Redirect VIRUS!

View previous topic View next topic Go down

Redirect VIRUS!

Post by Glerith on 8th October 2010, 10:15 pm

I am currently running Windows XP AMD ATHLON 64x running 32x and i keep getting redirected to random popups i think i got it off a Microsoft Essentials fake Anti virus and i deleted most of that but i think im missing something plz help!

Glerith
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-08
OS OS : AMD Athlon 64x Windows XP
Points Points : 22638
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect VIRUS!

Post by Sneakyone on 9th October 2010, 12:35 am

Hi, Welcome to GeekPolice.net!

Please download [You must be registered and logged in to see this link.] to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect VIRUS!

Post by Glerith on 9th October 2010, 12:39 am

ha ty im doing so now

Glerith
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-08
OS OS : AMD Athlon 64x Windows XP
Points Points : 22638
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect VIRUS!

Post by Glerith on 9th October 2010, 1:20 am

OTL logfile created on: 10/8/2010 5:47:05 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Xblade\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 14.98 Gb Free Space | 19.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XBLADE-1ADAEEDA
Current User Name: Xblade
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/08 17:38:10 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xblade\My Documents\Downloads\OTL.exe
PRC - [2010/02/15 19:06:56 | 010,358,056 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/08 17:38:10 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xblade\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/04 14:12:28 | 002,436,664 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/02/17 14:37:00 | 003,449,068 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2004/10/22 13:42:44 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva344.sys -- (XDva344)
DRV - [2010/06/02 08:21:06 | 000,528,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/15 14:26:45 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/12/25 15:19:14 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 18:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 13:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/05 10:59:12 | 004,069,376 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/03/31 16:28:32 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/14 03:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/03/27 19:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2005/03/22 19:17:34 | 000,450,400 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2004/09/02 22:43:00 | 000,046,464 | R--- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiSRaid.sys -- (SiSRaid)
DRV - [2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.kav -- (RDPCDD)
DRV - [2004/07/27 11:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2003/08/08 18:00:28 | 000,032,640 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2003/07/17 18:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/07/10 08:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/01 18:30:16 | 000,095,232 | ---- | M] (IC Media Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ubVeo532.sys -- (DCamUSBVeo532)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.13


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/03 19:34:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/04/19 03:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 17:10:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 17:10:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/05/15 14:27:48 | 000,000,000 | ---D | M]

