Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 29th December 2009, 10:21 pm

I think I have removed the viruses completely, however some of my programs are still not working correctly. At startup, I get two messages. 1. rundll32.exe - bad image
The application or dll C:\Windows\System32\calc.dll is not a valid Windows image. Please check this against your installation diskette. 2. Pretty much same message but with c:\docume~\chad\ntuser.dll. Any help will be appreciated!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:47 PM, on 12/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\DOCUME~1\Chad\LOCALS~1\Temp\clclean.0001
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chad\My Documents\Downloads\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\Chad\ntuser.dll,_IWMPEvents@0
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\hf5zyqn7.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\1816064494.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: scandisk.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - [You must be registered and logged in to see this link.]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEA23725-8A48-4C87-AE14-ED70074945CE}: NameServer = 193.104.110.38,4.2.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: __c00E0CB6 - C:\WINDOWS\
O21 - SSODL: koyehanij - {f527e021-b6db-4c0e-a827-5e107bc891e5} - c:\windows\system32\ginuzefa.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {f527e021-b6db-4c0e-a827-5e107bc891e5} - c:\windows\system32\ginuzefa.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Error Reporting Service ERSvcRoxMediaDB9 (ERSvcRoxMediaDB9) - Unknown owner - C:\WINDOWS\system32\1041d.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSDV Driver (msdvdr) - Unknown owner - C:\WINDOWS\system32\msdvdr.pif (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Universal Plug and Play Device Host upnphostNetlogon (upnphostNetlogon) - Unknown owner - C:\WINDOWS\system32\adsntz.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 14013 bytes

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 29th December 2009, 10:37 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
    O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\Chad\ntuser.dll,_IWMPEvents@0
    O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\hf5zyqn7.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\1816064494.exe (User 'SYSTEM')
    O4 - Startup: scandisk.lnk = ?
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DEA23725-8A48-4C87-AE14-ED70074945CE}: NameServer = 193.104.110.38,4.2.2.1
    O20 - Winlogon Notify: __c00E0CB6 - C:\WINDOWS\
    O21 - SSODL: koyehanij - {f527e021-b6db-4c0e-a827-5e107bc891e5} - c:\windows\system32\ginuzefa.dll (file missing)
    O22 - SharedTaskScheduler: jugezatag - {f527e021-b6db-4c0e-a827-5e107bc891e5} - c:\windows\system32\ginuzefa.dll (file missing)
    O23 - Service: Error Reporting Service ERSvcRoxMediaDB9 (ERSvcRoxMediaDB9) - Unknown owner - C:\WINDOWS\system32\1041d.exe
    O23 - Service: MSDV Driver (msdvdr) - Unknown owner - C:\WINDOWS\system32\msdvdr.pif (file missing)
    O23 - Service: Universal Plug and Play Device Host upnphostNetlogon (upnphostNetlogon) - Unknown owner - C:\WINDOWS\system32\adsntz.exe (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 29th December 2009, 11:12 pm

Malwarebytes' Anti-Malware 1.42
Database version: 3453
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/29/2009 6:03:22 PM
mbam-log-2009-12-29 (18-03-22).txt

Scan type: Quick Scan
Objects scanned: 129804
Time elapsed: 8 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 19
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\curslib.dll (Spyware.Passwords) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Astrocom (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NeoChronos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msdvddrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msdvdr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Files Infected:
C:\dhkcod.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\obvrwt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\vwxy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\curslib.dll (Spyware.Passwords) -> Delete on reboot.
C:\WINDOWS\system32\wincert.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chad\Local Settings\Temporary Internet Files\Content.IE5\N6JEF6DG\Antivir-c8d_11-3[1].exe (Rogue.FakeAntivir) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chad\ntuser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\ntuser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\ntuser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\calc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msdvdr.dat (Backdoor.HacDef) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovfsthxpjyrxjbp.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovfsthxyelaqcxl.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chad\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Delete on reboot.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chad\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 29th December 2009, 11:18 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 29th December 2009, 11:35 pm

This is what I got when I tried to run Combo-Fix:

32788R22FWJFW\iexplore.exe & hidec.exe & n.pif, Windows cannot access the specified device, path, or file. you may not have appropriate permissions to access the item.

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 29th December 2009, 11:38 pm

Weird, that error points me to a certain infection, but if that infection is present here, you shouldn't be able to run MBAM at all.

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    cngaudit.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 29th December 2009, 11:58 pm

Here ya go:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 18:52 on 29/12/2009 by Chad (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\i386\scecli.dll --a--c 180224 bytes [14:06 11/01/2007] [11:00 10/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\system32\dllcache\scecli.dll --a--c 180224 bytes [11:00 10/08/2004] [11:00 10/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\system32\scecli.dll --a--- 180224 bytes [11:00 10/08/2004] [11:00 10/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A

Searching for "netlogon.dll"
C:\i386\netlogon.dll --a--c 407040 bytes [14:05 11/01/2007] [11:00 10/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\system32\dllcache\netlogon.dll --a--c 407040 bytes [11:00 10/08/2004] [11:00 10/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [11:00 10/08/2004] [11:00 10/08/2004] 96353FCECBA774BB8DA74A1C6507015A

Searching for "eventlog.dll"
C:\i386\eventlog.dll --a--c 55808 bytes [14:02 11/01/2007] [11:00 10/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\system32\dllcache\eventlog.dll --a--c 55808 bytes [11:00 10/08/2004] [11:00 10/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\system32\eventlog.dll --a--- 55808 bytes [11:00 10/08/2004] [11:00 10/08/2004] 82B24CB70E5944E6E34662205A2A5B78

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 30th December 2009, 12:00 am

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 30th December 2009, 12:10 am

DDS (Ver_09-12-01.01) - NTFSx86
Run by Chad at 19:01:32.42 on Tue 12/29/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.497 [GMT -5:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
svchost.exe "C:\WINDOWS\system32\1041d.exe"
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\Chad\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Documents and Settings\Chad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [AdobeBridge]
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [F5D9050] c:\program files\belkin\f5d9050\Belkinwcui.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: []
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - [You must be registered and logged in to see this link.]
DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - [You must be registered and logged in to see this link.]
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: c:\windows\system32\curslib.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli scecli zefiliru.dll scecli scecli scecli scecli scecli scecli
Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chad\applic~1\mozilla\firefox\profiles\0jgo1p7i.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - hȋdden: XUL Cache: {9DBFA78D-63F8-47BD-AA6A-5B6C4FABAD2F} - c:\documents and settings\chad\local settings\application data\{9DBFA78D-63F8-47BD-AA6A-5B6C4FABAD2F}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - hȋdden: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{F0E821DF-743B-4481-9496-47ECF9F51D7B}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-12-8 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-12-8 25160]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-12-8 723632]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 ERSvcRoxMediaDB9;Error Reporting Service ERSvcRoxMediaDB9;c:\windows\system32\1041d.exe srv --> c:\windows\system32\1041d.exe srv [?]
S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-4 1245064]
S2 upnphostNetlogon;Universal Plug and Play Device Host upnphostNetlogon;c:\windows\system32\adsntz.exe srv --> c:\windows\system32\adsntz.exe srv [?]
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys --> c:\windows\system32\drivers\ss.sys [?]

