Remove-Malware.com Forums

[aznboi2o9]

My Laptop has been infected recently and I cannot do anything about it. It will load up normally but when I go to search stuff on the internet. It will always redirect me. No matter what it is. I've scanned my laptop with Avira Antivir Free. It didn't catch anything. Now my avira guard is on stopped instead of active. I cannot run Malwarebytes or SuperAntiSpyware because it won't let me. I will double click it but nothing happens and it doesn't pop up. I cannot go into safe mode because it will automatically shut down by itself within a few seconds. I have an avira rescue disc but when I actually go to it, my laptop will shut down automatically by itself within a few seconds. I wanted to reformat my computer but again, when I am trying to reformat it, the stupid laptop just shuts down by itself. Whenever I'm in normal mode of the laptop, it does not shut down by itself. So, I really do not know what is the problem. Here's a hijack log. :<


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:25 PM, on 9/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\WLTRYSVC.EXE
C:\windows\System32\bcmwltry.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Documents and Settings\Home\My Documents\Downloads\launch.exe
C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\49wa8p.exe
C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\uwfglXP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\windows\System32\WLTRYSVC.EXE

--
End of file - 7418 bytes

[Snowhomish]

Hmm...have you attempted to boot in safe mode? Whatever it is you have sounds quite titanic so my guess is that safe mode was removed/disabled, but still try it out! Also, when you run Malwarebytes' or SAS make sure you rename the files to something random but keep the ".exe" at the end. So change "mbam.exe" to "jsdhfgk.exe" and then see if it will run.

However I'm clueless as to why your computer restarts during a boot from a CD. Someone else needs to take a look at this.

[Nyy8]

I can help you with HJT,
I see alot of odd processes running, Now matt said this did not heppend yet, But I think malware is hiding in your CD.

Where did you create the CD from? (infected PC,Spare PC, ect.)
How old is your hard drive?
Could it be overheating?
Also, I would to that point call someone like Matt, or Take my hard drive out and kick it, and put in a new one. I think you might be having hard drive failure.

[aznboi2o9]

Hmm...have you attempted to boot in safe mode? Whatever it is you have sounds quite titanic so my guess is that safe mode was removed/disabled, but still try it out! Also, when you run Malwarebytes' or SAS make sure you rename the files to something random but keep the ".exe" at the end. So change "mbam.exe" to "jsdhfgk.exe" and then see if it will run.

However I'm clueless as to why your computer restarts during a boot from a CD. Someone else needs to take a look at this.

I have tried to boot in safe mode, and it does the same thing over and over. I changed the names to your suggestions, and still no luck.

I can help you with HJT,
I see alot of odd processes running, Now matt said this did not heppend yet, But I think malware is hiding in your CD.

Where did you create the CD from? (infected PC,Spare PC, ect.)
How old is your hard drive?
Could it be overheating?
Also, I would to that point call someone like Matt, or Take my hard drive out and kick it, and put in a new one. I think you might be having hard drive failure.

I know this CD isn't infected because I've reformatted several times on my desktop. How do I find out how old my hard drive is? I don't know if it is overheating and how can I find out?

[123zap]

It sounds like a rootkit.

Please download ComboFix from
http://www.forospyware.com/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   • Tools->Options->Main tab
   • Set to "Always ask me where to Save the files".
2. During the download, rename Combofix to combo-fix as follows:
   
   
   
   
   
   
3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   -----------------------------------------------------------
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
     -----------------------------------------------------------
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   -----------------------------------------------------------
7. Double click on combo-Fix.exe & follow the prompts.
8. When finished, it will produce a report for you.
9. Please post the "C:\Combo-Fix.txt" along with a new OTL log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[aznboi2o9]

After I saved it on my desktop as Combo-fix, I click on it and this pops up.

[123zap]

Okay, you have a very powerful rootkit or virut. Please try this. If this doesn't work I want you to use the Dr. Web live CD.

Download Dr.Web CureIt to the desktop.

• Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, chose the Complete Scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look and see if you can click the following icon next to the files found:
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

[aznboi2o9]

Here is the log from dr. web cureit

c.bat;C:\32788R22FWJFW;Probably BATCH.Virus;Incurable.Moved.;

P.S.
After I removed the virus that Dr. Web Cureit found, the redirecting has disappeared. I searched for many things and it goes directly to the site. Although, I re-downloaded Malwarebytes just to see if I can access it, but it seems I can not open it. I've double clicked it and the program won't pop up.

Here is the OTL log.
OTL logfile created on: 9/10/2009 7:42:44 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Home\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.98 Mb Total Physical Memory | 456.52 Mb Available Physical Memory | 51.07% Memory free
2.12 Gb Paging File | 1.71 Gb Available in Paging File | 80.92% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 22.01 Gb Free Space | 39.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL-B3446AB14D
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2006/10/11 22:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\windows\System32\Ati2evxx.exe
PRC - [2009/09/09 22:56:20 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2007/09/11 12:26:10 | 00,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/10/11 22:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\windows\System32\Ati2evxx.exe
PRC - [2007/03/16 19:10:46 | 00,020,480 | ---- | M] () -- C:\windows\System32\WLTRYSVC.EXE
PRC - [2007/03/16 19:10:42 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\windows\System32\bcmwltry.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/07/26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2005/03/14 13:05:02 | 00,069,632 | ---- | M] (HP) -- C:\windows\System32\HPZipm12.exe
PRC - [2007/10/09 19:56:30 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\windows\Explorer.EXE
PRC - [2004/08/04 03:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2006/03/08 13:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/05/14 15:23:32 | 01,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/10/09 19:56:24 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/09 22:56:19 | 01,796,368 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2006/09/11 05:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/08/04 03:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wbem\wmiprvse.exe
PRC - [2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2009/08/19 00:45:02 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/10 19:42:31 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (AntipPro2009_12 [Disabled | Stopped])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/10/11 22:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\windows\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2007/09/11 12:26:10 | 00,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/09/09 22:56:20 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2007/03/19 13:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/10/22 16:06:36 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2004/08/04 03:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
SRV - [2008/07/26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2006/10/27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2004/08/04 03:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ipxsap.dll -- (NwSapAgent [Auto | Running])
SRV - [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/03/14 13:05:02 | 00,069,632 | ---- | M] (HP) -- C:\windows\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/06/05 13:20:32 | 00,177,704 | ---- | M] () -- C:\windows\System32\PSIService.exe -- (ProtexisLicensing [Disabled | Stopped])
SRV - File not found -- -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2007/12/10 14:59:04 | 00,353,280 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2007/10/09 19:56:30 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2007/03/16 19:10:46 | 00,020,480 | ---- | M] () -- C:\windows\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/07/01 23:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\windows\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2005/08/12 18:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\windows\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2006/10/11 22:43:56 | 01,777,152 | ---- | M] (ATI Technologies Inc.) -- C:\windows\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2006/09/13 19:41:46 | 00,003,456 | ---- | M] (ATI Technologies Inc.) -- C:\windows\system32\DRIVERS\atiide.sys -- (atiide [Boot | Running])
DRV - [2007/03/16 19:10:46 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/11/21 05:25:44 | 00,045,568 | R--- | M] (Broadcom Corporation) -- C:\windows\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2008/07/06 21:29:38 | 00,539,432 | ---- | M] (Broadcom Corporation.) -- C:\windows\System32\drivers\btaudio.sys -- (btaudio [On_Demand | Stopped])
DRV - [2008/07/06 21:29:38 | 00,037,424 | ---- | M] (Broadcom Corporation.) -- C:\windows\System32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Running])
DRV - [2008/07/06 21:29:38 | 00,879,496 | ---- | M] (Broadcom Corporation.) -- C:\windows\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2008/07/06 21:29:38 | 00,156,392 | ---- | M] (Broadcom Corporation.) -- C:\windows\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
DRV - [2008/07/06 21:29:38 | 00,055,352 | ---- | M] (Broadcom Corporation.) -- C:\windows\System32\DRIVERS\btwhid.sys -- (btwhid [On_Demand | Stopped])
DRV - [2008/07/06 21:29:38 | 00,037,280 | ---- | M] (Broadcom Corporation.) -- C:\windows\System32\DRIVERS\btwmodem.sys -- (btwmodem [On_Demand | Stopped])
DRV - [2008/07/06 21:29:38 | 00,074,656 | ---- | M] (Broadcom Corporation.) -- C:\windows\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2004/12/13 14:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\windows\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2009/09/09 22:56:21 | 00,132,168 | ---- | M] (COMODO) -- C:\windows\System32\DRIVERS\cmdguard.sys -- (cmdGuard [System | Running])
DRV - [2009/09/09 22:56:21 | 00,025,160 | ---- | M] (COMODO) -- C:\windows\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [System | Running])
DRV - [2006/10/05 18:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 13:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\windows\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/01/07 18:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\windows\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/01/31 17:48:56 | 00,049,664 | ---- | M] (HP) -- C:\windows\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006/01/31 17:48:57 | 00,016,496 | ---- | M] (HP) -- C:\windows\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2006/01/31 17:48:53 | 00,021,568 | ---- | M] (HP) -- C:\windows\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/12/01 02:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\windows\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2005/12/01 02:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\windows\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2009/09/09 22:56:21 | 00,087,104 | ---- | M] (COMODO) -- C:\windows\System32\DRIVERS\inspect.sys -- (Inspect [Boot | Running])
DRV - [2008/07/26 08:25:02 | 00,025,624 | ---- | M] () -- C:\windows\System32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2005/10/05 00:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/08/15 07:27:18 | 00,009,600 | ---- | M] () -- C:\windows\System32\Drivers\n558.sys -- (n558 [On_Demand | Stopped])
DRV - [2006/03/27 16:02:06 | 00,074,752 | ---- | M] (Novatel Wireless Inc) -- C:\windows\System32\DRIVERS\NWADIenum.sys -- (NWADI [On_Demand | Running])
DRV - [2004/08/04 03:00:00 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
DRV - [2004/08/04 03:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
DRV - [2004/08/04 03:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
DRV - [2006/04/10 10:46:36 | 00,018,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\windows\System32\Drivers\PCASp50.sys -- (PCASp50 [On_Demand | Stopped])
DRV - [2008/01/18 14:14:53 | 00,035,936 | ---- | M] (VSO Software) -- C:\windows\System32\Drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])
DRV - [2003/09/19 15:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\windows\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\windows\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/05/01 04:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\windows\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/11/15 01:16:24 | 00,032,256 | ---- | M] (REDC) -- C:\windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2007/01/18 11:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\windows\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
DRV - [2004/08/04 03:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\windows\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/10/18 12:10:31 | 00,717,296 | ---- | M] () -- C:\windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/01/26 14:21:04 | 00,034,686 | ---- | M] (Service & Quality Technology.) -- C:\windows\System32\Drivers\Capt905c.sys -- (SQTECH905C [On_Demand | Stopped])
DRV - [2007/05/10 11:24:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\windows\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Stopped])
DRV - [2006/03/08 13:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/12/01 02:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\windows\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn, = http://search.nation.com/nation_wallpap ... t=web&qkw=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,: = %3A
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\nn,= = %3D
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/09 17:02:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/27 02:51:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/19 00:45:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/19 00:45:13 | 00,000,000 | ---D | M]

[2008/07/20 19:20:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Extensions
[2008/07/20 19:20:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/09 23:18:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Firefox\Profiles\9rjibm24.default\extensions
[2009/07/13 22:51:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Firefox\Profiles\9rjibm24.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2008/09/09 02:36:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Firefox\Profiles\9rjibm24.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/07/13 22:51:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Firefox\Profiles\9rjibm24.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/13 22:51:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Firefox\Profiles\9rjibm24.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/10/15 02:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\mozilla\Firefox\Profiles\9rjibm24.default\extensions\OberonGameHost@OberonGames.com
[2008/07/17 22:53:44 | 00,001,010 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Mozilla\FireFox\Profiles\9rjibm24.default\searchplugins\aimsearch.gif
[2008/07/17 22:53:44 | 00,000,301 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Mozilla\FireFox\Profiles\9rjibm24.default\searchplugins\aimsearch.src
[2008/05/14 14:05:41 | 00,001,901 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Mozilla\FireFox\Profiles\9rjibm24.default\searchplugins\aimsearch.xml
[2009/09/09 23:18:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 13:37:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/27 02:51:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/27 21:34:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/05/09 17:35:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/14 12:43:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2008/09/09 05:57:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\sotfone-tracker@sotfone.ru
[2009/08/19 00:44:59 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/19 00:44:59 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 14:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008/01/03 18:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 11:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/12/10 17:33:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/19 00:45:05 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/04/29 16:01:02 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2004/12/14 02:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/12/09 17:01:58 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/06/13 10:18:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/13 10:18:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/13 10:18:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/13 10:18:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/13 10:18:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/13 10:18:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/13 10:18:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/12/09 17:02:19 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/12/09 17:01:43 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2006/01/18 12:50:00 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2009/05/01 14:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/19 00:45:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/19 00:45:07 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/19 00:45:07 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/19 00:45:07 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/19 00:45:07 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/19 00:45:07 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/19 00:45:07 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (789 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0122CC7-9671-4BD2-AC81-AEAE8001E2F2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F6B40D73-1671-4A2F-BD6F-B1DD69E0F9A0} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\windows\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZI ... b56649.cab (MSN Games - Installer)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zone.msn.com/binary/Chess.cab57176.cab (ZoneChess Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\Ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b8df7904-97d2-11dd-8875-001a925e497b}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{b8df7904-97d2-11dd-8875-001a925e497b}\Shell\open\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (/p) - File not found
O34 - HKLM BootExecute: (\??\C:) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe) - C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe File not found
O34 - HKLM BootExecute: ("\??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat) - C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[2009/09/10 19:17:08 | 00,000,063 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\DrWeb.csv
[2009/09/10 16:40:09 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/09/10 16:34:41 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2009/09/10 16:33:29 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmd.execf
[2009/09/09 22:59:53 | 00,000,272 | ---- | C] () -- C:\windows\System32\drivers\sfi.dat
[2009/09/09 22:58:05 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/09/09 22:56:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2009/09/09 22:56:25 | 00,179,792 | ---- | C] (COMODO) -- C:\windows\System32\guard32.dll
[2009/09/09 22:56:25 | 00,132,168 | ---- | C] (COMODO) -- C:\windows\System32\drivers\cmdguard.sys
[2009/09/09 22:56:25 | 00,087,104 | ---- | C] (COMODO) -- C:\windows\System32\drivers\inspect.sys
[2009/09/09 22:56:25 | 00,025,160 | ---- | C] (COMODO) -- C:\windows\System32\drivers\cmdhlp.sys
[2009/09/09 22:56:22 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/09/08 16:33:09 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/09/07 22:37:58 | 00,019,654 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\onaxifute.dat
[2009/09/07 22:37:58 | 00,019,471 | ---- | C] () -- C:\Program Files\Common Files\yhuxakaz.inf
[2009/09/07 22:37:58 | 00,018,558 | ---- | C] () -- C:\windows\System32\tobycaqope.dll
[2009/09/07 22:37:58 | 00,017,961 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\xyzyxodoxa.com
[2009/09/07 22:37:58 | 00,017,649 | ---- | C] () -- C:\Program Files\Common Files\uledakam.vbs
[2009/09/07 22:37:58 | 00,017,355 | ---- | C] () -- C:\windows\System32\ekobeg.bin
[2009/09/07 22:37:58 | 00,017,323 | ---- | C] () -- C:\Program Files\Common Files\polokame.scr
[2009/09/07 22:37:58 | 00,017,142 | ---- | C] () -- C:\windows\naxopi.reg
[2009/09/07 22:37:58 | 00,016,690 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\ofet.lib
[2009/09/07 22:37:58 | 00,015,418 | ---- | C] () -- C:\windows\dylico.lib
[2009/09/07 22:37:58 | 00,015,261 | ---- | C] () -- C:\Program Files\Common Files\ulocozy.inf
[2009/09/07 22:37:58 | 00,013,459 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\nafud.bin
[2009/09/07 22:37:58 | 00,012,226 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\qusanaqyw.inf
[2009/09/07 22:37:58 | 00,011,657 | ---- | C] () -- C:\windows\System32\jivef.bat
[2009/09/07 22:37:58 | 00,011,636 | ---- | C] () -- C:\windows\wynupe.exe
[2009/09/07 22:37:58 | 00,011,131 | ---- | C] () -- C:\windows\edupix.reg
[2009/09/07 22:37:58 | 00,010,937 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\adeketov._sy
[2009/09/07 22:37:58 | 00,010,837 | ---- | C] () -- C:\windows\wosabu.db
[2009/09/07 22:36:59 | 00,228,352 | ---- | C] (Legal Corporation) -- C:\windows\System32\_scui.cpl
[2009/09/06 23:23:59 | 00,182,384 | ---- | C] (Legal Corporation) -- C:\windows\System32\wisdstr.exe
[2009/08/14 03:30:37 | 00,018,985 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\ibyqofosik.bin
[2009/08/14 03:30:37 | 00,018,454 | ---- | C] () -- C:\windows\dubezu.ban
[2009/08/14 03:30:37 | 00,018,307 | ---- | C] () -- C:\Program Files\Common Files\tetaqis.bin
[2009/08/14 03:30:37 | 00,017,871 | ---- | C] () -- C:\Program Files\Common Files\mysozimeje.scr
[2009/08/14 03:30:37 | 00,017,851 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\uhyke.com
[2009/08/14 03:30:37 | 00,017,182 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\osysi.vbs
[2009/08/14 03:30:37 | 00,016,852 | ---- | C] () -- C:\Program Files\Common Files\zigon.bin
[2009/08/14 03:30:37 | 00,016,469 | ---- | C] () -- C:\windows\cowolocyh.reg
[2009/08/14 03:30:37 | 00,016,385 | ---- | C] () -- C:\windows\qyhawuwy.bin
[2009/08/14 03:30:37 | 00,015,962 | ---- | C] () -- C:\windows\oturi.pif
[2009/08/14 03:30:37 | 00,015,827 | ---- | C] () -- C:\windows\System32\tojel.bin
[2009/08/14 03:30:37 | 00,015,577 | ---- | C] () -- C:\windows\System32\ovuvahor.scr
[2009/08/14 03:30:37 | 00,014,399 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\ubobima._dl
[2009/08/14 03:30:37 | 00,014,204 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\irojowiqu.inf
[2009/08/14 03:30:37 | 00,013,443 | ---- | C] () -- C:\windows\System32\pezy.pif
[2009/08/14 03:30:37 | 00,013,269 | ---- | C] () -- C:\windows\ibiv.ban
[2009/08/14 03:30:37 | 00,013,176 | ---- | C] () -- C:\windows\cegosoty.pif
[2009/08/14 03:30:37 | 00,012,925 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\jelic.pif
[2009/08/14 03:30:37 | 00,012,132 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\lyha.lib
[2009/08/14 03:30:37 | 00,010,068 | ---- | C] () -- C:\windows\System32\oveh.scr
[2009/08/14 03:30:16 | 00,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2009/08/14 01:36:42 | 00,000,177 | ---- | C] () -- C:\windows\xdv34567.bat
[2009/08/14 01:33:20 | 00,019,920 | ---- | C] () -- C:\windows\ysitu.inf
[2009/08/14 01:33:20 | 00,018,283 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\dynotajyb.scr
[2009/08/14 01:33:20 | 00,017,661 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\vowytux.bat
[2009/08/14 01:33:20 | 00,016,015 | ---- | C] () -- C:\Program Files\Common Files\ekusebuxi.com
[2009/08/14 01:33:20 | 00,015,907 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\laciki.dl
[2009/08/14 01:33:20 | 00,015,641 | ---- | C] () -- C:\Program Files\Common Files\pynynyha.vbs
[2009/08/14 01:33:20 | 00,015,632 | ---- | C] () -- C:\windows\otofomot.inf
[2009/08/14 01:33:20 | 00,015,631 | ---- | C] () -- C:\windows\qezy.dl
[2009/08/14 01:33:20 | 00,015,533 | ---- | C] () -- C:\windows\System32\fucaxudyke.lib
[2009/08/14 01:33:20 | 00,015,261 | ---- | C] () -- C:\Program Files\Common Files\posa.pif
[2009/08/14 01:33:20 | 00,015,113 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\vewojohihu.inf
[2009/08/14 01:33:20 | 00,014,967 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\obyk._sy
[2009/08/14 01:33:20 | 00,014,527 | ---- | C] () -- C:\Program Files\Common Files\otyxexe.exe
[2009/08/14 01:33:20 | 00,013,899 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jysogon.vbs
[2009/08/14 01:33:20 | 00,013,798 | ---- | C] () -- C:\windows\depuraje.db
[2009/08/14 01:33:20 | 00,013,720 | ---- | C] () -- C:\windows\ozylub.db
[2009/08/14 01:33:20 | 00,012,464 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ycuj._sy
[2009/08/14 01:33:20 | 00,011,617 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\owymi.ban
[2009/08/14 01:33:20 | 00,011,565 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\osopericyl.dll
[2009/08/14 01:33:20 | 00,011,010 | ---- | C] () -- C:\windows\ipubofanem.dl
[2009/08/14 01:32:09 | 00,000,000 | ---D | C] -- C:\Program Files\PC_Antispyware2010
[2009/08/14 01:21:27 | 00,000,002 | ---- | C] () -- C:\windows\0101120101464949.fx
[2009/08/14 01:21:23 | 00,000,002 | ---- | C] () -- C:\windows\010112010146120114.fx
[2009/08/14 01:21:04 | 00,000,247 | ---- | C] () -- C:\windows\prxid93ps.dat
[2009/08/13 15:10:51 | 00,000,274 | -H-- | C] () -- C:\windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/08/13 03:13:11 | 00,069,632 | ---- | C] () -- C:\windows\System32\drivers\uowqitnxrxvkosty.sys
[2009/08/11 22:57:06 | 00,000,238 | -H-- | C] () -- C:\windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/07/09 00:17:38 | 00,001,419 | ---- | C] () -- C:\windows\wininit.ini
[2008/12/11 18:06:56 | 00,000,754 | ---- | C] () -- C:\windows\WORDPAD.INI
[2008/12/08 17:40:29 | 00,000,072 | ---- | C] () -- C:\windows\MediaManager.INI
[2008/12/07 23:45:12 | 02,463,976 | ---- | C] () -- C:\windows\System32\NPSWF32.dll
[2008/11/17 17:29:47 | 00,000,375 | ---- | C] () -- C:\windows\ActiveSkin.ini
[2008/11/06 09:37:32 | 03,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2008/11/06 09:34:00 | 00,000,416 | ---- | C] () -- C:\windows\System32\dtu100.dll.manifest
[2008/11/06 09:34:00 | 00,000,416 | ---- | C] () -- C:\windows\System32\dpl100.dll.manifest
[2008/11/06 09:33:02 | 00,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll
[2008/10/27 18:28:32 | 00,765,952 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2008/10/27 18:28:32 | 00,383,238 | ---- | C] () -- C:\windows\System32\libmp3lame-0.dll
[2008/10/18 12:10:30 | 00,717,296 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2008/10/15 03:02:33 | 00,000,118 | ---- | C] () -- C:\windows\System32\MRT.INI
[2008/10/06 02:34:27 | 00,000,022 | ---- | C] () -- C:\windows\msnmsgr.exe.ini
[2008/07/26 08:25:02 | 00,025,624 | ---- | C] () -- C:\windows\System32\drivers\LVPr2Mon.sys
[2008/07/07 14:40:48 | 00,000,030 | ---- | C] () -- C:\windows\ARFolder.INI
[2008/04/02 16:44:24 | 00,000,168 | RHS- | C] () -- C:\windows\System32\C1C1E168FF.sys
[2008/04/02 16:38:17 | 00,005,642 | -HS- | C] () -- C:\windows\System32\KGyGaAvL.sys
[2008/03/22 10:20:55 | 00,016,582 | ---- | C] () -- C:\windows\cugyt.dll
[2008/03/21 01:55:58 | 00,017,324 | ---- | C] () -- C:\windows\dicon.sys
[2008/03/15 13:30:44 | 00,000,030 | ---- | C] () -- C:\windows\Iedit_.INI
[2008/03/09 16:03:53 | 00,011,170 | ---- | C] () -- C:\windows\System32\PA207Usd.dll
[2008/02/07 15:53:32 | 00,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2008/01/27 00:18:41 | 00,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2008/01/27 00:10:48 | 00,005,937 | ---- | C] () -- C:\windows\mgxoschk.ini
[2008/01/19 10:04:16 | 00,086,016 | ---- | C] () -- C:\windows\System32\preflib.dll
[2008/01/19 10:04:15 | 00,757,760 | ---- | C] () -- C:\windows\System32\bcm1xsup.dll
[2008/01/19 09:59:35 | 00,131,018 | ---- | C] () -- C:\windows\System32\DellPM.ini
[2008/01/19 09:52:31 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2008/01/18 14:19:53 | 00,000,192 | ---- | C] () -- C:\windows\winamp.ini
[2007/11/09 04:01:59 | 00,000,164 | ---- | C] () -- C:\windows\System32\psyswin32.dll
[2007/09/11 12:24:28 | 02,842,624 | ---- | C] () -- C:\windows\System32\btwicons.dll
[2007/09/11 12:12:28 | 00,077,824 | ---- | C] () -- C:\windows\System32\btprn2k.dll
[2007/08/15 07:27:18 | 00,009,600 | ---- | C] () -- C:\windows\System32\drivers\n558.sys
[2006/01/04 01:12:04 | 00,077,824 | ---- | C] () -- C:\windows\System32\HPZIDS01.dll
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\windows\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\windows\System32\btcss.dll.manifest
[2004/08/04 03:00:00 | 00,081,920 | ---- | C] () -- C:\windows\System32\ieencode.dll
[2004/08/04 03:00:00 | 00,000,782 | ---- | C] () -- C:\windows\win.ini
[2004/08/04 03:00:00 | 00,000,227 | ---- | C] () -- C:\windows\system.ini
[2002/03/16 17:00:00 | 00,007,420 | ---- | C] () -- C:\windows\UA000091.DLL
[2002/03/16 17:00:00 | 00,007,420 | ---- | C] () -- C:\windows\UA000059.DLL
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\windows\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[4 C:\windows\System32\*.tmp files]
[5 C:\windows\*.tmp files]
[2 C:\Documents and Settings\Home\Desktop\*.tmp files]
[2009/09/10 19:36:40 | 00,000,274 | -H-- | M] () -- C:\windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/09/10 19:36:40 | 00,000,238 | -H-- | M] () -- C:\windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/10 19:36:37 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/09/10 19:36:06 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/09/10 19:17:08 | 00,000,063 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\DrWeb.csv
[2009/09/10 16:43:51 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\cmd.execf
[2009/09/09 22:59:53 | 00,000,272 | ---- | M] () -- C:\windows\System32\drivers\sfi.dat
[2009/09/09 22:58:05 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/09/09 22:56:21 | 00,179,792 | ---- | M] (COMODO) -- C:\windows\System32\guard32.dll
[2009/09/09 22:56:21 | 00,132,168 | ---- | M] (COMODO) -- C:\windows\System32\drivers\cmdguard.sys
[2009/09/09 22:56:21 | 00,087,104 | ---- | M] (COMODO) -- C:\windows\System32\drivers\inspect.sys
[2009/09/09 22:56:21 | 00,025,160 | ---- | M] (COMODO) -- C:\windows\System32\drivers\cmdhlp.sys
[2009/09/09 22:19:46 | 00,000,789 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2009/09/09 21:51:31 | 00,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/09/07 22:48:11 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2009/09/07 22:37:58 | 00,019,654 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\onaxifute.dat
[2009/09/07 22:37:58 | 00,019,471 | ---- | M] () -- C:\Program Files\Common Files\yhuxakaz.inf
[2009/09/07 22:37:58 | 00,018,558 | ---- | M] () -- C:\windows\System32\tobycaqope.dll
[2009/09/07 22:37:58 | 00,017,961 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\xyzyxodoxa.com
[2009/09/07 22:37:58 | 00,017,649 | ---- | M] () -- C:\Program Files\Common Files\uledakam.vbs
[2009/09/07 22:37:58 | 00,017,355 | ---- | M] () -- C:\windows\System32\ekobeg.bin
[2009/09/07 22:37:58 | 00,017,323 | ---- | M] () -- C:\Program Files\Common Files\polokame.scr
[2009/09/07 22:37:58 | 00,017,142 | ---- | M] () -- C:\windows\naxopi.reg
[2009/09/07 22:37:58 | 00,016,690 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\ofet.lib
[2009/09/07 22:37:58 | 00,015,418 | ---- | M] () -- C:\windows\dylico.lib
[2009/09/07 22:37:58 | 00,015,261 | ---- | M] () -- C:\Program Files\Common Files\ulocozy.inf
[2009/09/07 22:37:58 | 00,013,459 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\nafud.bin
[2009/09/07 22:37:58 | 00,012,226 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\qusanaqyw.inf
[2009/09/07 22:37:58 | 00,011,657 | ---- | M] () -- C:\windows\System32\jivef.bat
[2009/09/07 22:37:58 | 00,011,636 | ---- | M] () -- C:\windows\wynupe.exe
[2009/09/07 22:37:58 | 00,011,131 | ---- | M] () -- C:\windows\edupix.reg
[2009/09/07 22:37:58 | 00,010,937 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\adeketov._sy
[2009/09/07 22:37:58 | 00,010,837 | ---- | M] () -- C:\windows\wosabu.db
[2009/09/07 20:21:30 | 00,228,352 | ---- | M] (Legal Corporation) -- C:\windows\System32\_scui.cpl
[2009/09/06 23:24:00 | 00,182,384 | ---- | M] (Legal Corporation) -- C:\windows\System32\wisdstr.exe
[2009/08/19 23:20:44 | 00,097,640 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/19 22:39:24 | 01,630,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2009/08/19 22:28:50 | 00,000,782 | ---- | M] () -- C:\windows\win.ini
[2009/08/19 22:28:50 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2009/08/18 22:41:36 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2009/08/14 03:30:37 | 00,018,985 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\ibyqofosik.bin
[2009/08/14 03:30:37 | 00,018,454 | ---- | M] () -- C:\windows\dubezu.ban
[2009/08/14 03:30:37 | 00,018,307 | ---- | M] () -- C:\Program Files\Common Files\tetaqis.bin
[2009/08/14 03:30:37 | 00,017,871 | ---- | M] () -- C:\Program Files\Common Files\mysozimeje.scr
[2009/08/14 03:30:37 | 00,017,851 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\uhyke.com
[2009/08/14 03:30:37 | 00,017,182 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\osysi.vbs
[2009/08/14 03:30:37 | 00,016,852 | ---- | M] () -- C:\Program Files\Common Files\zigon.bin
[2009/08/14 03:30:37 | 00,016,469 | ---- | M] () -- C:\windows\cowolocyh.reg
[2009/08/14 03:30:37 | 00,016,385 | ---- | M] () -- C:\windows\qyhawuwy.bin
[2009/08/14 03:30:37 | 00,015,962 | ---- | M] () -- C:\windows\oturi.pif
[2009/08/14 03:30:37 | 00,015,827 | ---- | M] () -- C:\windows\System32\tojel.bin
[2009/08/14 03:30:37 | 00,015,577 | ---- | M] () -- C:\windows\System32\ovuvahor.scr
[2009/08/14 03:30:37 | 00,014,399 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\ubobima._dl
[2009/08/14 03:30:37 | 00,014,204 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\irojowiqu.inf
[2009/08/14 03:30:37 | 00,013,443 | ---- | M] () -- C:\windows\System32\pezy.pif
[2009/08/14 03:30:37 | 00,013,269 | ---- | M] () -- C:\windows\ibiv.ban
[2009/08/14 03:30:37 | 00,013,176 | ---- | M] () -- C:\windows\cegosoty.pif
[2009/08/14 03:30:37 | 00,012,925 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\jelic.pif
[2009/08/14 03:30:37 | 00,012,132 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\lyha.lib
[2009/08/14 03:30:37 | 00,010,068 | ---- | M] () -- C:\windows\System32\oveh.scr
[2009/08/14 03:30:16 | 00,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2009/08/14 01:55:24 | 00,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2009/08/14 01:36:42 | 00,000,247 | ---- | M] () -- C:\windows\prxid93ps.dat
[2009/08/14 01:36:42 | 00,000,177 | ---- | M] () -- C:\windows\xdv34567.bat
[2009/08/14 01:33:20 | 00,019,920 | ---- | M] () -- C:\windows\ysitu.inf
[2009/08/14 01:33:20 | 00,018,283 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\dynotajyb.scr
[2009/08/14 01:33:20 | 00,017,661 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\vowytux.bat
[2009/08/14 01:33:20 | 00,016,015 | ---- | M] () -- C:\Program Files\Common Files\ekusebuxi.com
[2009/08/14 01:33:20 | 00,015,907 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\laciki.dl
[2009/08/14 01:33:20 | 00,015,641 | ---- | M] () -- C:\Program Files\Common Files\pynynyha.vbs
[2009/08/14 01:33:20 | 00,015,632 | ---- | M] () -- C:\windows\otofomot.inf
[2009/08/14 01:33:20 | 00,015,631 | ---- | M] () -- C:\windows\qezy.dl
[2009/08/14 01:33:20 | 00,015,533 | ---- | M] () -- C:\windows\System32\fucaxudyke.lib
[2009/08/14 01:33:20 | 00,015,261 | ---- | M] () -- C:\Program Files\Common Files\posa.pif
[2009/08/14 01:33:20 | 00,015,113 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\vewojohihu.inf
[2009/08/14 01:33:20 | 00,014,967 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\obyk._sy
[2009/08/14 01:33:20 | 00,014,527 | ---- | M] () -- C:\Program Files\Common Files\otyxexe.exe
[2009/08/14 01:33:20 | 00,013,899 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jysogon.vbs
[2009/08/14 01:33:20 | 00,013,798 | ---- | M] () -- C:\windows\depuraje.db
[2009/08/14 01:33:20 | 00,013,720 | ---- | M] () -- C:\windows\ozylub.db
[2009/08/14 01:33:20 | 00,012,464 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ycuj._sy
[2009/08/14 01:33:20 | 00,011,617 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\owymi.ban
[2009/08/14 01:33:20 | 00,011,565 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\osopericyl.dll
[2009/08/14 01:33:20 | 00,011,010 | ---- | M] () -- C:\windows\ipubofanem.dl
[2009/08/14 01:21:27 | 00,000,002 | ---- | M] () -- C:\windows\0101120101464949.fx
[2009/08/14 01:21:23 | 00,000,002 | ---- | M] () -- C:\windows\010112010146120114.fx
[2009/08/13 03:13:11 | 00,069,632 | ---- | M] () -- C:\windows\System32\drivers\uowqitnxrxvkosty.sys
[2009/08/11 20:35:40 | 00,007,522 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\pig1.gif
[2009/08/11 20:35:31 | 00,011,075 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\pig2.gif
< End of report >

[Kyle]

Previously you asked about how do you find out about your HD;
XP
Start -> Control Panel -> Performance and maintenance -> Administrative tools -> Disk management




^ What you want is to find a (Healthy) Disk.
You can also view a bit more info from "Device manager"

[123zap]

Okay, you aren't clean yet. I still suspect rootkit although I see other stuff in the OTL log.

Download GMER from http://www.gmer.net/download.php
Note the file's name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on http://www.bleepingcomputer.com/forums/topic114351.html to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.