[2009/11/03 19:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xblade\Application Data\Mozilla\Extensions
[2009/10/17 18:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Xblade\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/03 19:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xblade\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/08 15:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xblade\Application Data\Mozilla\Firefox\Profiles\nomb9brw.default\extensions
[2010/10/08 14:37:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Xblade\Application Data\Mozilla\Firefox\Profiles\nomb9brw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/05 10:37:15 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Xblade\Application Data\Mozilla\Firefox\Profiles\nomb9brw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/10/08 15:29:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/16 17:10:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/07/28 01:10:20 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/11/03 19:39:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/05 19:56:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/09/10 15:07:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/05/15 14:28:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/09/16 17:10:19 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/09/16 17:10:19 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/03/09 04:28:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/07/07 14:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2009/07/07 14:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
[2010/09/16 17:10:19 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/03/19 18:21:21 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/12/21 18:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/03/12 22:18:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/03/12 22:18:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/03/12 22:18:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/03/12 22:18:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/03/12 22:18:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/03/12 22:18:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/03/12 22:18:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/09/23 16:36:40 | 000,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2010/09/16 05:28:43 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/09/16 05:28:43 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/09/16 05:28:43 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/16 05:28:43 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/09/16 05:28:43 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/09/16 05:28:43 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/16 05:28:43 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PC Booster] C:\Program Files\Inkline Global\PC Booster\PCBooster.exe (inKline Software Labs)
O4 - HKLM..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\Sraid.exe (SiS)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} [You must be registered and logged in to see this link.] (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.70,93.188.166.9
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Xblade\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Xblade\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/17 13:40:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/08 15:23:45 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/10/08 15:23:24 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/10/08 15:23:24 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/10/08 15:22:51 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/10/08 15:22:27 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/10/08 15:22:26 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/10/08 15:22:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/10/08 15:22:23 | 000,300,544 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/10/08 15:22:22 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/10/08 15:22:16 | 000,528,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/10/08 15:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/10/08 15:21:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/10/08 15:21:14 | 000,228,352 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/10/08 15:21:14 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/10/08 15:21:13 | 000,681,984 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/10/04 02:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xblade\Desktop\Desktop
[2010/09/28 19:42:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Xblade\Recent
[2010/09/25 11:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/20 06:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xblade\Application Data\Publish Providers
[2010/09/20 03:00:40 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/09/19 12:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xblade\Local Settings\Application Data\Sony
[2010/09/19 12:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xblade\Application Data\Sony
[2010/09/19 12:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/09/19 12:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/09/19 12:14:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/09/15 17:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xblade\My Documents\AIMLogger
[2010/09/14 17:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xblade\Local Settings\Application Data\WinZip
[2010/09/14 17:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xblade\Desktop\html
[2010/09/13 21:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/09/11 14:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xblade\My Documents\DK1
[2010/09/11 13:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xblade\My Documents\demo
[2010/09/11 13:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2010/09/11 13:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia
[2010/09/11 13:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2010/09/11 13:18:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/09/10 15:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/09/10 15:12:08 | 000,054,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2010/09/10 15:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/09/10 15:07:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/10 15:07:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/10 15:07:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/02 17:54:59 | 004,817,591 | ---- | C] () -- C:\Program Files\DAEMON Tools Lite.zip