=============== Created Last 30 ================

2009-12-29 23:26:47 0 d-----w- C:\32788R22FWJFW.1.tmp
2009-12-29 23:25:00 0 d-----w- C:\32788R22FWJFW.0.tmp
2009-12-29 22:51:30 0 d-----w- c:\docume~1\chad\applic~1\Malwarebytes
2009-12-29 22:51:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-29 22:51:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-29 22:51:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 22:51:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-29 02:12:19 0 d-----w- c:\program files\Sun
2009-12-29 02:11:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-29 02:11:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-28 23:16:26 0 d-----w- c:\docume~1\chad\applic~1\Research In Motion
2009-12-26 22:25:34 72556 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-26 20:54:59 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2009-12-26 20:53:59 6144 -c--a-w- c:\windows\system32\dllcache\kbdax2.dll
2009-12-26 20:52:59 364544 -c--a-w- c:\windows\system32\dllcache\npdsplay.dll
2009-12-26 20:50:25 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-12-26 20:50:19 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-12-26 20:50:19 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-12-26 20:50:19 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-12-26 20:50:19 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2009-12-26 20:50:19 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-12-26 20:24:58 1086058 ----a-r- c:\windows\SET66.tmp
2009-12-26 20:24:58 106147 ----a-r- c:\windows\SET63.tmp
2009-12-26 18:30:41 34 ----a-w- c:\windows\system\oeminfo.ini
2009-12-26 18:30:23 22339 ----a-r- c:\windows\SETB4.tmp
2009-12-26 18:30:23 10559 ----a-r- c:\windows\SETB5.tmp
2009-12-26 18:30:15 13753 ----a-r- c:\windows\SET70.tmp
2009-12-26 18:30:13 1086058 ----a-r- c:\windows\SET64.tmp
2009-12-26 18:30:13 106147 ----a-r- c:\windows\SET61.tmp
2009-12-22 15:35:18 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-22 15:07:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-22 13:06:23 301206 ----a-w- c:\windows\setupapi.old
2009-12-16 08:14:58 32 --s-a-w- c:\windows\system32\512815140.dat
2009-12-09 19:46:25 251 ----a-w- c:\windows\cfplogvw.INI
2009-12-08 22:46:36 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-12-08 22:42:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo
2009-12-08 22:42:55 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-12-08 22:42:55 171552 ----a-w- c:\windows\system32\guard32.dll
2009-12-08 22:42:55 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-12-08 22:42:53 0 d-----w- c:\program files\COMODO
2009-12-08 01:55:10 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-12-08 01:55:08 40960 ----a-w- c:\windows\system32\F5D9050.dll
2009-12-08 01:55:06 0 d-----w- c:\program files\Belkin
2009-12-06 11:14:57 22339 ----a-r- c:\windows\SETB7.tmp
2009-12-06 11:14:57 10559 ----a-r- c:\windows\SETB8.tmp
2009-12-06 11:14:49 13753 ----a-r- c:\windows\SET74.tmp
2009-12-06 11:14:47 1086058 ----a-r- c:\windows\SET68.tmp
2009-12-06 11:14:47 106147 ----a-r- c:\windows\SET65.tmp
2009-12-05 19:48:05 22339 ----a-r- c:\windows\SET102.tmp
2009-12-05 19:48:05 10559 ----a-r- c:\windows\SET103.tmp
2009-12-05 19:48:00 13753 ----a-r- c:\windows\SETBF.tmp
2009-12-05 19:47:58 1086058 ----a-r- c:\windows\SETB3.tmp
2009-12-05 19:47:58 106147 ----a-r- c:\windows\SETB0.tmp
2009-12-05 14:37:49 0 d-----w- c:\windows\dell
2009-12-04 14:26:52 114 ----a-w- C:\xcrashdump.dat
2009-12-04 13:26:47 0 ----a-w- c:\windows\SC.INS
2009-12-03 23:14:43 217 ----a-w- c:\documents and settings\chad\Ahmbed.gz

==================== Find3M ====================

2009-12-26 20:47:08 34328 ----a-w- c:\windows\system32\emptyregdb.dat
2008-01-24 12:03:43 251 -c--a-w- c:\program files\wt3d.ini
2008-04-14 00:12:36 80896 --sha-r- c:\windows\system32\1041d.exe
2009-04-21 00:42:17 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042020090421\index.dat

============= FINISH: 19:04:59.12 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/26/2009 3:55:55 PM
System Uptime: 12/29/2009 6:04:36 PM (1 hours ago)

Motherboard: Dell Inc. | | 0WG855
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 228 GiB total, 200.367 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Symantec Network Security Miniport
Device ID: ROOT\SYMC_SYMIMMP\0003
Manufacturer: Symantec
Name: Symantec Network Security Miniport #4
PNP Device ID: ROOT\SYMC_SYMIMMP\0003
Service: SymIMMP

==== System Restore Points ===================

RP1: 12/26/2009 4:27:21 PM - System Checkpoint
RP2: 12/26/2009 4:52:03 PM - Unsigned driver install
RP3: 12/27/2009 6:02:28 PM - System Checkpoint
RP4: 12/28/2009 5:29:46 PM - Removed BlackBerry Desktop Software 5.0.1.
RP5: 12/28/2009 5:36:11 PM - Removed Roxio Media Manager
RP6: 12/28/2009 5:50:09 PM - Installed Windows Installer KB893803v2.
RP7: 12/28/2009 5:52:09 PM - Installed BlackBerry Desktop Software 4.7.
RP8: 12/28/2009 5:58:49 PM - Installed Roxio Media Manager
RP9: 12/28/2009 9:10:21 PM - Installed Java(TM) SE Development Kit 6 Update 17
RP10: 12/28/2009 9:11:32 PM - Installed Java(TM) 6 Update 17
RP11: 12/28/2009 9:25:08 PM - Removed Adobe Reader 8.1.7
RP12: 12/28/2009 9:39:07 PM - Installed Adobe Reader 9.2.

==== Installed Programs ======================


µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.65
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Download Manager
Adobe Drive CS4
Adobe Extendscript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
Adobe® Photoshop® Album Starter Edition 3.2
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Decoder Patch
Andrea VoiceCenter
AOL Toolbar 5.0
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 4.7
Bonjour
Choice Guard
COMODO Internet Security
Conexant D850 56K V.9x DFVc Modem
Connect
Creative Audio Pack
Creative MediaSource 5
Dell CinePlayer
Dell Driver Reset Tool
Dell Support 3.2.1
Dell System Restore
DellConnect
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
DVD43 v4.4.0
ESPNMotion
Games, Music, & Photos Launcher
GearDrvs
GemMaster Mystic
Google Desktop
Google Gmail Notifier
Google Toolbar for Internet Explorer
HandBrake 0.9.3
HijackThis 2.0.2
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™ Software
Internet Service Offers Launcher
IrfanView (remove only)
iTunes
Java DB 10.4.2.1
Java(TM) 6 Update 17
Java(TM) SE Development Kit 6 Update 17
kuler
Learn2 Player (Uninstall Only)
LG USB Drivers
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.5.6)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MySpaceIM
NetWaiting
NVIDIA Drivers
Otto
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
QuickTime
RealPlayer Basic
Roxio DLA
Roxio Media Manager
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Segoe UI
Sonic Encoders
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Suite Shared Configuration CS4
Uninstall 1.0.0.1
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
VZAccess Manager for RIM
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Xvid 1.1.3 final uninstall
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

12/28/2009 7:23:07 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
12/28/2009 5:40:34 PM, error: Service Control Manager [7000] - The Symantec Core LC service failed to start due to the following error: Access is denied.
12/28/2009 11:06:59 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/26/2009 4:57:49 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
12/26/2009 4:26:12 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
12/26/2009 4:26:12 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
12/26/2009 2:16:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
12/26/2009 2:16:14 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/26/2009 2:16:14 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
12/26/2009 2:02:39 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
12/26/2009 2:02:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
12/26/2009 2:02:35 PM, error: Service Control Manager [7023] - The Intel(R) Quick Resume technology service terminated with the following error: The system cannot find the file specified.
12/26/2009 2:02:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service to connect.
12/26/2009 2:02:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
12/26/2009 2:02:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveShare P2P Server 9 service to connect.
12/26/2009 2:02:35 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
12/26/2009 1:43:43 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
12/26/2009 1:43:43 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
12/26/2009 1:39:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
12/26/2009 1:29:40 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
12/26/2009 1:20:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/26/2009 1:17:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/22/2009 9:55:20 AM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
12/22/2009 10:11:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/22/2009 10:10:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/22/2009 10:08:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ehSched with arguments "-Service" in order to run the server: {33D8C85A-B8C1-4828-B51A-4F3349AD5F9E}
12/22/2009 10:08:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/22/2009 10:08:04 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ehSched with arguments "-Service" in order to run the server: {AFD8EA5A-2B6E-4504-B681-C6E8BAD64BB6}

==== End Of File ===========================

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 30th December 2009, 12:13 am

Delete these two folders in bold:

C:\32788R22FWJFW.1.tmp
C:\32788R22FWJFW.0.tmp

Then try run Combofix again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 30th December 2009, 12:59 am

C:\32788R22FWJFW.1.tmp - Error deleting hidec.exe: Access is denied. Make sure the disk is not full or write protected and they the file is not currently in use.

C:\32788R22FWJFW.0.tmp - deleted

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 30th December 2009, 1:04 am

Hello. Guess we'll need to trash this infection another way.

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
Iprip
ERSvcRoxMediaDB9
upnphostNetlogon

Files to delete:
c:\windows\system32\1041d.exe
c:\windows\system32\curslib.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.

Don't forget to post both logs.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 30th December 2009, 1:30 am

GooredFix by jpshortstuff (28.12.09.1)
Log created at 20:07 on 29/12/2009 (Chad)
Firefox version 3.5.6 (en-US)

========== GooredScan ==========

Deleting "C:\Program Files\Mozilla Firefox\extensions\{F0E821DF-743B-4481-9496-47ECF9F51D7B}" -> Success!
(nȯne)
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{9DBFA78D-63F8-47BD-AA6A-5B6C4FABAD2F} -> Success!
Deleting C:\Documents and Settings\Chad\Local Settings\Application Data\{9DBFA78D-63F8-47BD-AA6A-5B6C4FABAD2F} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:21 26/06/2007]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [02:12 29/12/2009]

C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\0jgo1p7i.default\extensions\
(nȯne)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [02:11 29/12/2009]

-=E.O.F=-

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Tue Dec 29 20:23:07 2009

20:23:01: Error: Failed to open 'C:\zip.exe' for reading (error 5: access is denied.)


//////////////////////////////////////////

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 30th December 2009, 10:29 pm

What should I do next?

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 30th December 2009, 10:42 pm

I don't think the avenger script worked.
Try running Combofix again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 30th December 2009, 10:46 pm

same issue with combo fix as before

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 31st December 2009, 12:31 am

Please download [You must be registered and logged in to see this link.]

Place it into your C:\ drive, then drag and drop zip.exe into inherit.exe, let it run until it says OK. Then try the avenger script again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 31st December 2009, 12:45 am

when I tried to run avenger this is what I got:

Error: cannot open file 'c:\zip.exe' (error 5: access is denied)

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 31st December 2009, 12:47 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 31st December 2009, 1:07 am

OTL logfile created on: 12/30/2009 7:49:53 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Chad\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 614.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 200.29 Gb Free Space | 87.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHADS
Current User Name: Chad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/30 19:49:20 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chad\Desktop\OTL.exe
PRC - [2009/12/30 19:03:02 | 00,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Chad\Local Settings\Temp\clclean.0001
PRC - [2009/12/28 21:11:36 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/28 21:11:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/08 17:42:52 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/24 08:14:38 | 00,079,136 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2008/10/24 08:14:36 | 00,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/09/19 15:06:42 | 00,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2007/09/01 10:27:35 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2007/01/04 16:46:23 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/07/24 18:20:00 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 08:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 08:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/10/31 11:51:52 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/10/05 04:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 06:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/15 16:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2004/08/10 06:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/10 06:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [1999/12/12 18:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/30 19:49:20 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chad\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/12/28 21:11:36 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/08 17:42:52 | 00,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 15:29:06 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/09/04 17:25:58 | 01,245,064 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/08/26 12:23:24 | 00,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2008/08/26 12:23:20 | 00,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2008/08/26 12:23:02 | 01,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/08/24 08:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/08/24 05:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/05/24 10:19:02 | 00,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/01/04 16:53:06 | 00,086,528 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007/01/04 16:46:23 | 00,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/07/06 08:14:30 | 00,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/06/16 16:39:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/06/01 17:25:00 | 00,180,224 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel(R)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/10 06:00:00 | 00,086,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2004/08/10 06:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [1999/12/12 18:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2009/12/08 17:42:53 | 00,133,064 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2009/12/08 17:42:53 | 00,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2009/12/08 17:42:53 | 00,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/12/07 20:55:10 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/17 17:02:27 | 00,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/01/09 16:18:02 | 00,027,136 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2008/08/14 06:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/01 10:27:42 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/03/09 01:42:36 | 00,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/01/04 16:51:14 | 00,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/24 18:20:00 | 01,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/19 16:42:16 | 00,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2006/06/16 16:39:00 | 03,581,888 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/06/05 04:39:56 | 00,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/05/11 11:30:52 | 00,247,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/05/09 16:36:44 | 00,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/09 16:36:42 | 00,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/09 16:36:22 | 00,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/09 16:36:20 | 00,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/09 16:36:18 | 00,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/04 08:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/11/24 06:51:38 | 00,245,248 | RH-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/24 21:36:16 | 00,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 14:01:36 | 00,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 14:01:18 | 00,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/05/25 10:34:00 | 00,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 11:15:00 | 00,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 11:15:00 | 00,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/10/19 10:07:22 | 00,009,728 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2004/08/10 06:00:00 | 00,223,616 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2004/08/10 06:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 06:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/10 06:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/10 06:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/10 06:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/10 06:00:00 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 06:00:00 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 06:00:00 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 06:00:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/10 06:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/10 06:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 06:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 06:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/10 06:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/10 06:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/10 06:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2003/11/17 22:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 22:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 22:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 19:48:08 | 00,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/11/26 17:54:58 | 00,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.citadel.edu/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/16 03:08:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/28 21:42:06 | 00,000,000 | ---D | M]

[2008/09/14 02:29:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chad\Application Data\Mozilla\Extensions
[2009/12/28 21:54:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\0jgo1p7i.default\extensions
[2009/12/30 17:26:50 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/23 01:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/11/03 19:28:44 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008/03/24 22:21:00 | 02,889,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: (306781 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 10583 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} [You must be registered and logged in to see this link.] (Symantec Download Manager)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} [You must be registered and logged in to see this link.] (UnagiAx Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} [You must be registered and logged in to see this link.] (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\curslib.dll) - C:\WINDOWS\System32\curslib.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{5d866fc0-bc50-11dd-9468-00173f74e5db}\Shell\AutoRun\command - "" = K:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{5d866fc0-bc50-11dd-9468-00173f74e5db}\Shell\slacker\command - "" = K:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{65b81eac-be99-11de-94d2-00173f74e5db}\Shell\AutoRun\command - "" = K:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{65b81eac-be99-11de-94d2-00173f74e5db}\Shell\slacker\command - "" = K:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{826701dc-f26a-11de-951c-00173f74e5db}\Shell\AutoRun\command - "" = J:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{826701dc-f26a-11de-951c-00173f74e5db}\Shell\slacker\command - "" = J:\slacker.synclauncher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/30 19:49:19 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chad\Desktop\OTL.exe
[2009/12/30 19:05:34 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/12/30 17:44:49 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.2.tmp
[2009/12/30 17:22:45 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2009/12/29 20:07:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chad\Desktop\GooredFix Backups
[2009/12/29 20:06:39 | 00,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Chad\Desktop\GooredFix.exe
[2009/12/29 19:51:49 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2009/12/29 17:51:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chad\Application Data\Malwarebytes
[2009/12/29 17:51:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/29 17:51:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/29 17:51:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/29 17:51:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/28 21:12:19 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2009/12/28 21:11:54 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/28 21:11:54 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/28 21:11:54 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/28 21:11:53 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/28 21:11:53 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/28 18:16:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chad\Application Data\Research In Motion
[2009/12/28 04:33:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chad\Local Settings\Application Data\COMODO
[2009/12/26 16:23:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/12/26 15:55:50 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresja.dll
[2009/12/26 15:55:50 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresko.dll
[2009/12/26 15:55:50 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresfr.dll
[2009/12/26 15:55:49 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresde.dll
[2009/12/26 15:55:46 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehreschs.dll
[2009/12/26 15:55:29 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2009/12/26 15:55:24 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/12/26 15:55:24 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/12/26 15:55:24 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/12/26 15:55:23 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/12/26 15:55:22 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/12/26 15:55:22 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/12/26 15:55:21 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/12/26 15:55:21 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/12/26 15:55:19 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2009/12/26 15:55:19 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2009/12/26 15:55:19 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/12/26 15:55:18 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2009/12/26 15:55:18 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/12/26 15:55:18 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/12/26 15:55:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/12/26 15:55:18 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/12/26 15:55:17 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/12/26 15:55:17 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/12/26 15:55:14 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/12/26 15:55:13 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2009/12/26 15:55:13 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/12/26 15:55:13 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/12/26 15:55:11 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/12/26 15:55:11 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2009/12/26 15:55:11 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/12/26 15:55:10 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/12/26 15:55:10 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/12/26 15:55:10 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/12/26 15:55:09 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/12/26 15:55:09 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/12/26 15:55:09 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/12/26 15:55:06 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2009/12/26 15:55:06 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/12/26 15:55:05 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2009/12/26 15:55:05 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2009/12/26 15:55:04 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/12/26 15:55:02 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/12/26 15:55:01 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/12/26 15:55:01 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/12/26 15:55:01 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/12/26 15:55:01 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/12/26 15:55:00 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/12/26 15:55:00 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2009/12/26 15:54:59 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/12/26 15:54:59 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/12/26 15:54:59 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/12/26 15:54:59 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/12/26 15:54:59 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/12/26 15:54:59 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/12/26 15:54:59 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/12/26 15:54:59 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/12/26 15:54:58 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/12/26 15:54:58 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/12/26 15:54:58 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/12/26 15:54:58 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/12/26 15:54:58 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/12/26 15:54:53 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2009/12/26 15:54:53 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/12/26 15:54:52 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/12/26 15:54:50 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/12/26 15:54:50 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/12/26 15:54:50 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/12/26 15:54:50 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/12/26 15:54:50 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2009/12/26 15:54:48 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/12/26 15:54:48 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2009/12/26 15:54:47 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/12/26 15:54:46 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/12/26 15:54:44 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/12/26 15:54:44 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/12/26 15:54:44 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/12/26 15:54:43 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/12/26 15:54:42 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2009/12/26 15:54:40 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/12/26 15:54:40 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/12/26 15:54:40 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/12/26 15:54:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/12/26 15:54:39 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/12/26 15:54:39 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/12/26 15:54:39 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx
[2009/12/26 15:54:39 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/12/26 15:54:38 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/12/26 15:54:38 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/12/26 15:54:37 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/12/26 15:54:37 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/12/26 15:54:37 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/12/26 15:54:37 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/12/26 15:54:37 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/12/26 15:54:31 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2009/12/26 15:54:31 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/12/26 15:54:30 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2009/12/26 15:54:29 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/12/26 15:54:26 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/12/26 15:54:26 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2009/12/26 15:54:20 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/12/26 15:54:20 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/12/26 15:54:10 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/12/26 15:54:10 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/12/26 15:54:10 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2009/12/26 15:54:09 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2009/12/26 15:54:09 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2009/12/26 15:54:09 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/12/26 15:54:08 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/12/26 15:54:07 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/12/26 15:54:07 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/12/26 15:54:07 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/12/26 15:54:07 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2009/12/26 15:54:05 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/12/26 15:54:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/12/26 15:54:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/12/26 15:54:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/12/26 15:54:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/12/26 15:54:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/12/26 15:54:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/12/26 15:54:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/12/26 15:54:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 31st December 2009, 1:09 am

[2009/12/26 15:54:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/12/26 15:54:02 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/12/26 15:54:02 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/12/26 15:54:02 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/12/26 15:54:01 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009/12/26 15:54:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009/12/26 15:54:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/12/26 15:54:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/12/26 15:54:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/12/26 15:54:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/12/26 15:54:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/12/26 15:54:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/12/26 15:54:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/12/26 15:54:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/12/26 15:54:00 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009/12/26 15:54:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/12/26 15:54:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/12/26 15:54:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/12/26 15:54:00 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/12/26 15:53:59 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2009/12/26 15:53:59 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2009/12/26 15:53:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/12/26 15:53:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/12/26 15:53:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/12/26 15:53:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/12/26 15:53:59 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/12/26 15:53:59 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/12/26 15:53:58 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2009/12/26 15:53:58 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/12/26 15:53:58 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/12/26 15:53:58 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/12/26 15:53:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/12/26 15:53:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2009/12/26 15:53:55 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2009/12/26 15:53:55 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2009/12/26 15:53:55 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/12/26 15:53:54 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/12/26 15:53:54 | 00,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/12/26 15:53:54 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/12/26 15:53:54 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009/12/26 15:53:54 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/12/26 15:53:54 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/12/26 15:53:54 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/12/26 15:53:53 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/12/26 15:53:53 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/12/26 15:53:53 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/12/26 15:53:53 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009/12/26 15:53:53 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/12/26 15:53:53 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/12/26 15:53:53 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/12/26 15:53:53 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/12/26 15:53:52 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/12/26 15:53:52 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/12/26 15:53:52 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/12/26 15:53:52 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/12/26 15:53:52 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/12/26 15:53:52 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/12/26 15:53:52 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/12/26 15:53:52 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/12/26 15:53:51 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2009/12/26 15:53:51 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2009/12/26 15:53:51 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/12/26 15:53:51 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/12/26 15:53:51 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2009/12/26 15:53:51 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/12/26 15:53:51 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/12/26 15:53:50 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2009/12/26 15:53:48 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/12/26 15:53:45 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/12/26 15:53:44 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/12/26 15:53:44 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2009/12/26 15:53:44 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2009/12/26 15:53:42 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/12/26 15:53:42 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2009/12/26 15:53:41 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2009/12/26 15:53:41 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2009/12/26 15:53:41 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2009/12/26 15:53:40 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2009/12/26 15:53:40 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2009/12/26 15:53:40 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2009/12/26 15:53:40 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2009/12/26 15:53:40 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/12/26 15:53:40 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2009/12/26 15:53:40 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/12/26 15:53:40 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2009/12/26 15:53:40 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2009/12/26 15:53:39 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2009/12/26 15:53:39 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2009/12/26 15:53:39 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2009/12/26 15:53:39 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/12/26 15:53:39 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/12/26 15:53:39 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2009/12/26 15:53:39 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2009/12/26 15:53:39 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2009/12/26 15:53:39 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2009/12/26 15:53:38 | 00,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2009/12/26 15:53:38 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2009/12/26 15:53:38 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/12/26 15:53:38 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2009/12/26 15:53:38 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/12/26 15:53:37 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2009/12/26 15:53:37 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/12/26 15:53:36 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/12/26 15:53:36 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/12/26 15:53:35 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2009/12/26 15:53:35 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2009/12/26 15:53:34 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/12/26 15:53:34 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/12/26 15:53:34 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/12/26 15:53:34 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/12/26 15:53:27 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/12/26 15:53:27 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2009/12/26 15:53:26 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/12/26 15:53:25 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009/12/26 15:53:25 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/12/26 15:53:25 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/12/26 15:53:25 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/12/26 15:53:24 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2009/12/26 15:53:22 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/12/26 15:53:22 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/12/26 15:53:22 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/12/26 15:53:21 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/12/26 15:53:21 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/12/26 15:53:21 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/12/26 15:53:21 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/12/26 15:53:20 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/12/26 15:53:20 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/12/26 15:53:20 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/12/26 15:53:20 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/12/26 15:53:20 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/12/26 15:53:19 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/12/26 15:53:18 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2009/12/26 15:53:18 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/12/26 15:53:18 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/12/26 15:53:09 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/12/26 15:53:07 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/12/26 15:53:05 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2009/12/26 15:53:05 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/12/26 15:53:05 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/12/26 15:53:05 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/12/26 15:53:04 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2009/12/26 15:53:04 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/12/26 15:53:04 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2009/12/26 15:53:03 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2009/12/26 15:53:03 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2009/12/26 15:53:03 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2009/12/26 15:53:03 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2009/12/26 15:53:03 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2009/12/26 15:53:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/12/26 15:53:01 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/12/26 15:53:01 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2009/12/26 15:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/12/26 15:52:59 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2009/12/26 15:52:59 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2009/12/26 15:52:56 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2009/12/26 15:52:56 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/12/26 15:52:56 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/12/26 15:52:55 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2009/12/26 15:52:55 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2009/12/26 15:52:55 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2009/12/26 15:52:54 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/12/26 15:52:50 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2009/12/26 15:52:49 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2009/12/26 15:52:49 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/12/26 15:52:49 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2009/12/26 15:52:49 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2009/12/26 15:52:49 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/12/26 15:52:49 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2009/12/26 15:52:49 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/12/26 15:52:48 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2009/12/26 15:52:48 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2009/12/26 15:52:48 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2009/12/26 15:52:48 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/12/26 15:52:48 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/12/26 15:52:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/12/26 15:52:47 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/12/26 15:52:47 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/12/26 15:52:47 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2009/12/26 15:52:47 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/12/26 15:52:47 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2009/12/26 15:52:46 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/12/26 15:52:46 | 00,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2009/12/26 15:52:46 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/12/26 15:52:46 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/12/26 15:52:46 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/12/26 15:52:46 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/12/26 15:52:46 | 00,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2009/12/26 15:52:45 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/12/26 15:52:45 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/12/26 15:52:45 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/12/26 15:52:45 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/12/26 15:52:44 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2009/12/26 15:52:44 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2009/12/26 15:52:44 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2009/12/26 15:52:44 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2009/12/26 15:52:43 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2009/12/26 15:52:43 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/12/26 15:52:43 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2009/12/26 15:52:43 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/12/26 15:52:43 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2009/12/26 15:52:42 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/12/26 15:52:42 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2009/12/26 15:25:17 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/12/26 15:25:17 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/12/26 15:25:17 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/12/26 15:25:17 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/12/22 10:03:32 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2009/12/22 10:03:32 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2009/12/22 10:03:32 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2009/12/22 10:03:32 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2009/12/22 10:03:32 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2009/12/22 10:03:32 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2009/12/22 10:03:32 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2009/12/22 10:03:32 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2009/12/22 10:03:32 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2009/12/22 10:03:32 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2009/12/22 10:03:32 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2009/12/22 10:03:32 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2009/12/22 10:03:32 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2009/12/22 10:03:32 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2009/12/22 10:03:32 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2009/12/22 10:03:32 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2009/12/22 10:03:32 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2009/12/22 10:03:32 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2009/12/22 10:03:31 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2009/12/22 10:03:31 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2009/12/22 10:03:31 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2009/12/22 10:03:31 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2009/12/22 10:03:31 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2009/12/22 10:03:31 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2009/12/22 10:03:29 | 00,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2009/12/22 10:03:27 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/12/22 10:03:27 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/12/22 10:03:27 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/12/22 10:03:27 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/12/22 10:03:11 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2009/12/22 10:03:11 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/12/22 10:03:11 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2009/12/22 10:03:11 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/12/22 10:03:11 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntagnt.dll
[2009/12/22 10:03:11 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2009/12/22 10:03:11 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntwin.exe
[2009/12/22 10:03:11 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2009/12/22 10:03:11 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hostmib.dll
[2009/12/22 10:03:11 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2009/12/22 10:03:11 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntcmd.exe
[2009/12/22 10:03:11 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2009/12/22 10:03:11 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmpmib.dll
[2009/12/22 10:03:11 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/12/19 08:26:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2009/12/08 17:42:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2009/12/08 17:42:55 | 00,171,552 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/12/08 17:42:55 | 00,133,064 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/12/08 17:42:55 | 00,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/12/08 17:42:55 | 00,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/12/08 17:42:53 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/12/07 20:55:10 | 00,020,747 | ---- | C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys
[2009/12/07 20:55:06 | 00,000,000 | ---D | C] -- C:\Program Files\Belkin
[2009/12/05 09:37:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\dell
[2008/05/14 21:39:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/02/29 04:49:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/02/29 04:49:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/09/20 18:15:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/03/11 10:34:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/03/11 10:28:43 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[3 C:\*.tmp files -> C:\*.tmp -> ]
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/30 19:52:49 | 01,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/12/30 19:49:20 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chad\Desktop\OTL.exe
[2009/12/30 19:42:33 | 00,000,000 | ---- | M] () -- C:\zip.exe
[2009/12/30 19:40:15 | 00,085,504 | ---- | M] () -- C:\Inherit.exe
[2009/12/30 19:05:05 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/30 19:03:02 | 00,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/30 19:02:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/30 19:02:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/30 19:02:54 | 10,715,62752 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/30 19:02:07 | 09,175,040 | -H-- | M] () -- C:\Documents and Settings\Chad\NTUSER.DAT
[2009/12/30 19:02:07 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Chad\ntuser.ini
[2009/12/29 20:23:03 | 00,019,286 | ---- | M] () -- C:\cleanup.exe
[2009/12/29 20:12:02 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Chad\Desktop\avenger.zip
[2009/12/29 20:06:40 | 00,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Chad\Desktop\GooredFix.exe
[2009/12/29 19:01:11 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Chad\Desktop\dds.scr
[2009/12/29 18:51:55 | 00,102,660 | ---- | M] () -- C:\Documents and Settings\Chad\Desktop\SystemLook.exe
[2009/12/29 18:29:43 | 03,869,488 | ---- | M] () -- C:\Documents and Settings\Chad\Desktop\Combo-Fix.exe
[2009/12/29 18:13:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/29 18:05:07 | 00,000,032 | --S- | M] () -- C:\WINDOWS\System32\512815140.dat
[2009/12/29 17:51:29 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/28 21:39:39 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/12/28 21:11:36 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/28 21:11:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/28 21:11:36 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/28 21:11:36 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/28 21:11:36 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/28 19:31:14 | 04,843,890 | -H-- | M] () -- C:\Documents and Settings\Chad\Local Settings\Application Data\IconCache.db
[2009/12/28 18:07:19 | 02,206,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/28 17:52:49 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/12/28 10:54:47 | 00,000,251 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
[2009/12/26 17:25:34 | 00,072,556 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/26 17:07:40 | 00,012,800 | ---- | M] () -- C:\Documents and Settings\Chad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/26 16:39:54 | 00,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/26 16:30:57 | 00,479,738 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/26 16:30:57 | 00,406,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/26 16:30:57 | 00,064,700 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/26 15:58:48 | 00,000,263 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/12/26 15:51:46 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/12/26 15:51:46 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/12/26 15:51:44 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/12/26 15:51:36 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/26 15:50:25 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/12/26 15:50:25 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/12/26 15:50:19 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/12/26 15:50:19 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/12/26 15:50:19 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/12/26 15:50:19 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/12/26 15:50:19 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/12/26 15:50:19 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/12/26 15:50:10 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/26 15:47:08 | 00,034,328 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/26 15:46:18 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2009/12/26 15:29:27 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2009/12/26 15:25:23 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/26 14:16:16 | 00,301,206 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/12/26 13:51:15 | 02,013,484 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/12/26 13:30:41 | 00,000,301 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/12/26 13:30:41 | 00,000,034 | ---- | M] () -- C:\WINDOWS\System\oeminfo.ini
[2009/12/22 10:35:18 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/12/22 10:07:56 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/21 15:45:57 | 00,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/12/19 09:27:27 | 00,007,262 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2009/12/19 06:49:46 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/16 14:01:37 | 00,002,536 | ---- | M] () -- C:\Documents and Settings\Chad\Desktop\JL_Cmder.lnk
[2009/12/09 17:12:31 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/08 17:44:13 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/12/08 17:42:53 | 00,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/12/08 17:42:53 | 00,133,064 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/12/08 17:42:53 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/12/08 17:42:53 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/12/07 20:55:10 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys
[2009/12/06 14:45:47 | 00,000,907 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/12/06 10:22:00 | 00,306,781 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/12/04 10:03:08 | 00,000,114 | ---- | M] () -- C:\xcrashdump.dat
[2009/12/04 08:26:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\SC.INS
[2009/12/03 18:14:43 | 00,000,217 | ---- | M] () -- C:\Documents and Settings\Chad\Ahmbed.gz
[2009/12/03 18:04:35 | 00,001,594 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091206-102200.backup
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\*.tmp files -> C:\*.tmp -> ]
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/30 19:40:14 | 00,085,504 | ---- | C] () -- C:\Inherit.exe
[2009/12/29 20:14:15 | 00,019,286 | ---- | C] () -- C:\cleanup.exe
[2009/12/29 20:14:15 | 00,000,000 | ---- | C] () -- C:\zip.exe
[2009/12/29 20:12:21 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\Chad\Desktop\avenger.exe
[2009/12/29 20:11:58 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Chad\Desktop\avenger.zip
[2009/12/29 19:01:09 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Chad\Desktop\dds.scr
[2009/12/29 18:51:55 | 00,102,660 | ---- | C] () -- C:\Documents and Settings\Chad\Desktop\SystemLook.exe
[2009/12/29 18:22:31 | 03,869,488 | ---- | C] () -- C:\Documents and Settings\Chad\Desktop\Combo-Fix.exe
[2009/12/29 17:51:29 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/28 21:39:37 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/12/28 17:52:49 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2009/12/26 17:25:34 | 00,072,556 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/26 15:55:33 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/12/26 15:54:41 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/12/26 15:54:41 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/12/26 15:54:39 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/12/26 15:54:05 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/12/26 15:54:05 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/12/26 15:53:54 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/12/26 15:53:53 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/12/26 15:53:52 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/12/26 15:53:46 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/12/26 15:53:42 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/12/26 15:53:37 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009/12/26 15:53:21 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/12/26 15:53:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/12/26 15:53:17 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/12/26 15:53:17 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/12/26 15:53:17 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/12/26 15:53:17 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/12/26 15:53:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/12/26 15:53:16 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/12/26 15:53:16 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/12/26 15:53:16 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/12/26 15:53:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/12/26 15:53:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/12/26 15:53:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/12/26 15:53:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/12/26 15:53:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/12/26 15:53:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/12/26 15:53:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/12/26 15:53:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/12/26 15:53:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/12/26 15:53:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/12/26 15:53:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/12/26 15:53:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/12/26 15:53:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/12/26 15:53:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/12/26 15:53:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/12/26 15:53:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/12/26 15:53:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/12/26 15:53:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/12/26 15:53:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/12/26 15:53:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/12/26 15:53:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/12/26 15:53:13 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/12/26 15:53:13 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/12/26 15:53:13 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/12/26 15:53:13 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/12/26 15:53:13 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/12/26 15:53:13 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/12/26 15:53:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/12/26 15:53:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/12/26 15:53:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/12/26 15:53:12 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/12/26 15:53:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/12/26 15:53:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/12/26 15:53:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/12/26 15:53:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/12/26 15:53:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/12/26 15:53:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/12/26 15:53:11 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/12/26 15:53:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/12/26 15:53:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/12/26 15:53:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/12/26 15:53:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/12/26 15:53:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/12/26 15:53:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/12/26 15:53:10 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/12/26 15:53:10 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/12/26 15:53:10 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/12/26 15:53:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/12/26 15:53:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/12/26 15:53:09 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/12/26 15:53:09 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/12/26 15:52:57 | 00,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2009/12/26 15:50:25 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/12/26 15:50:19 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/12/26 15:50:19 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/12/26 15:50:19 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/12/26 15:50:19 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/12/26 15:50:19 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/12/26 15:25:10 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/12/26 15:25:10 | 00,130,715 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/12/26 15:25:10 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/12/26 15:25:10 | 00,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2009/12/26 15:25:10 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/12/26 15:25:10 | 00,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2009/12/26 15:25:10 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/12/26 15:25:10 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/12/26 15:25:09 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/12/26 15:25:09 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/12/26 15:25:09 | 00,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/12/26 15:25:09 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/12/26 15:25:09 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/12/26 15:25:09 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/12/26 15:25:09 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/12/26 15:25:09 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/12/26 15:25:09 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/12/26 15:25:09 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/12/26 15:25:08 | 02,008,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/12/26 15:25:08 | 00,505,647 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/12/26 15:09:46 | 10,715,62752 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/26 13:30:41 | 00,000,034 | ---- | C] () -- C:\WINDOWS\System\oeminfo.ini
[2009/12/22 10:35:18 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/12/22 10:07:56 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/22 10:03:28 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/12/22 10:03:28 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/12/22 10:03:28 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/12/22 10:03:28 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/12/22 10:03:28 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/12/22 10:03:28 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/12/22 10:03:28 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/12/22 10:03:28 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/12/22 10:03:28 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/12/22 10:03:28 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/12/22 10:03:28 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/12/22 10:03:27 | 00,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2009/12/22 10:03:27 | 00,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2009/12/22 10:03:27 | 00,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2009/12/22 10:03:27 | 00,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2009/12/22 10:03:27 | 00,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2009/12/22 10:03:27 | 00,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2009/12/22 10:03:27 | 00,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2009/12/22 10:03:27 | 00,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2009/12/22 10:03:27 | 00,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2009/12/22 10:03:27 | 00,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2009/12/22 10:03:27 | 00,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2009/12/22 10:03:27 | 00,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2009/12/22 10:03:27 | 00,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2009/12/22 10:03:27 | 00,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2009/12/22 10:03:27 | 00,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2009/12/22 10:03:27 | 00,006,179 | ---- | C] () -- C:\WINDOWS\System32\[You must be registered and logged in to see this link.]
[2009/12/22 10:03:27 | 00,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2009/12/22 10:03:27 | 00,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2009/12/22 10:03:27 | 00,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2009/12/22 10:03:27 | 00,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2009/12/22 08:06:23 | 00,301,206 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2009/12/19 09:27:27 | 00,007,262 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2009/12/16 03:14:58 | 00,000,032 | --S- | C] () -- C:\WINDOWS\System32\512815140.dat
[2009/12/09 16:44:17 | 00,000,032 | --S- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\3594308363.dat
[2009/12/09 14:46:25 | 00,000,251 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/12/08 17:46:36 | 01,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/12/08 17:44:13 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/12/07 20:55:08 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\F5D9050.dll
[2009/12/04 09:26:52 | 00,000,114 | ---- | C] () -- C:\xcrashdump.dat
[2009/12/04 08:26:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SC.INS
[2009/12/03 18:14:43 | 00,000,217 | ---- | C] () -- C:\Documents and Settings\Chad\Ahmbed.gz
[2009/11/01 02:40:42 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/01/24 07:03:43 | 00,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2007/12/24 00:03:20 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/24 00:03:19 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/16 13:25:08 | 00,012,800 | ---- | C] () -- C:\Documents and Settings\Chad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/11 09:25:39 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\Chad\Application Data\dvd.bmk
[2007/01/11 02:02:29 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/10 21:53:38 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Chad\Local Settings\Application Data\fusioncache.dat
[2007/01/04 16:59:16 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/04 16:48:51 | 00,000,907 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/04 16:46:38 | 00,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2007/01/04 16:46:24 | 00,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2007/01/04 16:46:10 | 00,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2007/01/04 16:25:34 | 01,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2007/01/04 16:25:16 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/01/04 16:24:54 | 00,000,301 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 06:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 06:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/09 23:11:42 | 00,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
< End of report >

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 31st December 2009, 1:11 am

OTL Extras logfile created on: 12/30/2009 7:49:53 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Chad\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 614.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 200.29 Gb Free Space | 87.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHADS
Current User Name: Chad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9821:TCP" = 9821:TCP:*:Enabled:BitComet 9821 TCP
"9821:UDP" = 9821:UDP:*:Enabled:BitComet 9821 UDP
"13476:TCP" = 13476:TCP:*:Enabled:BitComet 13476 TCP
"13476:UDP" = 13476:UDP:*:Enabled:BitComet 13476 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"56641:TCP" = 56641:TCP:*:Enabled:Pando Media Booster
"56641:UDP" = 56641:UDP:*:Enabled:Pando Media Booster
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1169665382\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1169665382\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- File not found
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (America Online, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\DOCUME~1\Chad\LOCALS~1\Temp\CS4.exe" = C:\DOCUME~1\Chad\LOCALS~1\Temp\CS4.exe:*:Enabled:Windows Center -- File not found
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Chad\Local Settings\Temp\svcchst32.exe" = C:\Documents and Settings\Chad\Local Settings\Temp\svcchst32.exe:*:Enabled:JDrun -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Documents and Settings\Chad\Local Settings\Temp\JDstart.exe" = C:\Documents and Settings\Chad\Local Settings\Temp\JDstart.exe:*:Enabled:JDstart -- File not found
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{02807340-8FA2-44B6-ABA1-E443E4FF0A20}" = VZAccess Manager for RIM
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java(TM) SE Development Kit 6 Update 17
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Advanced Decoder Patch
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7EAB1D85-7BA3-47C1-BBF7-A0EBC241DB94}" = Intel® Viiv™ Software
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9833D727-8FF5-40AE-A193-525747555FF1}" = BlackBerry Desktop Software 4.7
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC93F461-132C-4A10-983D-7DAFE2917D67}" = Roxio Media Manager
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe Extendscript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AOL Toolbar" = AOL Toolbar 5.0
"AOL Toolbar 5.0" =
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BlackBerry_{9833D727-8FF5-40AE-A193-525747555FF1}" = BlackBerry Desktop Software 4.7
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"COMODO Internet Security" = COMODO Internet Security
"Creative Audio Pack" = Creative Audio Pack
"DVD43_is1" = DVD43 v4.4.0
"EL" = Intel(R) Quick Resume Technology Drivers
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESPNMotion" = ESPNMotion
"Google Desktop" = Google Desktop
"HandBrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 2.0.2
"IrfanView" = IrfanView (remove only)
"LG USB Drivers" = LG USB Drivers
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MySpaceIM" = MySpaceIM
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer Basic
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"SearchAssist" = SearchAssist
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2009 11:50:56 AM | Computer Name = CHADS | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 5.0.1.28, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2009 1:01:42 PM | Computer Name = CHADS | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/28/2009 5:52:33 AM | Computer Name = CHADS | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 5.0.1.28, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/28/2009 5:52:51 AM | Computer Name = CHADS | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 5.0.1.28, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/28/2009 11:35:18 PM | Computer Name = CHADS | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 4.7.0.25, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/28/2009 11:35:27 PM | Computer Name = CHADS | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 4.7.0.25, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/28/2009 11:35:32 PM | Computer Name = CHADS | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 4.7.0.25, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2009 7:19:56 PM | Computer Name = CHADS | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 4.7.0.25, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2009 7:20:25 PM | Computer Name = CHADS | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 4.7.0.25, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2009 7:20:29 PM | Computer Name = CHADS | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 4.7.0.25, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/29/2009 7:05:40 PM | Computer Name = CHADS | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 12/29/2009 7:05:41 PM | Computer Name = CHADS | Source = Service Control Manager | ID = 7023
Description = The Intel(R) Quick Resume technology service terminated with the following
error: %%2

Error - 12/29/2009 7:07:10 PM | Computer Name = CHADS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 12/29/2009 7:07:12 PM | Computer Name = CHADS | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 12/29/2009 7:07:13 PM | Computer Name = CHADS | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 12/29/2009 9:15:50 PM | Computer Name = CHADS | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 12/29/2009 9:16:47 PM | Computer Name = CHADS | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 12/29/2009 9:16:47 PM | Computer Name = CHADS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 12/29/2009 9:17:12 PM | Computer Name = CHADS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 12/29/2009 9:17:12 PM | Computer Name = CHADS | Source = Service Control Manager | ID = 7000
Description = The Symantec Core LC service failed to start due to the following
error: %%5


< End of report >

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 31st December 2009, 4:37 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\curslib.dll) - C:\WINDOWS\System32\curslib.dll File not found
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
    O33 - MountPoints2\{5d866fc0-bc50-11dd-9468-00173f74e5db}\Shell\AutoRun\command - "" = K:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{5d866fc0-bc50-11dd-9468-00173f74e5db}\Shell\slacker\command - "" = K:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{65b81eac-be99-11de-94d2-00173f74e5db}\Shell\AutoRun\command - "" = K:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{65b81eac-be99-11de-94d2-00173f74e5db}\Shell\slacker\command - "" = K:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{826701dc-f26a-11de-951c-00173f74e5db}\Shell\AutoRun\command - "" = J:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{826701dc-f26a-11de-951c-00173f74e5db}\Shell\slacker\command - "" = J:\slacker.synclauncher.exe -- File not found
    [2009/12/16 03:14:58 | 00,000,032 | --S- | C] () -- C:\WINDOWS\System32\512815140.dat
    [2009/12/09 16:44:17 | 00,000,032 | --S- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\3594308363.dat

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=-
    "AppInit_DLLs"=""


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 31st December 2009, 4:43 pm

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\curslib.dll deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d866fc0-bc50-11dd-9468-00173f74e5db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d866fc0-bc50-11dd-9468-00173f74e5db}\ not found.
File K:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d866fc0-bc50-11dd-9468-00173f74e5db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d866fc0-bc50-11dd-9468-00173f74e5db}\ not found.
File K:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65b81eac-be99-11de-94d2-00173f74e5db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65b81eac-be99-11de-94d2-00173f74e5db}\ not found.
File K:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65b81eac-be99-11de-94d2-00173f74e5db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65b81eac-be99-11de-94d2-00173f74e5db}\ not found.
File K:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{826701dc-f26a-11de-951c-00173f74e5db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{826701dc-f26a-11de-951c-00173f74e5db}\ not found.
File J:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{826701dc-f26a-11de-951c-00173f74e5db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{826701dc-f26a-11de-951c-00173f74e5db}\ not found.
File J:\slacker.synclauncher.exe not found.
C:\WINDOWS\system32\512815140.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\3594308363.dat moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!

OTL by OldTimer - Version 3.1.20.1 log created on 12312009_114229

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 31st December 2009, 4:48 pm

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

How is the machine now? anymore malware problems?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 31st December 2009, 5:21 pm

The computer seems fine but I keep getting these virus alerts from my AV.

Application.Win32.Nircmd.~@16774100
C:\32788R22FWJFW.0.tmp\NirCmd.cfxxe
C:\32788R22FWJFW.1.tmp\NirCmd.cfxxe
C:\32788R22FWJFW.2.tmp\NirCmd.cfxxe

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 31st December 2009, 5:26 pm

False positive. Smile Can you delete that nircmd.exe from each folder.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 31st December 2009, 5:32 pm

I ignored the warnings from my av and was able to delete the C:\32788R22FWJFW.0.tmp, C:\32788R22FWJFW.1.tmp, and C:\32788R22FWJFW.2.tmp folders. Do you know the reason Combo Fix never worked?

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 31st December 2009, 5:35 pm

Nope, possible some kind of confliction from Comodo.

Go to Start > Control Panel > Add/Remove Programs and remove the following program.

    Viewpoint Media Player

That should do it now. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 31st December 2009, 5:57 pm

Is there anything else I need to do? I thank you very much for your time and assistance! It is greatly appreciated!

Do you know anything about Blackberry Desktop Manager?

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 3rd January 2010, 9:59 pm

Windows Update (error number: Error number: 0x8024D007) is not working along with internet explorer ("The requested lookup key was not found in any active activation context"). MBAM keeps detecting hijack.windowsupdates.

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 3rd January 2010, 11:25 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 4th January 2010, 7:21 pm

GMER doesnt work correctly in normal or safe mode.

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 4th January 2010, 7:22 pm

Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

  • Please download RootRepeal.zip from [You must be registered and logged in to see this link.].
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 4th January 2010, 7:31 pm

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/04 14:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xEC209000 Size: 749568 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB7FDA000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0646bcc

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06461aa

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0646832

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064734c

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064608c

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064805c

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06482f4

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0645c52

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0646fb6

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0647166

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0645a84

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0647cde

#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064642e

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0646a0e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06457b4

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06466be

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064592c

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0647712

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064863a

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0647a7a

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0646db2

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0647e8c

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0647512

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06463c8

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06465b2

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0645f56

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0645e24

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a352

#: 122 Function Name: NtGdiDeleteObjectApp
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064aa76

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a486

#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a936

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a5c6

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a6fa

#: 310 Function Name: NtUserBlockInput
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a1d2

#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0649424

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0649ea2

#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a834

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0649c10

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0649d52

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06498f4

#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064915c

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06495a6

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0649752

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0649ff2

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0649ab6

#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a0e8

#: 529 Function Name: NtUserSetParent
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06492cc

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064aadc

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064ad10

==EOF==

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 6th January 2010, 8:23 am

What is my next step?

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 6th January 2010, 6:01 pm

Download Dr.Web CureIt to the desktop:
[You must be registered and logged in to see this link.]

  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, just let it cure whatever it finds...
    o Now, go to Settings >> Change Settings
    o Go to Actions tab >> under Objects section, change the settings to below
    Infected objects - Cure
    Incurable objects - Report
    Suspicious objects - Report
    o Don't change any other settings
  • Start the scan again. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 6th January 2010, 7:52 pm

Tried the express scan twice and I got this error.

69sbgXP.exe has encountered a problem and needs to close.

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 9th January 2010, 6:03 pm

Is there a way to get Dr. Web Cureit to work?

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Belahzur on 9th January 2010, 7:09 pm

Download [You must be registered and logged in to see this link.] to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras.txt. Just post OTViewIt.txt, I don't need to see Extras.txt
  • You may need to use more than one post to get it all on the forum.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 9th January 2010, 7:23 pm

The link doesn't work.

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Origin on 9th January 2010, 7:44 pm

Please do the following:

Please download [You must be registered and logged in to see this link.]

  • Next run the file; *Note: If running vista right click and select run as administrator
  • Once opened, navigate to the log tab and select all the areas including the hȋdden objects only box and click on the create log button
  • A scan will start and then a window will pop up with two options, select scan all drives
  • Once finished it will give you a location where it was saved, navigate to that place usually the desktop, and open the log, post all the contents of the log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 9th January 2010, 7:52 pm

Link doesn't work.

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Origin on 9th January 2010, 7:56 pm

Sorry see if you can download it from here:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 9th January 2010, 8:04 pm

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No hȋdden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: EB30B000
Module End: EB3C2000
hȋdden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAdjustPrivilegesToken
Address: EEB07BCC
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwConnectPort
Address: EEB071AA
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateFile
Address: EEB07832
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateKey
Address: EEB0834C
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreatePort
Address: EEB0708C
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSection
Address: EEB0905C
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSymbolicLinkObject
Address: EEB092F4
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateThread
Address: EEB06C52
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteKey
Address: EEB07FB6
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteValueKey
Address: EEB08166
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDuplicateObject
Address: EEB06A84
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwLoadDriver
Address: EEB08CDE
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwMakeTemporaryObject
Address: EEB0742E
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenFile
Address: EEB07A0E
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenProcess
Address: EEB067B4
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenSection
Address: EEB076BE
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenThread
Address: EEB0692C
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRenameKey
Address: EEB08712
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRequestWaitReplyPort
Address: EEB0963A
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSecureConnectPort
Address: EEB08A7A
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSecurityObject
Address: EEB07DB2
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSystemInformation
Address: EEB08E8C
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetValueKey
Address: EEB08512
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwShutdownSystem
Address: EEB073C8
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSystemDebugControl
Address: EEB075B2
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateProcess
Address: EEB06F56
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateThread
Address: EEB06E24
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: CHADS.BELKIN:64228
Remote Address: 192.168.2.1:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CHADS.BELKIN:2869
Remote Address: 192.168.2.1:13693
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CHADS.BELKIN:2869
Remote Address: 192.168.2.1:13692
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CHADS.BELKIN:2215
Remote Address: YX-IN-F19.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Google\Gmail Notifier\gnotify.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:2208
Remote Address: 69.46.19.152:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CHADS.BELKIN:2197
Remote Address: 209.234.250.195:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:2196
Remote Address: 209.234.250.195:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:2174
Remote Address: YX-IN-F154.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:2171
Remote Address: A96-17-60-20.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:2160
Remote Address: YX-IN-F166.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:2126
Remote Address: YX-IN-F93.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:2113
Remote Address: GY-IN-F138.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:1120
Remote Address: A209-8-118-67.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:1119
Remote Address: VIP1.ANYCAST.CACHEFLY.COM:HTTP
Type: TCP
Process: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
State: CLOSE_WAIT

Local Address: CHADS.BELKIN:1118
Remote Address: 208.116.56.171:HTTP
Type: TCP
Process: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
State: CLOSE_WAIT

Local Address: CHADS.BELKIN:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CHADS:27015
Remote Address: LOCALHOST:1040
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: CHADS:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: CHADS:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: CHADS:5152
Remote Address: LOCALHOST:2079
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: CHADS:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: CHADS:1085
Remote Address: LOCALHOST:1084
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS:1084
Remote Address: LOCALHOST:1085
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS:1082
Remote Address: LOCALHOST:1081
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS:1081
Remote Address: LOCALHOST:1082
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS:1045
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: CHADS:1040
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: CHADS:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: CHADS:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CHADS:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: CHADS:CHARGEN
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: CHADS:QOTD
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: CHADS:DAYTIME
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: CHADS:DISCARD
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: CHADS:ECHO
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: CHADS.BELKIN:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CHADS.BELKIN:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS.BELKIN:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CHADS.BELKIN:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CHADS.BELKIN:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1064
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\explorer.exe
State: NA

Local Address: CHADS:1059
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1038
Remote Address: NA
Type: UDP
Process: C:\Program Files\Google\Gmail Notifier\gnotify.exe
State: NA

Local Address: CHADS:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:57311
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CHADS:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: CHADS:3776
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\ehome\mcrdsvc.exe
State: NA

Local Address: CHADS:1102
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1101
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1100
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1099
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1095
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1094
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1093
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1037
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CHADS:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: CHADS:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CHADS:CHARGEN
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: CHADS:QOTD
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: CHADS:DAYTIME
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: CHADS:DISCARD
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: CHADS:ECHO
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

******************************************************************************************
******************************************************************************************
hȋdden files/folders:
Object: C:\Documents and Settings\Chad\Application Data\Macromedia\Flash Player\#SharedObjects\LCL42XJ4\[You must be registered and logged in to see this link.]
Status: hȋdden

Object: C:\Documents and Settings\Chad\Application Data\Macromedia\Flash Player\#SharedObjects\LCL42XJ4\[You must be registered and logged in to see this link.]
Status: hȋdden

Object: C:\Documents and Settings\Chad\Application Data\Macromedia\Flash Player\#SharedObjects\LCL42XJ4\[You must be registered and logged in to see this link.]
Status: hȋdden

Object: C:\Documents and Settings\Chad\Application Data\Macromedia\Flash Player\#SharedObjects\LCL42XJ4\[You must be registered and logged in to see this link.]
Status: hȋdden

Object: C:\Documents and Settings\Chad\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#[You must be registered and logged in to see this link.]
Status: hȋdden

Object: C:\Documents and Settings\Chad\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#[You must be registered and logged in to see this link.]
Status: hȋdden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}
Status: Access denied

Object: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}(2)
Status: Access denied

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Origin on 9th January 2010, 8:13 pm

Hmm ok please do the following:

I suggest you copy these instructions into a notepad file, because we need to use safe mode and you won't have internet access to read from here.

Download [You must be registered and logged in to see this link.] and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 9th January 2010, 8:50 pm

SDFix: Version 1.240
Run by Chad on Sat 01/09/2010 at 03:26 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\CLEANUP.EXE - Deleted
C:\-20020~1 - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-09 15:39:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ovfsthxpvpxckky]
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=str(2):"\systemroot\system32\drivers\ovfsthxicoouodi.sys"
"inst"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ovfsthxpvpxckky\main]
"ver"="icv140409"
"cid"="01"
"bid"=""
"aid"="303720"
"sid"="254"
"feed"=hex:22,64,78,36,3c,2e,3b,29,39,3b,3b,3a,04,4f,01,0c,09,65
"cmddelay"=dword:00003841

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ovfsthxpvpxckky\modules]
"ovfsthx.sys"="\systemroot\system32\drivers\ovfsthxicoouodi.sys"
"ovfsthx.dll"="\systemroot\system32\ovfsthxxgxdsnhe.dll"
"ovfsthxlog.dat"="\systemroot\system32\ovfsthxyelaqcxl.dat"
"ovfsthxwi.dll"="\systemroot\system32\ovfsthxvorsarro.dll"
"ovfsthxff.dll"="\systemroot\system32\ovfsthxiysvtgld.dll"
"ovfsthx.dat"="\systemroot\system32\ovfsthxpjyrxjbp.dat"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:55,48,7e,ca,8b,26,be,a0,4a,6f,ac,ba,8d,61,cf,25,c1,c2,c8,1b,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:55,48,7e,ca,8b,26,be,a0,4a,6f,ac,ba,8d,61,cf,25,c1,c2,c8,1b,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:55,48,7e,ca,8b,26,be,a0,4a,6f,ac,ba,8d,61,cf,25,c1,c2,c8,1b,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:55,48,7e,ca,8b,26,be,a0,4a,6f,ac,ba,8d,61,cf,25,c1,c2,c8,1b,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000002
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000023
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxDAV\EncryptedDirectories]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:55,48,7e,ca,8b,26,be,a0,4a,6f,ac,ba,8d,61,cf,25,c1,c2,c8,1b,7e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001]
"a0"=hex:20,01,00,00,27,9a,d2,21,25,83,cc,5c,3b,a3,08,a1,79,bd,b4,80,39,..
"ujdew"=hex:b9,f1,7f,86,0c,b6,69,a6,2a,b4,e8,38,36,43,80,1b,15,05,b7,b7,69,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40]
"ujdew"=hex:ef,da,bc,b5,0d,d1,e8,04,ec,3a,f3,53,40,73,78,e8,fe,49,41,82,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:55,48,7e,ca,8b,26,be,a0,4a,6f,ac,ba,8d,61,cf,25,c1,c2,c8,1b,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:55,48,7e,ca,8b,26,be,a0,4a,6f,ac,ba,8d,61,cf,25,c1,c2,c8,1b,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:55,48,7e,ca,8b,26,be,a0,4a,6f,ac,ba,8d,61,cf,25,c1,c2,c8,1b,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:55,48,7e,ca,8b,26,be,a0,4a,6f,ac,ba,8d,61,cf,25,c1,c2,c8,1b,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:55,48,7e,ca,8b,26,be,a0,4a,6f,ac,ba,8d,61,cf,25,c1,c2,c8,1b,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:55,48,7e,ca,8b,26,be,a0,4a,6f,ac,ba,8d,61,cf,25,c1,c2,c8,1b,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:55,48,7e,ca,8b,26,be,a0,4a,6f,ac,ba,8d,61,cf,25,c1,c2,c8,1b,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:55,48,7e,ca,8b,26,be,a0,4a,6f,ac,ba,8d,61,cf,25,c1,c2,c8,1b,7e,..

scanning hȋdden registry entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden processes: 0
hȋdden services: 0
hȋdden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Common Files\\AOL\\1169665382\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1169665382\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\AOL 9.1\\waol.exe"="C:\\Program Files\\AOL 9.1\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ćTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\DOCUME~1\\Chad\\LOCALS~1\\Temp\\CS4.exe"="C:\\DOCUME~1\\Chad\\LOCALS~1\\Temp\\CS4.exe:*:Enabled:Windows Center"
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe:*:Enabled:Pando Media Booster"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Chad\\Local Settings\\Temp\\svcchst32.exe"="C:\\Documents and Settings\\Chad\\Local Settings\\Temp\\svcchst32.exe:*:Enabled:JDrun"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"
"C:\\Documents and Settings\\Chad\\Local Settings\\Temp\\JDstart.exe"="C:\\Documents and Settings\\Chad\\Local Settings\\Temp\\JDstart.exe:*:Enabled:JDstart"
"C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with hȋdden Attributes :

Tue 30 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 24 Nov 2005 245,248 A..HR --- "C:\WINDOWS\system32\drivers\rt73.sys"
Sun 11 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 14 May 2009 305,362 A..HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"
Thu 4 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Thu 4 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Thu 4 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Thu 4 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Thu 4 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Thu 4 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch6\lock.tmp"

Finished!

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 9th January 2010, 8:51 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:34 PM, on 1/9/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\Chad\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Chad\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - [You must be registered and logged in to see this link.]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 12168 bytes

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Origin on 9th January 2010, 9:03 pm

Good news we may have found the culprit Smile


1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Registry keys to delete:
HKLM\SYSTEM\ControlSet001\Services\ovfsthxpvpxckky
HKLM\SYSTEM\ControlSet001\Services\ovfsthxpvpxckky\main
HKLM\SYSTEM\ControlSet001\Services\ovfsthxpvpxckky\modules

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Post by Chads10R on 9th January 2010, 9:32 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Registry key "HKLM\SYSTEM\ControlSet001\Services\ovfsthxpvpxckky" deleted successfully.

Error: registry key "HKLM\SYSTEM\ControlSet001\Services\ovfsthxpvpxckky\main" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\ovfsthxpvpxckky\main" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Services\ovfsthxpvpxckky\modules" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\ovfsthxpvpxckky\modules" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Chads10R
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-12-29
Gender Gender : Male
OS OS : Windows XP SP2
Points Points : 25994
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum