js..extensions.enabledItems: {096fce39-df8c-49ad-a4ce-9ef4a875bb76}:1.69

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="

FF - prefs.js..network.proxy.http: "131.179.50.70"

FF - prefs.js..network.proxy.http_port: 3124

FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/23 20:09:20 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 20:17:25 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 20:17:25 | 00,000,000 | ---D | M]

[2009/02/23 22:32:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Extensions

[2010/01/07 13:37:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions

[2009/07/19 14:16:39 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions\{096fce39-df8c-49ad-a4ce-9ef4a875bb76}

[2009/03/10 18:28:22 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009/10/23 21:28:05 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009/12/13 18:25:19 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2009/12/14 17:33:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions\fbdislike@doweb.fr

[2009/04/14 15:34:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions\moveplayer@movenetworks.com

[2009/02/23 23:02:55 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\searchplugins\ask.xml

[2010/01/07 09:57:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/02/22 19:45:04 | 00,177,592 | ---- | M] (MGame) -- C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll

[2009/07/28 21:24:18 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

[2009/10/09 03:20:04 | 00,002,393 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\findbasic114.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Crazypete3\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1235446995140 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1235446990234 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/08 15:28:22 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/08/04 06:00:00 | 00,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2005/09/29 10:06:55 | 00,155,648 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2005/10/04 09:48:21 | 00,000,000 | R--D | M] - F:\Autorun -- [ CDFS ]

O32 - AutoRun File - [2003/10/10 03:52:58 | 00,000,052 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.Now.exe -- [2003/10/06 07:58:20 | 00,034,304 | R--- | M] (Mastertronic)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/07 20:35:24 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Crazypete3\Desktop\OTL.exe

[2010/01/03 09:04:44 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Crazypete3\Recent

[2010/01/03 09:02:10 | 00,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll

[2010/01/02 04:11:27 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker

[2010/01/02 04:11:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Crazypete3\Application Data\Desktopicon

[2009/12/28 20:22:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2009/12/15 12:45:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Crazypete3\My Documents\ConvertXtoDVD

[2009/12/13 18:25:17 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis

[2009/12/01 21:11:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2009/12/01 20:47:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/10/23 21:11:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[2009/10/08 03:24:04 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/10/08 03:24:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/10/08 03:24:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/08/05 17:59:36 | 39,537,784 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Documents and Settings\Crazypete3\Application Data\AVSVideoConverter.exe

[2009/06/07 10:13:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire

[2009/03/28 01:53:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2009/02/26 19:24:23 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Crazypete3\Application Data\pcouffin.sys

[2003/10/02 02:16:48 | 00,119,552 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\pnpshark.sys

[2003/09/27 13:37:16 | 00,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\st3shark.sys

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/07 20:35:25 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Crazypete3\Desktop\OTL.exe

[2010/01/07 20:34:19 | 00,000,069 | ---- | M] () -- C:\Documents and Settings\Crazypete3\jagex_runescape_preferences2.dat

[2010/01/07 20:34:19 | 00,000,039 | ---- | M] () -- C:\Documents and Settings\Crazypete3\jagex_runescape_preferences.dat

[2010/01/07 18:22:24 | 02,786,358 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\wth.bmp

[2010/01/07 09:47:28 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/01/07 09:47:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/01/07 09:47:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/01/07 00:28:42 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\Crazypete3\NTUSER.DAT

[2010/01/07 00:28:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Crazypete3\ntuser.ini

[2010/01/06 05:57:29 | 00,142,848 | ---- | M] () -- C:\Documents and Settings\Crazypete3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/03 09:24:30 | 02,786,358 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\untitled 3.bmp

[2010/01/03 09:22:16 | 02,786,358 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\untitled2.bmp

[2010/01/03 09:19:57 | 02,786,358 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\untitled.bmp

[2010/01/02 08:09:03 | 11,674,19118 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0219.avi

[2010/01/02 08:06:19 | 15,400,516 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0218.avi

[2010/01/02 08:06:11 | 04,206,852 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0217.avi

[2010/01/02 08:05:16 | 45,465,978 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0216.avi

[2010/01/02 08:04:57 | 62,989,366 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0215.avi

[2010/01/02 08:04:31 | 62,943,700 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0214.avi

[2010/01/02 08:02:59 | 03,153,964 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0213.avi

[2010/01/02 08:02:35 | 23,908,7116 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0212.avi

[2010/01/02 07:59:58 | 00,049,558 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0211.avi

[2010/01/02 07:59:50 | 00,270,490 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0210.avi

[2010/01/01 18:52:55 | 00,050,553 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\me n her.jpg

[2010/01/01 04:30:44 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Crazypete3\Application Data\vso_ts_preview.xml

[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/12/28 20:21:53 | 00,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk

[2009/12/27 23:25:29 | 93,536,372 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0209.avi

[2009/12/27 23:25:08 | 00,010,260 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0208.avi

[2009/12/27 02:02:00 | 00,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job

[2009/12/17 15:50:26 | 00,087,450 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\16333_105643016119524_100000214772120_162817_5660956_n.jpg

[2009/12/16 19:26:53 | 02,060,126 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\Jakes fagout 2.jpg

[2009/12/16 19:26:33 | 01,417,267 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\Jakes fagout 1.jpg

[2009/12/12 12:39:02 | 00,010,260 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0207.avi

[2009/12/09 15:19:12 | 00,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/12/09 15:19:12 | 00,462,058 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/09 15:19:12 | 00,078,260 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/07 18:22:23 | 02,786,358 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\wth.bmp

[2010/01/03 09:24:29 | 02,786,358 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\untitled 3.bmp

[2010/01/03 09:22:16 | 02,786,358 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\untitled2.bmp

[2010/01/03 09:19:57 | 02,786,358 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\untitled.bmp

[2010/01/03 09:02:10 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll

[2010/01/02 08:06:27 | 11,674,19118 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0219.avi

[2010/01/02 08:06:16 | 15,400,516 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0218.avi

[2010/01/02 08:06:10 | 04,206,852 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0217.avi

[2010/01/02 08:05:10 | 45,465,978 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0216.avi

[2010/01/02 08:04:47 | 62,989,366 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0215.avi

[2010/01/02 08:04:23 | 62,943,700 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0214.avi

[2010/01/02 08:02:54 | 03,153,964 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0213.avi

[2010/01/02 08:02:28 | 23,908,7116 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0212.avi

[2010/01/02 07:59:57 | 00,049,558 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0211.avi

[2010/01/02 07:59:37 | 00,270,490 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0210.avi

[2010/01/01 18:52:51 | 00,050,553 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\me n her.jpg

[2009/12/28 20:21:53 | 00,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk

[2009/12/27 23:25:14 | 93,536,372 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0209.avi

[2009/12/27 23:25:07 | 00,010,260 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0208.avi

[2009/12/17 15:50:26 | 00,087,450 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\16333_105643016119524_100000214772120_162817_5660956_n.jpg

[2009/12/16 19:26:50 | 02,060,126 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\Jakes fagout 2.jpg

[2009/12/16 19:26:31 | 01,417,267 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\Jakes fagout 1.jpg

[2009/12/12 12:39:01 | 00,010,260 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0207.avi

[2009/08/30 21:25:28 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll

[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/07/28 21:21:57 | 00,224,056 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/03/25 14:52:57 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll

[2009/03/12 11:18:42 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009/03/08 15:43:31 | 00,000,560 | ---- | C] () -- C:\Documents and Settings\Crazypete3\Application Data\ViewerApp.dat

[2009/03/08 14:58:34 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll

[2009/02/26 19:28:01 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009/02/26 19:24:41 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Crazypete3\Application Data\vso_ts_preview.xml

[2009/02/26 19:24:28 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Crazypete3\Application Data\pcouffin.log

[2009/02/26 19:24:23 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Crazypete3\Application Data\inst.exe

[2009/02/26 19:24:23 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Crazypete3\Application Data\pcouffin.cat

[2009/02/26 19:24:23 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Crazypete3\Application Data\pcouffin.inf

[2009/02/24 19:55:21 | 00,142,848 | ---- | C] () -- C:\Documents and Settings\Crazypete3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/02/22 11:57:52 | 04,421,889 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2009/02/18 07:57:22 | 00,557,451 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2009/02/16 11:19:42 | 00,790,190 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/02/16 10:32:20 | 00,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2009/02/16 10:30:30 | 00,903,703 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

[2009/02/16 10:23:50 | 00,145,081 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2009/02/16 08:49:30 | 00,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll

[2009/02/14 09:15:42 | 00,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll

[2009/02/09 16:28:18 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2009/02/09 14:19:18 | 00,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll

[2009/02/09 14:19:12 | 00,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll

[2009/02/09 14:18:52 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll

[2009/02/09 14:18:32 | 00,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll

[2009/02/09 14:18:24 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll

[2009/02/09 14:18:20 | 00,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll

[2009/02/09 13:56:22 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/01/10 16:17:32 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll

[2009/01/10 16:16:56 | 00,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll

[2009/01/10 16:16:50 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll

[2009/01/10 16:16:14 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll

[2009/01/10 16:15:54 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll

[2009/01/10 16:15:44 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll

[2009/01/10 16:15:32 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll

[2009/01/10 16:15:28 | 00,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll

[2009/01/10 16:15:12 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll

[2009/01/10 16:14:08 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll

[2009/01/10 16:14:06 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll

[2008/12/03 16:11:50 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008/11/06 10:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/11/06 10:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest

[2008/11/06 10:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest

[2007/10/13 03:30:20 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini

[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/07/10 11:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2003/10/02 01:20:48 | 00,061,952 | ---- | C] () -- C:\WINDOWS\daemon.dll

[1996/04/03 13:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 508 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B211CA64

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB6AC38B

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 1/7/2010 8:36:21 PM - Run 1

OTL by OldTimer - Version 3.1.21.1 Folder = C:\Documents and Settings\Crazypete3\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 700.00 Mb Available Physical Memory | 68.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 294.73 Gb Total Space | 162.22 Gb Free Space | 55.04% Space Free | Partition Type: NTFS

Drive D: | 605.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

Drive F: | 2.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BUTTERBALL

Current User Name: Crazypete3

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

inffile [install] -- Reg Error: Key error.

InternetShortcut [open] -- Reg Error: Key error.

InternetShortcut [print] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- Reg Error: Key error.

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:UPnP System

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnP System

"58383:TCP" = 58383:TCP:*:Enabled:Pando Media Booster

"58383:UDP" = 58383:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"58196:TCP" = 58196:TCP:*:Enabled:Pando Media Booster

"58196:UDP" = 58196:UDP:*:Enabled:Pando Media Booster

"58972:TCP" = 58972:TCP:*:Enabled:Pando Media Booster

"58972:UDP" = 58972:UDP:*:Enabled:Pando Media Booster

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:UPnP System

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnP System

"58383:TCP" = 58383:TCP:*:Enabled:Pando Media Booster

"58383:UDP" = 58383:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

  • 2 weeks later...

Ive been waiting weeks with this annoying bug or w/e it is so if u leave for a bit doesn't bother me much.

It was extremely annoying dealing with Gmer. :)

I first did it and waited about 2 hours and it seemed near finish then my power supply on my monitor went on, and it stopped the scan of gmer. I thought power supply had to do with screen saver so i made it 200 minutes then did it again. About 2 hours later power supply got on and it stopped it.

I found out that power supply was not the screen saver and made power supply on the never option for now.

I realized the first two times the main reason why it took so long was the games i had installed in my computer, so i uninstalled all those games, and deleted a lot of files.

I then ran gmer, about 30 minutes in my computer restarts, when i go to log into my account on my computer it says an error occurred, then when i get on everyone of my files are gone. I restarted my computer it went back to normal

then i did gmer and blue screen of death happened.... :)

finally after 11 hours of bs it finally didn't mess up and i got it :)

Here is your log

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F73A6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\Cdrom \Device\CdRom1 86A681F8

Device \Driver\Ftdisk \Device\HarddiskVolume3 86D6A1F8

Device \Driver\Cdrom \Device\CdRom2 86A681F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 85FDA1F8

Device \Driver\NetBT \Device\NetbiosSmb 85FDA1F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{65211607-850E-4EE4-9C1B-FD5529F9CB2E} 85FDA1F8

Device \Driver\sptd \Device\3310932516 spsf.sys

Device \Driver\usbuhci \Device\USBFDO-0 86B3D1F8

Device \Driver\usbuhci \Device\USBFDO-1 86B3D1F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85FD41F8

Device \Driver\usbuhci \Device\USBFDO-2 86B3D1F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 85FD41F8

Device \Driver\usbehci \Device\USBFDO-3 86B111F8

Device \Driver\usbuhci \Device\USBFDO-4 86B3D1F8

Device \Driver\Ftdisk \Device\FtControl 86D6A1F8

Device \Driver\usbuhci \Device\USBFDO-5 86B3D1F8

Device \Driver\usbuhci \Device\USBFDO-6 86B3D1F8

Device \Driver\usbehci \Device\USBFDO-7 86B111F8

Device \Driver\a8j85jsr \Device\Scsi\a8j85jsr1 86A341F8

Device \Driver\a8j85jsr \Device\Scsi\a8j85jsr1Port5Path0Target0Lun0 86A341F8

Device \FileSystem\Fastfat \Fat 869711F8

Device \FileSystem\Fastfat \Fat B716E297

Device \FileSystem\Cdfs \Cdfs 86838500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0x22 0x16 0x4B ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0xE5 0xA0 0xC7 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0A 0x5B 0x84 0xE0 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0x22 0x16 0x4B ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0xE5 0xA0 0xC7 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0A 0x5B 0x84 0xE0 ...

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

okay it looks like you may have tdl3 rootkit, but i need you to run this next tool to be sure. However, it still might be a false positive because of stupid daemon tools.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

You know you love daemon tools, im just kidding i uninstalled it like a week ago so i guess there may be a few files in there acting stupid, or corrupted.

ComboFix 10-01-16.04 - Crazypete3 01/17/2010 21:30:11.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.680 [GMT -6:00]

Running from: c:\documents and settings\Crazypete3\My Documents\Downloads\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Crazypete3\Application Data\inst.exe

.

((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 )))))))))))))))))))))))))))))))

.

2010-01-16 19:52 . 2010-01-16 19:52 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-01-16 19:52 . 2010-01-17 22:09 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\skypePM

2010-01-16 19:47 . 2010-01-18 03:26 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\Skype

2010-01-16 19:46 . 2010-01-16 19:46 -------- d-----w- c:\program files\Common Files\Skype

2010-01-16 19:46 . 2010-01-16 19:46 -------- d-----r- c:\program files\Skype

2010-01-16 19:46 . 2010-01-16 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-01-11 04:24 . 2010-01-11 04:24 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2010-01-09 21:11 . 2010-01-09 21:11 -------- d-----w- c:\documents and settings\Crazypete3\Local Settings\Application Data\LogiShrd

2010-01-09 21:11 . 2009-04-30 23:02 539160 ----a-r- c:\windows\system32\LVUI2RC.dll

2010-01-09 21:11 . 2009-04-30 23:02 539160 ----a-r- c:\windows\system32\LVUI2.dll

2010-01-09 21:11 . 2009-04-30 22:57 416280 ----a-r- c:\windows\system32\lvcodec2.dll

2010-01-09 21:11 . 2009-04-30 23:03 6754712 ----a-r- c:\windows\system32\drivers\lvuvc.sys

2010-01-09 21:10 . 2009-04-30 22:39 34068 ----a-r- c:\windows\system32\Repository.reg

2010-01-09 21:10 . 2009-04-30 23:01 265496 ----a-r- c:\windows\system32\drivers\lvrs.sys

2010-01-09 21:10 . 2009-04-30 22:57 199192 ----a-r- c:\windows\system32\lvci1201278.dll

2010-01-09 21:10 . 2009-04-30 23:03 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys

2010-01-09 21:09 . 2010-01-12 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd

2010-01-09 21:09 . 2010-01-09 21:11 -------- d-----w- c:\program files\Common Files\LogiShrd

2010-01-09 21:08 . 2010-01-09 21:11 -------- d-----w- c:\program files\Logitech

2010-01-02 10:11 . 2010-01-12 01:17 -------- d-----w- c:\program files\Unlocker

2010-01-02 09:52 . 2010-01-08 07:00 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-29 02:21 . 2009-11-10 20:39 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-18 03:27 . 2010-01-09 21:11 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2010-01-18 03:27 . 2010-01-09 21:10 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2010-01-18 01:01 . 2009-09-05 03:34 69 ----a-w- c:\documents and settings\Crazypete3\jagex_runescape_preferences2.dat

2010-01-18 01:00 . 2009-03-11 23:29 39 ----a-w- c:\documents and settings\Crazypete3\jagex_runescape_preferences.dat

2010-01-17 01:40 . 2009-03-12 17:30 -------- d-----w- c:\program files\MagicISO

2010-01-17 01:36 . 2009-05-07 22:29 -------- d-----w- c:\program files\Pocket Tanks

2010-01-17 01:36 . 2009-05-07 23:06 -------- d-----w- c:\program files\Pocket Tanks Deluxe

2010-01-17 01:35 . 2009-02-22 20:03 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-17 01:34 . 2009-02-22 20:23 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\Atari

2010-01-17 01:33 . 2009-02-24 03:41 69232 ----a-w- c:\documents and settings\Crazypete3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-01-17 01:32 . 2009-04-23 11:01 -------- d-----w- c:\program files\Firefly Studios

2010-01-17 01:31 . 2009-04-23 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Firefly Studios

2010-01-17 01:26 . 2009-04-29 20:50 -------- d-----w- c:\program files\EA GAMES

2010-01-16 08:04 . 2009-02-27 01:57 -------- d-----w- c:\program files\VSO

2010-01-16 08:04 . 2009-02-27 01:24 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\Vso

2010-01-16 08:04 . 2009-02-27 01:24 47360 ----a-w- c:\documents and settings\Crazypete3\Application Data\pcouffin.sys

2010-01-16 08:04 . 2009-02-27 01:24 47360 ----a-w- c:\documents and settings\Crazypete3\Application Data\pcouffin.sys

2010-01-16 08:03 . 2009-10-09 09:59 -------- d-----w- c:\program files\Logon Loader

2010-01-16 08:02 . 2009-08-31 03:42 -------- d-----w- c:\program files\Total Video Converter

2010-01-16 08:01 . 2009-02-26 23:13 -------- d-----w- c:\program files\uTorrent

2010-01-16 07:58 . 2009-02-24 23:49 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\Audacity

2010-01-08 11:34 . 2009-02-25 00:45 -------- d-----w- c:\program files\Yahoo!

2010-01-08 07:00 . 2009-02-24 04:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-08 06:59 . 2009-10-15 02:56 -------- d-----w- c:\program files\Cheat Engine

2010-01-07 22:07 . 2009-10-08 06:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 22:07 . 2009-10-08 06:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-29 02:23 . 2009-02-25 00:45 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\Yahoo!

2009-12-29 02:22 . 2009-02-25 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2009-12-17 01:22 . 2009-08-25 20:30 -------- d-----w- c:\program files\Common Files\Adobe

2009-12-04 03:22 . 2009-12-04 03:22 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\Windows Search

2009-12-02 03:13 . 2009-02-24 05:01 -------- d-----w- c:\program files\Java

2009-12-02 03:11 . 2009-12-02 03:11 152576 ----a-w- c:\documents and settings\Crazypete3\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-02 03:11 . 2009-12-02 03:11 79488 ----a-w- c:\documents and settings\Crazypete3\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-12-02 02:59 . 2009-12-02 02:46 -------- d-----w- c:\program files\Windows Desktop Search

2009-12-02 02:46 . 2009-12-02 02:46 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\Windows Desktop Search

2009-12-02 02:40 . 2009-11-03 23:25 -------- d-----w- c:\program files\Uniblue

2009-12-01 04:56 . 2009-12-01 04:56 -------- d-----w- c:\program files\Microsoft

2009-12-01 04:56 . 2009-12-01 04:55 -------- d-----w- c:\program files\Windows Live

2009-12-01 04:56 . 2009-12-01 04:56 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-12-01 04:52 . 2009-12-01 04:52 -------- d-----w- c:\program files\Common Files\Windows Live

2009-12-01 04:47 . 2009-10-09 09:24 -------- d-----w- c:\program files\AlienGUIse

2009-12-01 04:44 . 2009-10-09 08:50 -------- d-----w- c:\program files\ydt

2009-12-01 04:43 . 2009-11-01 05:45 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-11-26 08:06 . 2009-08-31 03:23 -------- d-----w- c:\program files\Replay Media Catcher

2009-11-26 07:44 . 2009-08-31 03:25 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll

2009-11-26 07:44 . 2009-08-31 03:25 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe

2009-11-26 07:44 . 2009-09-19 03:09 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL

2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-21 08:46 . 2009-11-21 08:46 86016 ----a-w- c:\windows\system32\frapsvid.dll

2009-11-10 05:37 . 2009-07-29 03:21 224056 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-11-01 05:46 . 2009-11-01 05:46 117760 ----a-w- c:\documents and settings\Crazypete3\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-10-29 07:45 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-09-13 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk

backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk

backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Crazypete3^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]

path=c:\documents and settings\Crazypete3\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Crazypete3^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\documents and settings\Crazypete3\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]

2009-04-30 20:39 5472016 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2009-05-08 16:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-11-10 21:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]

2007-09-26 23:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58196:TCP"= 58196:TCP:Pando Media Booster

"58196:UDP"= 58196:UDP:Pando Media Booster

"58972:TCP"= 58972:TCP:Pando Media Booster

"58972:UDP"= 58972:UDP:Pando Media Booster

"58383:TCP"= 58383:TCP:Pando Media Booster

"58383:UDP"= 58383:UDP:Pando Media Booster

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/23/2009 9:07 PM 210216]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/12/2009 11:18 AM 717296]

S0 st3shark;st3shark;c:\windows\system32\DRIVERS\st3shark.sys --> c:\windows\system32\DRIVERS\st3shark.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com/?o=20011&l=dis

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: &Search

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

FF - ProfilePath - c:\documents and settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Ask

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - prefs.js: network.proxy.http - 131.179.50.70

FF - prefs.js: network.proxy.http_port - 3124

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

MSConfigStartUp-DAEMON Tools-1033 - c:\program files\D-Tools\daemon.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-17 21:32

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-879983540-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-01-17 21:34:00

ComboFix-quarantined-files.txt 2010-01-18 03:33

Pre-Run: 208,479,449,088 bytes free

Post-Run: 208,474,468,352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F104E2559DE8642C2A60AF77DBF240E5

Link to post
Share on other sites

Ah yes i see what you mean

There wasn't a Daemon Tools in my add/remove program list on the control panel or in my cc cleaner, so i looked in my all programs form the start and i noticed it earlier so i just now uninstalled it

if u want me to run another combofix scan then just say the word cause daemon tools is gone now

Link to post
Share on other sites

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    KasReport.png

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.