[2010/02/25 20:42:25 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Xblade\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/23 16:16:02 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2010/01/23 16:16:02 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2010/01/23 16:16:02 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2010/01/23 16:16:02 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[2009/12/30 12:09:22 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Xblade\Local Settings\Application Data\fusioncache.dat
[2009/12/24 18:14:04 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Xblade\Application Data\PnkBstrK.sys
[2009/10/17 19:10:44 | 000,014,176 | ---- | C] () -- C:\Documents and Settings\Xblade\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/17 14:07:34 | 004,283,158 | -H-- | C] () -- C:\Documents and Settings\Xblade\Local Settings\Application Data\IconCache.db
[2009/10/17 13:47:18 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Xblade\Application Data\desktop.ini
[2009/10/17 06:16:51 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/08 17:25:53 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Xblade\NTUSER.DAT
[2010/10/08 15:35:36 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/10/08 15:26:14 | 000,416,369 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/10/08 15:23:57 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Xblade\Desktop\ZoneAlarm Security.lnk
[2010/10/08 13:57:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/08 13:56:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/08 13:56:08 | 000,178,544 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/10/08 13:56:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/08 13:56:06 | 1610,010,624 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/07 15:33:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Xblade\ntuser.ini
[2010/10/07 15:33:20 | 004,283,158 | -H-- | M] () -- C:\Documents and Settings\Xblade\Local Settings\Application Data\IconCache.db
[2010/10/05 19:38:15 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Xblade\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/04 02:14:57 | 002,626,052 | ---- | M] () -- C:\Documents and Settings\Xblade\Desktop\Desktop.zip
[2010/10/04 02:12:33 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/04 02:12:20 | 000,000,233 | ---- | M] () -- C:\Documents and Settings\Xblade\Desktop\plant animal science.rtf
[2010/10/03 03:26:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2010/10/02 23:11:45 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\Xblade\Desktop\StealthBot Launcher.lnk
[2010/09/28 19:43:58 | 000,019,150 | ---- | M] () -- C:\Documents and Settings\Xblade\My Documents\cc_20100928_194340.reg
[2010/09/28 19:40:29 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Xblade\Desktop\CCleaner.lnk
[2010/09/25 11:45:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/20 06:13:44 | 000,000,847 | ---- | M] () -- C:\WINDOWS\GMUD32.INI
[2010/09/19 12:17:14 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sound Forge Pro 10.0.lnk
[2010/09/19 12:15:42 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/09/19 12:14:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/09/13 21:18:40 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\Xblade\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/09/12 12:31:34 | 000,014,176 | ---- | M] () -- C:\Documents and Settings\Xblade\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/12 12:31:16 | 000,099,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/08 15:24:02 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/10/08 15:23:57 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Xblade\Desktop\ZoneAlarm Security.lnk
[2010/10/08 15:22:15 | 000,416,369 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/10/04 02:14:56 | 002,626,052 | ---- | C] () -- C:\Documents and Settings\Xblade\Desktop\Desktop.zip
[2010/10/04 02:12:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/04 02:12:20 | 000,000,233 | ---- | C] () -- C:\Documents and Settings\Xblade\Desktop\plant animal science.rtf
[2010/09/28 19:43:47 | 000,019,150 | ---- | C] () -- C:\Documents and Settings\Xblade\My Documents\cc_20100928_194340.reg
[2010/09/28 19:40:28 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Xblade\Desktop\CCleaner.lnk
[2010/09/25 11:45:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/19 12:17:14 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sound Forge Pro 10.0.lnk
[2010/09/19 12:14:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/09/13 21:18:40 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\Xblade\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/05/27 17:09:00 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/05/20 17:37:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/05/20 10:04:32 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2010/05/09 12:28:04 | 000,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2010/04/12 23:12:46 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/04/12 23:12:45 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/01/23 16:16:04 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/12/25 15:19:14 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/24 18:14:05 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/12/24 18:13:37 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/11/09 18:16:09 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/10/17 23:26:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\VeoSetup532.dll
[2009/10/17 23:26:09 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Veo532ut.dll
[2009/10/17 20:00:53 | 000,000,847 | ---- | C] () -- C:\WINDOWS\GMUD32.INI
[2009/10/17 14:52:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2009/10/17 14:52:12 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009/10/17 14:52:12 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009/10/17 14:52:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009/10/17 14:52:06 | 000,132,864 | R--- | C] () -- C:\WINDOWS\Cmuda.ini
[2009/10/17 14:52:01 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2009/10/17 14:07:30 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/10/28 10:43:59 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\property.dll
[2004/08/04 05:00:00 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\rdpcdd.sys

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/12/25 15:19:14 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2009/10/17 06:15:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/10/17 06:15:25 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/10/17 06:15:25 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.sys >
[2004/07/27 11:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.sys
[2004/07/27 11:20:46 | 000,011,904 | ---- | M] (ANI ) -- C:\WINDOWS\system32\anio4.sys
[2004/08/04 05:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 05:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 05:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 05:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 05:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2005/01/04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys
[2004/08/04 05:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 05:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 05:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 05:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 05:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 05:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 05:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 05:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2010/06/02 08:21:06 | 000,528,128 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\vsdatant.sys
[2008/04/13 11:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/23 06:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 17:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 17:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 17:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 17:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 17:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 17:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 17:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2009/05/05 07:31:06 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2008/04/13 17:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 17:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 17:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 17:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 17:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 17:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 17:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 17:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/10/17 13:40:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/16 22:42:19 | 000,000,000 | ---- | M] () -- C:\BnetLog.txt
[2010/08/07 12:59:02 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/10/17 13:40:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/10 18:20:26 | 000,878,818 | ---- | M] () -- C:\D2DV_IX86_112a_113c.mpq
[2010/03/10 18:20:52 | 000,799,352 | ---- | M] () -- C:\D2XP_IX86_112a_113c.mpq
[2004/12/28 22:57:36 | 000,017,505 | R--- | M] () -- C:\DBI.EXE
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/10/08 13:56:06 | 1610,010,624 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/23 16:23:29 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/10/17 13:40:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/22 00:37:37 | 000,000,823 | -H-- | M] () -- C:\IPH.PH
[2009/10/17 13:40:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/10/30 18:26:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/08 13:56:05 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/09/28 19:58:38 | 000,039,782 | ---- | M] () -- C:\TDSSKiller.2.4.3.0_28.09.2010_19.51.32_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %PROGRAMFILES%\*. >
[2010/03/18 21:43:35 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/05/02 12:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/04/22 00:37:28 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2009/10/17 19:25:15 | 000,000,000 | ---D | M] -- C:\Program Files\ANI
[2009/11/03 20:04:13 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/04/20 23:35:34 | 000,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
[2009/12/24 22:18:18 | 000,000,000 | ---D | M] -- C:\Program Files\AskBarDis
[2009/12/24 17:27:52 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/09/13 21:18:39 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2009/11/03 20:08:32 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/10/17 14:52:02 | 000,000,000 | ---D | M] -- C:\Program Files\C-Media 3D Audio
[2010/09/28 19:40:26 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/09/11 13:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/10/17 13:38:29 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/10/17 19:25:03 | 000,000,000 | ---D | M] -- C:\Program Files\D-Link
[2009/12/25 15:19:19 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2010/08/07 06:20:49 | 000,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2010/05/08 09:50:42 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/07/05 11:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Drug Lord 2
[2010/09/19 08:41:49 | 000,000,000 | ---D | M] -- C:\Program Files\HighGrow
[2009/11/29 17:21:54 | 000,000,000 | ---D | M] -- C:\Program Files\ICCup
[2010/08/07 05:49:17 | 000,000,000 | ---D | M] -- C:\Program Files\Inkline Global
[2010/05/20 10:40:34 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/04/18 03:02:03 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/08/07 13:12:00 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/03/12 22:21:24 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/03/12 22:22:11 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/09/10 15:07:17 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/05/15 14:27:05 | 000,000,000 | ---D | M] -- C:\Program Files\Kaspersky Lab
[2010/05/09 21:36:50 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/09/11 13:20:17 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2010/08/15 01:44:41 | 000,000,000 | ---D | M] -- C:\Program Files\ManyCam 2.4
[2009/10/30 18:38:11 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/10/25 20:22:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/10/17 13:41:07 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/09/08 05:42:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/09/10 15:08:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/08/11 06:11:35 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/08 17:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/04/18 03:04:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/10/17 19:36:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/10/17 13:38:20 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/03/12 19:52:36 | 000,000,000 | ---D | M] -- C:\Program Files\MultiMedia Keyboard
[2009/10/30 18:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/12/09 18:52:47 | 000,000,000 | ---D | M] -- C:\Program Files\On-line Help Console
[2009/10/17 13:39:53 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/11 23:05:41 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/03/19 18:21:08 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2010/03/12 22:18:03 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/04/18 03:04:05 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/10/17 14:55:04 | 000,000,000 | ---D | M] -- C:\Program Files\Silicon Integrated Systems
[2009/10/17 14:57:26 | 000,000,000 | ---D | M] -- C:\Program Files\SiSLan
[2010/07/28 01:10:20 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/08/14 00:08:07 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client
[2010/08/14 00:07:48 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/09/20 06:15:06 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/10/04 20:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2010/09/30 17:20:35 | 000,000,000 | ---D | M] -- C:\Program Files\StarCraft II
[2010/10/02 23:11:43 | 000,000,000 | ---D | M] -- C:\Program Files\StealthBot 2.7
[2010/10/08 13:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2009/10/17 20:19:45 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/07/23 07:48:39 | 000,000,000 | ---D | M] -- C:\Program Files\TCAdmin Control Panel
[2010/08/02 13:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client
[2009/10/17 13:47:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/07/23 08:12:49 | 000,000,000 | ---D | M] -- C:\Program Files\Valve
[2009/11/09 18:16:13 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2009/10/17 23:26:09 | 000,000,000 | ---D | M] -- C:\Program Files\Veo Stingray
[2010/04/18 02:28:42 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/05/20 09:52:01 | 000,000,000 | ---D | M] -- C:\Program Files\VstPlugins
[2010/08/18 08:25:58 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2010/09/10 15:12:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/10/25 20:22:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/09/19 12:15:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/10/30 18:32:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/10/17 13:39:55 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/12/25 08:14:20 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2009/10/17 13:41:07 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/06/07 09:23:24 | 000,000,000 | ---D | M] -- C:\Program Files\Xfire
[2010/10/08 15:22:09 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs
< %appdata%\*.* >
[2009/10/17 06:16:51 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Xblade\Application Data\desktop.ini
[2009/12/24 18:14:04 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Xblade\Application Data\PnkBstrK.sys


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/10/30 18:23:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/10/30 18:23:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/10/30 18:23:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/10/30 18:23:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

Glerith
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-08
OS OS : AMD Athlon 64x Windows XP
Points Points : 22638
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect VIRUS!

Post by Glerith on 9th October 2010, 1:20 am

CONTINUED


< MD5 for: DISK.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/10/30 18:23:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/10/30 18:23:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/10/30 18:23:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2009/10/30 18:23:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-22 10:01:06

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Glerith
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-08
OS OS : AMD Athlon 64x Windows XP
Points Points : 22638
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect VIRUS!

Post by Glerith on 9th October 2010, 1:21 am

OTL Extras logfile created on: 10/8/2010 5:47:05 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Xblade\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 14.98 Gb Free Space | 19.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XBLADE-1ADAEEDA
Current User Name: Xblade
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57782:TCP" = 57782:TCP:*:Enabled:Pando Media Booster
"57782:UDP" = 57782:UDP:*:Enabled:Pando Media Booster
"8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher
"8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\Xblade\Desktop\neglectedfury\warden fix\Warden.exe" = C:\Documents and Settings\Xblade\Desktop\neglectedfury\warden fix\Warden.exe:*:Enabled:Warden -- (Lex)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Documents and Settings\Xblade\Desktop\Bot Nf setup\neglectedfury\Warden Bypass\Warden.exe" = C:\Documents and Settings\Xblade\Desktop\Bot Nf setup\neglectedfury\Warden Bypass\Warden.exe:*:Enabled:Warden -- (Lex)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam 732897 -- (Valve Corporation)
"C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe" = C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe:*:Enabled:dndclient -- File not found
"C:\Program Files\Steam\SteamApps\xglerithx\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\SteamApps\xglerithx\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Documents and Settings\Xblade\My Documents\Downloads\FOGDownloader-RoM_2_1_6_2049.exe" = C:\Documents and Settings\Xblade\My Documents\Downloads\FOGDownloader-RoM_2_1_6_2049.exe:*:Enabled:FOGDownloader-RoM_2_1_6_2049 -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\StarCraft II Beta\Versions\Base15133\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15133\SC2.exe:*:Enabled:StarCraft II -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Steam\SteamApps\xglerithx\counter-strike source\hl2.exe" = C:\Program Files\Steam\SteamApps\xglerithx\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0019E3BC-CED7-AC28-37D6-9295AD1AD61B}" = CCC Help English
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0207274D-CADB-7BA0-EE43-7EEDCB72DB69}" = CCC Help Norwegian
"{03E99DD0-B7D9-7DD4-DBBE-C17F847FCB58}" = CCC Help Korean
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082ADCB3-466F-B7D2-D651-3CE8DC07AC59}" = CCC Help Thai
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}" = SiSRaidPackage
"{0870850F-BBF5-3671-D60B-734795426238}" = CCC Help Czech
"{1010B03A-16EC-E8C7-8502-AFE25D6B3174}" = CCC Help Chinese Standard
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{15D6AABC-B52B-2688-8C82-2BF8FE11FA40}" = CCC Help Hungarian
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17C44CBC-E672-75DE-2EE5-0F0286A00D59}" = CCC Help Greek
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 19
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{31E0831B-562F-FD30-DF75-4C281B9266F7}" = CCC Help Portuguese
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3944BA0A-7509-4E90-9ACB-02A885F03F60}" = Catalyst Control Center Graphics Full New
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46F4938D-26FF-BF1D-A336-9D3961C92807}" = CCC Help German
"{475E0563-04B6-36CE-47B6-8C9AB42F4EF3}" = Catalyst Control Center Graphics Previews Common
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4DFB909A-C40F-591A-71D7-B11C02A8A238}" = ccc-core-preinstall
"{4F85A319-029D-32C3-6980-4B0046C06EC8}" = CCC Help Finnish
"{511D0337-FE01-DA48-CC95-EBBF7A93E786}" = CCC Help Japanese
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5C9CEF25-6F70-4916-AFE2-67DC66E440F9}" = SmartFTP Client
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60465DDC-D031-BE8F-8278-87DA53086EC6}" = Catalyst Control Center Localization All
"{615F83AC-28E0-431D-BBC9-334547B28CE6}" = ATI AVIVO Codecs
"{6283826F-59A2-11D9-BB04-000AE6BE6EE7}" = On-line Help Console
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A9D3D2E-CB04-E887-C778-5E153EB5E26C}" = Catalyst Control Center Core Implementation
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"{7AF1EA50-831D-33D7-C270-2B3DC17D5E52}" = CCC Help Dutch
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7BA08D9F-1A71-4034-A547-045AEE18431F}" = ccc-utility
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{889D7767-A186-4ED4-A7D9-FC6ECDG2A82C}_is1" = PC Booster Version 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B983D49-E1FC-6216-7E3C-D33C31F7C377}" = CCC Help Danish
"{9372C47B-C717-F4E5-F3FC-913CD7FF7B96}" = Catalyst Control Center Graphics Full Existing
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{96941C2F-129E-350C-02C5-281FEC091B79}" = CCC Help Italian
"{9777B682-F464-C919-75C8-297EE9DD7059}" = CCC Help Polish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2A6F8F4-5CDA-0918-B41D-760FC0823DF6}" = CCC Help Chinese Traditional
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACA2DA17-FD8E-5D7B-9C29-4D89F605D6B4}" = CCC Help Turkish
"{AD88E6DF-A288-4E09-A59B-68E94373BAC7}" = Veo Stingray
"{B60D1AA5-339E-7110-E423-61BD239CE2D2}" = Catalyst Control Center Graphics Light
"{C05DEB30-501D-4106-958D-C5E147D2BF7E}" = StealthBot 2.7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE12677C-F7D2-45A8-BBF9-0FC0B972EDC3}" = League of Legends
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.2
"{D16B35D4-52B8-12A8-0662-E51FD02410C1}" = CCC Help Spanish
"{D1AB5768-763D-8BC0-A212-48B1EEDE5527}" = ccc-core-static
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DD30130A-74DE-E354-6721-C1F8C82E3F5F}" = CCC Help Swedish
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6E377A4-E68A-AC3D-2EA2-993D7628185B}" = CCC Help French
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F98C8CC2-A8B9-FD0D-3A69-827CECCD454A}" = Catalyst Control Center HydraVision Full
"{FAFCCD8A-AC75-CB41-B0B0-11E86DA903C7}" = CCC Help Russian
"{FCCDE84B-0154-459E-A8F2-C6B3FA5C1881}" = HydraVision
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"ASIO4ALL" = ASIO4ALL
"Ask Toolbar_is1" = Vuze Toolbar
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX Setup
"Drug Lord 2" = Drug Lord 2
"Fraps" = Fraps (remove only)
"Game Booster_is1" = Game Booster
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"HighGrow Freeware Version 4.20" = HighGrow Freeware Version 4.20
"ICCup Launcher_is1" = ICCup Launcher
"InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"MSNINST" = MSN
"MultiMedia Keyboard MultiMedia Keyboard" = MultiMedia Keyboard 1.1
"Network Play System (Patching)" = Network Play System (Patching)
"NVIDIA Drivers" = NVIDIA Drivers
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"ZoneAlarm Pro" = ZoneAlarm Pro

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2010 5:47:35 PM | Computer Name = XBLADE-1ADAEEDA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 5/18/2010 11:52:43 PM | Computer Name = XBLADE-1ADAEEDA | Source = Application Error | ID = 1000
Description = Faulting application d2-cdkey.exe, version 1.0.0.5, faulting module
d2-cdkey.exe, version 1.0.0.5, fault address 0x00032074.

Error - 5/18/2010 11:53:25 PM | Computer Name = XBLADE-1ADAEEDA | Source = Application Error | ID = 1000
Description = Faulting application d2-cdkey.exe, version 1.0.0.5, faulting module
d2-cdkey.exe, version 1.0.0.5, fault address 0x00032074.

Error - 5/22/2010 1:45:59 PM | Computer Name = XBLADE-1ADAEEDA | Source = ESENT | ID = 490
Description = wuauclt (3500) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/22/2010 1:46:14 PM | Computer Name = XBLADE-1ADAEEDA | Source = ESENT | ID = 489
Description = wuauclt (3500) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 5/22/2010 1:46:14 PM | Computer Name = XBLADE-1ADAEEDA | Source = ESENT | ID = 455
Description = wuaueng.dll (3500) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 5/22/2010 1:46:29 PM | Computer Name = XBLADE-1ADAEEDA | Source = ESENT | ID = 489
Description = wuauclt (3500) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 5/22/2010 1:46:29 PM | Computer Name = XBLADE-1ADAEEDA | Source = ESENT | ID = 455
Description = wuaueng.dll (3500) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 5/22/2010 1:51:51 PM | Computer Name = XBLADE-1ADAEEDA | Source = ESENT | ID = 489
Description = wuauclt (3728) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 5/22/2010 1:51:51 PM | Computer Name = XBLADE-1ADAEEDA | Source = ESENT | ID = 455
Description = wuaueng.dll (3728) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 10/8/2010 4:57:11 PM | Computer Name = XBLADE-1ADAEEDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
gagp30kx


< End of report >

Glerith
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-08
OS OS : AMD Athlon 64x Windows XP
Points Points : 22638
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect VIRUS!

Post by Glerith on 9th October 2010, 1:22 am

1st OTL.TXT

2nd EXTRAS.TXT

Glerith
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-08
OS OS : AMD Athlon 64x Windows XP
Points Points : 22638
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect VIRUS!

Post by Sneakyone on 10th October 2010, 2:41 am

Hi,

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect VIRUS!

Post by Glerith on 11th October 2010, 5:27 am

rofl ty for your cooperation to work with me but it corrupted my sys 32 config files so windows wouldnt work 1 bit after malawarebyte scan rofl my bios dissappeared so i had to disc. harddrive blahh blajhh u get it anyways i currentyl reformatted and am running vista Smile heh thats what i get for being impatient Goofy

Glerith
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-08
OS OS : AMD Athlon 64x Windows XP
Points Points : 22638
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect VIRUS!

Post by Sneakyone on 11th October 2010, 10:40 pm

Hi,

Sorry that happened, if you need any more help just ask. Smile


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect VIRUS!

Post by Glerith on 11th October 2010, 10:49 pm

haha you did nothing wrong dont worry about it i had windows disk and all just had vista sitting around so i figured i would use it anyways prolly be last time i post on this

Glerith
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-10-08
OS OS : AMD Athlon 64x Windows XP
Points Points : 22638
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum