Stolen Data

View previous topic View next topic Go down

Stolen Data

Post by svoboda on Thu 28 Oct 2010, 9:07 am

Hey I've fun Malwarebytes' Anti-Malware virus for about a week now and every time I've run it, it comes up with "stolen.data" along with perhaps one other virus which have been different, today was Trojan.agent. What do I do to stop my data from being stopped. Also here's my most recent log from Malwarebytes

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4968

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

10/27/2010 6:06:57 PM
mbam-log-2010-10-27 (18-06-57).txt

Scan type: Quick scan
Objects scanned: 170513
Time elapsed: 11 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 45

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\SYSTEM32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\John\Local Settings\temp\_AE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2524_FF_0000000920.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2524_FF_0000000921.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2524_FF_0000000922.frm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2524_FF_0000000923.pst (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2524_FF_0000000924.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2524_FF_0000000925_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2524_FF_0000000926.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2524_FF_0000000927.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2524_FF_0000000928.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2524_FF_0000000929.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2524_FF_0000000930.frm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2524_FF_0000000931.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2524_FF_0000000932.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2524_FF_0000000933.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2524_FF_0000000934.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000896.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000897.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000898.frm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000899.pst (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000900.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000901.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000902.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000903.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000904.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000905.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000906_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000907_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000908_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000909_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000910_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000911_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000912_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000913_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000914_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000915_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000916_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000917_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000918_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\2912_FF_0000000919_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\3520_FF_0000000935_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\3520_FF_0000000936.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\3520_FF_0000000937.frm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\3520_FF_0000000938.frm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmldm\3520_FF_0000000939.pst (Stolen.Data) -> Quarantined and deleted successfully.

svoboda

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-10-28
Operating System : Windows

View user profile

Back to top Go down

Re: Stolen Data

Post by Belahzur on Thu 28 Oct 2010, 11:21 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Stolen Data

Post by svoboda on Sat 30 Oct 2010, 10:46 am

Here is the OTL.txt

OTL logfile created on: 10/29/2010 7:35:50 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\John\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 25.00 Mb Available Physical Memory | 10.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.00 Gb Total Space | 28.38 Gb Free Space | 39.97% Space Free | Partition Type: NTFS

Computer Name: UKRAINE | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/29 19:35:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\My Documents\Downloads\OTL.exe
PRC - [2010/10/28 20:06:40 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 20:06:38 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/10 15:10:58 | 002,349,776 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/11/18 10:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2008/02/05 19:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/02/05 19:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/10/29 19:35:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\My Documents\Downloads\OTL.exe
MOD - [2010/06/28 17:31:29 | 000,047,616 | -H-- | M] () -- C:\WINDOWS\SYSTEM32\EXTRDCTR.dll
MOD - [2008/02/05 19:20:30 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\msapps\comsrvr.exe -- (COMServer)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/11/18 10:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2008/02/05 19:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 19:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 19:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2005/01/26 15:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/01/26 15:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/26 15:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/01/24 18:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2004/10/25 17:01:52 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2004/08/04 06:00:00 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\P2PGASVC.DLL -- (p2pgasvc)
SRV - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Verizon Games on Demand Player\X4HSX32.Sys -- (X4HSX32)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Verizon Games on Demand Player\X4HS32Ex.Sys -- (X4HS32Ex)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - [2010/02/11 08:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys -- (Tcpip6)
DRV - [2008/02/24 10:23:34 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2008/02/05 22:21:48 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - [2008/02/05 22:21:37 | 004,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/02/05 22:21:25 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/05 22:20:40 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS)
DRV - [2008/02/05 19:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 19:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys -- (LVcKap)
DRV - [2007/08/08 02:37:37 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/12 11:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrSerIf.sys -- (BrSerIf)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/03 09:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrUsbSer.sys -- (BrUsbSer)
DRV - [2004/12/06 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 02:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 02:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 02:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 04:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/04 00:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:59:42 | 000,005,504 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/09 11:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DDMI2.sys -- (SDDMI2)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E99E75E7-A6A9-45A9-B1D6-E2B1A97B8AA0}:1.9.1
FF - prefs.js..extensions.enabledItems: {9AF61E57-1552-42CF-B909-861AA0B4EC85}:1.9.1
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171


FF - HKLM\software\mozilla\Firefox\extensions\\{E99E75E7-A6A9-45A9-B1D6-E2B1A97B8AA0}: C:\Documents and Settings\John\Local Settings\Application Data\{E99E75E7-A6A9-45A9-B1D6-E2B1A97B8AA0} [2010/07/29 21:09:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{9AF61E57-1552-42CF-B909-861AA0B4EC85}: C:\Documents and Settings\Natalie\Local Settings\Application Data\{9AF61E57-1552-42CF-B909-861AA0B4EC85} [2010/07/29 21:29:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\WINDOWS\system32\5006 [2010/10/20 21:21:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 20:06:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 20:06:48 | 000,000,000 | ---D | M]

[2009/01/14 19:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
[2010/10/27 21:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\n11iic3e.default\extensions
[2010/08/01 23:24:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\n11iic3e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/27 21:28:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/23 13:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/23 13:12:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/15 13:02:08 | 000,001,207 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml

O1 HOSTS File: ([2010/02/15 13:02:47 | 000,001,983 | RHS- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 94.75.207.105 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.105 google.com
O1 - Hosts: 94.75.207.105 google.com.au
O1 - Hosts: 94.75.207.105 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.105 google.be
O1 - Hosts: 94.75.207.105 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.105 google.com.br
O1 - Hosts: 94.75.207.105 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.105 google.ca
O1 - Hosts: 38 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Support.com Configuration Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} [You must be registered and logged in to see this link.] (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {197F8FE3-8DF6-4755-B925-B94A1FF2F58E} [You must be registered and logged in to see this link.] (OSAKit2.OSA_Kit)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {2D0280B1-DC42-4DFA-9525-09BD48838539} [You must be registered and logged in to see this link.] (OSAKitPro.OSAKit)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} [You must be registered and logged in to see this link.] (CTVUAxCtrl Object)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} [You must be registered and logged in to see this link.] (EARTPatchX Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} [You must be registered and logged in to see this link.] (MaxisSimCity4PatcherX Control)
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} [You must be registered and logged in to see this link.] (YYGInstantPlay Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} [You must be registered and logged in to see this link.] (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (lilawaka.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0522edde-5d68-11db-9f7d-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0522edde-5d68-11db-9f7d-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0522edde-5d68-11db-9f7d-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8685d78a-6c2a-11db-9f97-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{8685d78a-6c2a-11db-9f97-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b63bff22-6011-11df-a5a4-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{b63bff22-6011-11df-a5a4-00038a000015}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (stera) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: CACLSTAT - (C:\WINDOWS\system32\EXTRDCTR.dll) - C:\WINDOWS\SYSTEM32\EXTRDCTR.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/29 19:01:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2010/10/29 17:34:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/10/26 18:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Qeevq
[2010/10/26 18:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Olil
[2010/10/20 21:21:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5006
[2010/10/20 21:20:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2010/10/20 21:19:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cock
[2010/10/02 23:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual U
[9 C:\Documents and Settings\John\My Documents\*.tmp files -> C:\Documents and Settings\John\My Documents\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/29 19:31:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/29 19:30:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/10/29 19:00:28 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\xixbwq.sys
[2010/10/29 18:31:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/29 18:30:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/10/29 17:31:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/29 17:30:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/10/29 17:30:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/10/29 17:29:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/10/27 22:23:31 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\John\My Documents\journal 3.doc
[2010/10/27 21:31:20 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/27 21:30:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/10/27 21:23:30 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\John\My Documents\journal 2.doc
[2010/10/27 20:52:55 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Microsoft Office Word 2003.lnk
[2010/10/27 20:31:58 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/27 20:30:30 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/10/27 20:00:36 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\John\Application Data\start
[2010/10/27 20:00:22 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\John\Application Data\completescan
[2010/10/27 18:42:04 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\John\Application Data\install
[2010/10/27 18:28:57 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/10/27 18:28:57 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/10/27 18:28:50 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/10/27 18:28:49 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/10/27 18:28:46 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/10/27 18:28:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/10/27 17:07:57 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/26 23:16:45 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Week 8 Art History notes.doc
[2010/10/26 22:33:15 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\John\My Documents\dissusion week something.doc
[2010/10/26 21:40:49 | 000,243,712 | ---- | M] () -- C:\Documents and Settings\John\My Documents\quizes.doc
[2010/10/26 21:08:21 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Phych journals 2.doc
[2010/10/26 18:20:59 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\John\My Documents\~$ych journals 2.doc
[2010/10/24 21:44:02 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\John\My Documents\aart history question.doc
[2010/10/24 16:49:01 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Activity Resume.doc
[2010/10/24 16:42:04 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\John\My Documents\napier letter of reccomendation.doc
[2010/10/24 16:31:51 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/24 15:31:13 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/24 14:47:03 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/24 14:31:19 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/24 13:32:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/24 13:17:39 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/24 13:17:30 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/24 13:17:30 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/24 13:17:29 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/24 13:17:28 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/24 13:17:27 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/24 13:17:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/24 13:17:24 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/24 13:17:23 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/24 13:17:17 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/24 13:17:16 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/24 13:17:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/24 13:17:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/24 13:17:12 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/24 10:54:37 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\John\My Documents\~$pier letter of reccomendation.doc
[2010/10/23 19:41:44 | 000,000,150 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat
[2010/10/23 18:01:37 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\John\My Documents\common app essay.doc
[2010/10/21 19:28:57 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Prep Notes.doc
[2010/10/19 20:36:30 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\John\My Documents\socialization.doc
[2010/10/18 20:35:32 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Week 7 Art History notes.doc
[2010/10/17 19:56:53 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\John\My Documents\leaf litter anyalysis.doc
[2010/10/17 13:53:33 | 000,445,440 | ---- | M] () -- C:\Documents and Settings\John\My Documents\disscusion 7.doc
[2010/10/16 17:23:39 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\John\My Documents\rutgers essay.doc
[2010/10/12 21:56:45 | 000,165,376 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Week6 Art History notes.doc
[2010/10/12 21:50:38 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Who's driving week 6.doc
[2010/10/12 20:59:39 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\John\My Documents\disscusion week 6.doc
[2010/10/12 10:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/10 21:11:25 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\John\My Documents\physch vocab.doc
[2010/10/10 17:30:19 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\John\My Documents\sociology sports project.doc
[2010/10/10 07:58:21 | 000,000,044 | ---- | M] () -- C:\WW2.CFG
[2010/10/06 13:31:29 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/10/06 13:29:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/10/06 13:29:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/10/05 20:29:20 | 000,708,096 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Week 5 Art History notes.doc
[2010/10/05 19:36:04 | 006,929,408 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Image Scavenger Hunt.doc
[2010/10/05 19:23:51 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\John\My Documents\~$ek 5 Art History notes.doc
[2010/10/04 22:39:13 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Sociology.doc
[2010/10/04 19:41:59 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\John\My Documents\week five disscusion.doc
[2010/10/03 07:38:42 | 000,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/30 13:43:35 | 000,444,952 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/09/30 13:43:34 | 000,072,252 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/09/29 21:25:51 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Common Sense Loyalist.doc
[9 C:\Documents and Settings\John\My Documents\*.tmp files -> C:\Documents and Settings\John\My Documents\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/29 19:00:28 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\xixbwq.sys
[2010/10/27 22:23:27 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\John\My Documents\journal 3.doc
[2010/10/27 20:00:36 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\John\Application Data\start
[2010/10/27 20:00:22 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\John\Application Data\completescan
[2010/10/27 18:42:04 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\John\Application Data\install
[2010/10/27 18:28:57 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/10/27 18:28:56 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/10/27 18:28:55 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/10/27 18:28:54 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/10/27 18:28:53 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/10/27 18:28:53 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/10/27 18:28:50 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/10/27 18:28:50 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/10/27 18:28:49 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/10/27 18:28:48 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/10/27 18:28:47 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/10/27 18:28:47 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/10/27 18:28:47 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/10/27 18:28:47 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/10/27 18:28:47 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/10/27 18:28:47 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/10/27 18:28:47 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/10/27 18:28:46 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/10/27 18:28:46 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/10/27 18:28:27 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/10/26 22:05:02 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\John\My Documents\dissusion week something.doc
[2010/10/26 21:40:46 | 000,243,712 | ---- | C] () -- C:\Documents and Settings\John\My Documents\quizes.doc
[2010/10/26 18:20:59 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\John\My Documents\~$ych journals 2.doc
[2010/10/25 21:52:48 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Phych journals 2.doc
[2010/10/24 21:43:40 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\John\My Documents\aart history question.doc
[2010/10/24 13:17:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/24 13:17:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/24 13:17:37 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/24 13:17:36 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/24 13:17:36 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/24 13:17:35 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/24 13:17:34 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/24 13:17:33 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/24 13:17:33 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/24 13:17:32 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/24 13:17:31 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/24 13:17:30 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/24 13:17:29 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/24 13:17:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/24 13:17:27 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/24 13:17:26 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/24 13:17:25 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/24 13:17:24 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/24 13:17:22 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/24 13:17:17 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/24 13:17:16 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/24 13:17:14 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/24 13:17:13 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/24 13:17:04 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/24 10:54:37 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\John\My Documents\~$pier letter of reccomendation.doc
[2010/10/23 19:06:50 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Week 8 Art History notes.doc
[2010/10/21 19:28:57 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Prep Notes.doc
[2010/10/21 19:02:30 | 000,000,150 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2010/10/17 21:23:22 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\John\My Documents\socialization.doc
[2010/10/17 15:49:43 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\John\My Documents\leaf litter anyalysis.doc
[2010/10/17 13:53:33 | 000,445,440 | ---- | C] () -- C:\Documents and Settings\John\My Documents\disscusion 7.doc
[2010/10/16 18:31:02 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Week 7 Art History notes.doc
[2010/10/12 21:48:27 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Who's driving week 6.doc
[2010/10/12 20:59:39 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\John\My Documents\disscusion week 6.doc
[2010/10/10 21:30:27 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\John\My Documents\journal 2.doc
[2010/10/10 21:09:39 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\John\My Documents\physch vocab.doc
[2010/10/10 18:12:12 | 000,165,376 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Week6 Art History notes.doc
[2010/10/10 16:49:05 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\John\My Documents\sociology sports project.doc
[2010/10/05 19:36:02 | 006,929,408 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Image Scavenger Hunt.doc
[2010/10/05 19:23:51 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\John\My Documents\~$ek 5 Art History notes.doc
[2010/10/04 19:41:58 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\John\My Documents\week five disscusion.doc
[2010/10/03 22:37:35 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Sociology.doc
[2010/10/03 18:41:50 | 000,708,096 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Week 5 Art History notes.doc
[2010/09/29 20:50:54 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Common Sense Loyalist.doc
[2010/06/28 17:31:29 | 000,047,616 | -H-- | C] () -- C:\WINDOWS\System32\EXTRDCTR.dll
[2010/05/14 19:21:50 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\John\Application Data\setup_ldm.iss
[2009/08/13 12:03:55 | 000,000,329 | ---- | C] () -- C:\WINDOWS\WinFrotz.INI
[2009/04/14 19:29:35 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/04/14 19:05:13 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/03/31 20:35:52 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/01/24 20:52:10 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/10/31 22:43:57 | 000,000,187 | ---- | C] () -- C:\WINDOWS\FE.INI
[2008/10/11 21:53:55 | 000,002,658 | ---- | C] () -- C:\Documents and Settings\John\Application Data\electiongametwo
[2008/08/20 07:59:09 | 000,000,006 | ---- | C] () -- C:\WINDOWS\WinSysPID32.dll
[2008/04/06 18:57:35 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/02/05 19:20:08 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/01/19 21:17:24 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/19 21:17:24 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/11/13 23:04:34 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/10/27 17:12:32 | 000,271,264 | ---- | C] () -- C:\WINDOWS\VBRUN100.DLL
[2007/10/27 17:12:32 | 000,007,008 | ---- | C] () -- C:\WINDOWS\SETUPKIT.DLL
[2007/09/09 21:36:25 | 000,000,347 | ---- | C] () -- C:\WINDOWS\Warpath.ini
[2007/07/03 18:47:37 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/07/03 18:47:37 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/07/03 17:55:00 | 000,000,854 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/07/03 17:55:00 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/07/03 17:52:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/06/29 21:13:00 | 000,005,035 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/02/10 23:28:50 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2007/02/10 13:15:32 | 000,001,069 | ---- | C] () -- C:\WINDOWS\oregon.ini
[2007/01/24 20:20:44 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/06 15:45:30 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Beer!.ini
[2006/10/20 16:32:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/04/05 21:29:00 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/21 15:09:12 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2006/01/21 15:09:12 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2005/12/11 21:45:51 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\hluninst.dll
[2005/12/11 21:45:20 | 000,001,090 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/09/12 16:12:57 | 000,001,379 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/08/25 20:52:23 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat
[2005/08/20 14:35:06 | 000,000,771 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/08/16 14:55:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/16 14:44:43 | 000,000,198 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/16 14:35:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/16 14:06:10 | 000,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 09:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/09 14:11:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/11/09 14:10:28 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/11/09 14:05:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/11/09 13:59:26 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 06:00:00 | 000,044,952 | ---- | C] () -- C:\WINDOWS\anizikequwamoh.dll
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/03 23:59:42 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\INTELIDE.SYS
[2003/10/08 10:09:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/27 06:49:26 | 000,108,908 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2002/02/27 17:50:00 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2001/10/24 16:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[1998/08/31 10:40:10 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\vbcrc.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE480C3E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0664ADFC
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:436DEE1E
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F5FF8
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBF1147B
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA34E08F

< End of report >

svoboda

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-10-28
Operating System : Windows

View user profile

Back to top Go down

Re: Stolen Data

Post by svoboda on Sat 30 Oct 2010, 10:47 am

Here is the extras

OTL Extras logfile created on: 10/29/2010 7:35:50 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\John\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 25.00 Mb Available Physical Memory | 10.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.00 Gb Total Space | 28.38 Gb Free Space | 39.97% Space Free | Partition Type: NTFS

Computer Name: UKRAINE | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\FXSCLNT.EXE" = C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\SYSTEM32\DPVSETUP.EXE" = C:\WINDOWS\SYSTEM32\DPVSETUP.EXE:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Paradox Entertainment\Europa Universalis 2\eu2.exe" = C:\Program Files\Paradox Entertainment\Europa Universalis 2\eu2.exe:*:Enabled:Europa Universalis II -- (Paradox Entertainment)
"C:\WINDOWS\SYSTEM32\DPLAYSVR.EXE" = C:\WINDOWS\SYSTEM32\DPLAYSVR.EXE:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Sports Interactive\Worldwide Soccer Manager 2007\fm.exe" = C:\Program Files\Sports Interactive\Worldwide Soccer Manager 2007\fm.exe:*:Enabled:Football Manager 2007 -- (Sports Interactive)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- ([You must be registered and logged in to see this link.]
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- ([You must be registered and logged in to see this link.]
"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\SYSTEM32\java.exe" = C:\WINDOWS\SYSTEM32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Disabled:AOL -- (AOL LLC)
"X:\Program Files\Microsoft Games\Age of Empires II\AGE2_X1\AGE2_X1.ICD" = X:\Program Files\Microsoft Games\Age of Empires II\AGE2_X1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion -- File not found
"X:\Program Files\Enlight\Capitalism II\cap2.exe" = X:\Program Files\Enlight\Capitalism II\cap2.exe:*:Enabled:cap2.exe -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Verizon Games on Demand Player
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59F92CC5-FAEC-47BF-926F-2C79A7B086D7}" = Baseball Mogul 2006
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7E2C406B-781D-4E4B-B899-BE92E5D6A9E6}" = Before You Know It 3.6
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C39C2D1B-BB15-4580-A3FC-2E8B61C3C51D}" = Power Politics III
"{CA5DD6E1-B508-4922-815D-479E3228B17A}" = Europa Universalis 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-790CW
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{FF0D5234-E7D8-41DA-9287-C89C3B045ADC}" = Vz In Home Agent
"7-Zip" = 7-Zip 4.42
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"AT&T Connection Services Software" = AT&T Connection Services Manager
"BFGC" = Big Fish Games Client
"BitTorrent" = BitTorrent
"cc745ba65cb3040396ed3f1f5dc69aea927435826" = Worldwide Soccer Manager 2007
"C-evo" = C-evo
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"DivX Setup.divx.com" = DivX Setup
"exent_223750" = RollerCoaster Tycoon 2 - Wacky Worlds
"exent_280250" = Pirate Hunter
"exent_311650" = Capitalism II
"exent_330550" = Age of Empires II - Gold Edition
"exent_652450" = Kudos 2
"exent_652550" = Kudos: Rock Legend
"FIFA World Cup 2006 Manager" = FIFA World Cup 2006 Manager
"Food Force" = Food Force 1.0
"G4FON Koch Method Morse Trainer" = G4FON Koch Method Morse Trainer
"Game Console - WildGames" = WildTangent ORB Game Console
"GameBiz 2_is1" = GameBiz 2 Uninstall
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Insomnia: Night Shift" = Insomnia: Night Shift
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"lvdrivers_11.70" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyWaySearchAssistantDE" = My Way Search Assistant
"New Star Soccer" = New Star Soccer
"New Star Soccer 2" = New Star Soccer 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"Out of the Park 8" = Out of the Park 8
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.10
"Real Lives 2010" = Real Lives 2010
"RealPlayer 6.0" = RealPlayer
"Roses of Paradise" = Roses of Paradise
"Sega Smash Pack" = Sega Smash Pack
"Sierra Utilities" = Sierra Utilities
"simGangster (2007)" = simGangster (2007) (remove only)
"SopCast" = SopCast 3.2.4
"SopCore" = SopCore 1.1.2
"The File Splitter 1.31_is1" = The File Splitter 1.31
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"verizon_broad" = Verizon Broadband Toolbar (IE only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual U" = Virtual U
"VLC media player" = VideoLAN VLC media player 0.8.6b
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World Cup Manager 2002" = World Cup Manager 2002
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5b23977aaa7ca9bf" = Power Politics III
"ESPN Java Check" = ESPN Java Check

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2010 5:12:13 PM | Computer Name = UKRAINE | Source = Application on Demand - IEXPLORE | ID = 0
Description =

Error - 1/1/2010 5:12:14 PM | Computer Name = UKRAINE | Source = Application on Demand - IEXPLORE | ID = 0
Description =

Error - 1/2/2010 12:18:07 AM | Computer Name = UKRAINE | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/2/2010 12:18:08 AM | Computer Name = UKRAINE | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/2/2010 1:31:36 PM | Computer Name = UKRAINE | Source = Application Hang | ID = 1002
Description = Hanging application Skype.exe, version 3.8.0.188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/3/2010 3:57:43 PM | Computer Name = UKRAINE | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3622, faulting module
xul.dll, version 1.9.1.3622, fault address 0x00371e30.

Error - 1/15/2010 11:09:59 PM | Computer Name = UKRAINE | Source = Application on Demand - iexplore | ID = 0
Description =

Error - 1/15/2010 11:10:31 PM | Computer Name = UKRAINE | Source = Application on Demand - iexplore | ID = 0
Description =

Error - 1/15/2010 11:10:31 PM | Computer Name = UKRAINE | Source = Application on Demand - iexplore | ID = 0
Description =

Error - 1/28/2010 12:04:29 AM | Computer Name = UKRAINE | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 1/1/2010 5:12:13 PM | Computer Name = UKRAINE | Source = Application on Demand - IEXPLORE | ID = 0
Description =

Error - 1/1/2010 5:12:14 PM | Computer Name = UKRAINE | Source = Application on Demand - IEXPLORE | ID = 0
Description =

Error - 1/2/2010 12:18:07 AM | Computer Name = UKRAINE | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/2/2010 12:18:08 AM | Computer Name = UKRAINE | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/2/2010 1:31:36 PM | Computer Name = UKRAINE | Source = Application Hang | ID = 1002
Description = Hanging application Skype.exe, version 3.8.0.188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/3/2010 3:57:43 PM | Computer Name = UKRAINE | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3622, faulting module
xul.dll, version 1.9.1.3622, fault address 0x00371e30.

Error - 1/15/2010 11:09:59 PM | Computer Name = UKRAINE | Source = Application on Demand - iexplore | ID = 0
Description =

Error - 1/15/2010 11:10:31 PM | Computer Name = UKRAINE | Source = Application on Demand - iexplore | ID = 0
Description =

Error - 1/15/2010 11:10:31 PM | Computer Name = UKRAINE | Source = Application on Demand - iexplore | ID = 0
Description =

Error - 1/28/2010 12:04:29 AM | Computer Name = UKRAINE | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/27/2010 8:07:12 PM | Computer Name = UKRAINE | Source = Service Control Manager | ID = 7000
Description = The X4HS32Ex service failed to start due to the following error: %%3

Error - 10/27/2010 8:07:12 PM | Computer Name = UKRAINE | Source = Service Control Manager | ID = 7000
Description = The X4HSX32 service failed to start due to the following error: %%3

Error - 10/27/2010 8:26:30 PM | Computer Name = UKRAINE | Source = Service Control Manager | ID = 7000
Description = The X4HS32Ex service failed to start due to the following error: %%3

Error - 10/27/2010 8:26:30 PM | Computer Name = UKRAINE | Source = Service Control Manager | ID = 7000
Description = The X4HSX32 service failed to start due to the following error: %%3

Error - 10/28/2010 7:18:44 PM | Computer Name = UKRAINE | Source = Service Control Manager | ID = 7000
Description = The X4HS32Ex service failed to start due to the following error: %%3

Error - 10/28/2010 7:18:44 PM | Computer Name = UKRAINE | Source = Service Control Manager | ID = 7000
Description = The X4HSX32 service failed to start due to the following error: %%3

Error - 10/28/2010 7:22:59 PM | Computer Name = UKRAINE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800704c7: Microsoft - Other hardware - HID Non-User Input Data Filter
(KB 911895).

Error - 10/29/2010 5:29:43 PM | Computer Name = UKRAINE | Source = Service Control Manager | ID = 7000
Description = The X4HS32Ex service failed to start due to the following error: %%3

Error - 10/29/2010 5:29:43 PM | Computer Name = UKRAINE | Source = Service Control Manager | ID = 7000
Description = The X4HSX32 service failed to start due to the following error: %%3

Error - 10/29/2010 5:36:10 PM | Computer Name = UKRAINE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800704c7: Microsoft - Other hardware - HID Non-User Input Data Filter
(KB 911895).


< End of report >



svoboda

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-10-28
Operating System : Windows

View user profile

Back to top Go down

Re: Stolen Data

Post by Belahzur on Sun 31 Oct 2010, 10:11 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Stolen Data

Post by svoboda on Sun 31 Oct 2010, 11:25 pm

Here are the results

ComboFix 10-10-30.01 - John 10/30/2010 23:04:20.3.1 - x86
Running from: c:\documents and settings\John\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\41a219f
c:\documents and settings\All Users\Application Data\41a219f\78.mof
c:\documents and settings\All Users\Application Data\41a219f\BackUp\DESKTOP.INI
c:\documents and settings\All Users\Application Data\41a219f\mozcrt19.dll
c:\documents and settings\All Users\Application Data\41a219f\SAV.ico
c:\documents and settings\All Users\Application Data\41a219f\SAVSys\vd952342.bd
c:\documents and settings\All Users\Application Data\41a219f\sqlite3.dll
c:\documents and settings\John\Application Data\completescan
c:\documents and settings\John\Application Data\install
C:\Install.exe
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\program files\RegGenie
c:\program files\RegGenie\Backups\40406.4879153935
c:\program files\RegGenie\RegGenie.ini
c:\program files\RegGenie\RegGenieOnUninstall.exe
C:\readme.txt
c:\windows\expert
c:\windows\expert\X6826.INI
c:\windows\system32\18467.exe
c:\windows\system32\appconf32.exe
c:\windows\system32\cock
c:\windows\system32\cryptnet32.dll
c:\windows\system32\drivers\lxdsmoqm.sys
c:\windows\system32\EXTRDCTR.dll
c:\windows\system32\UAs
c:\windows\system32\UAs\firefox.exe_UAs001.dat
c:\windows\system32\UAs\firefox.exe_UAs002.dat
c:\windows\system32\xmldm
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_xbqgjh


((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-31 02:43 . 2010-10-31 02:41 388608 -c--a-w- c:\windows\system32\CF2234.exe
2010-10-31 02:36 . 2010-10-31 02:32 388608 -c--a-w- c:\windows\system32\CF522.exe
2010-10-26 22:34 . 2010-10-26 22:52 -------- dc----w- c:\documents and settings\John\Application Data\Olil
2010-10-26 22:34 . 2010-10-26 22:52 -------- dc----w- c:\documents and settings\John\Application Data\Qeevq
2010-10-21 01:21 . 2010-10-21 01:21 -------- dc----w- c:\windows\system32\5006
2010-10-21 01:20 . 2010-10-21 01:20 112 -c--a-w- c:\windows\system32\srvblck2.tmp
2010-10-21 01:20 . 2010-10-21 01:20 0 -c--a-w- c:\windows\system32\n11iic3e.default.tmp
2010-10-06 17:33 . 2010-10-06 17:33 -------- dc----w- c:\documents and settings\Natalie\Application Data\skypePM
2010-10-06 17:31 . 2010-10-06 23:31 -------- dc----w- c:\documents and settings\Natalie\Application Data\Skype
2010-10-03 03:25 . 2010-10-03 03:25 -------- dc----w- c:\program files\Virtual U

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ stera

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00 15360 ----a-w- c:\windows\SYSTEM32\CTFMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05 127035 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 14:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 14:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 14:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-02-13 18:06 2196240 -c--a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 21:57 26192168 -c--a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 08:25 144784 -c--a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-07-03 19:32 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2009-11-18 14:50 4269296 -c--a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"GameConsoleService"=3 (0x3)
"SSScsiSV"=3 (0x3)
"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Paradox Entertainment\\Europa Universalis 2\\eu2.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPLAYSVR.EXE"=
"c:\\Program Files\\Sports Interactive\\Worldwide Soccer Manager 2007\\fm.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\WINDOWS\\SYSTEM32\\java.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R2 COMServer;COMServer;c:\windows\system32\msapps\comsrvr.exe s [x]
R2 X4HS32Ex;X4HS32Ex;c:\program files\Verizon Games on Demand Player\X4HS32Ex.Sys [x]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2009-11-18 668912]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Trusted Zone: musicmatch.com\online
DPF: {197F8FE3-8DF6-4755-B925-B94A1FF2F58E} - [You must be registered and logged in to see this link.]
DPF: {2D0280B1-DC42-4DFA-9525-09BD48838539} - [You must be registered and logged in to see this link.]
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\n11iic3e.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\windows\system32\5006\components\AcroFF.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {E99E75E7-A6A9-45A9-B1D6-E2B1A97B8AA0} - c:\documents and settings\John\Local Settings\Application Data\{E99E75E7-A6A9-45A9-B1D6-E2B1A97B8AA0}
FF - HiddenExtension: XULRunner: {9AF61E57-1552-42CF-B909-861AA0B4EC85} - c:\documents and settings\Natalie\Local Settings\Application Data\{9AF61E57-1552-42CF-B909-861AA0B4EC85}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Exetender - c:\program files\Verizon Games on Demand Player\GPlayer.exe
MSConfigStartUp-Exetender - c:\program files\Verizon Games on Demand Player\GPlayer.exe
MSConfigStartUp-Pweluvonejecu - c:\windows\PICRIV32.dll
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-RegGenie Scheduler - c:\program files\RegGenie\RegGenieScheduler.exe
MSConfigStartUp-Wdurube - c:\windows\avojonuqucad.dll
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-exent_223750 - c:\remote programs\RollerCoaster Tycoon 2 - Wacky Worlds\GPlrLanc.exe
AddRemove-exent_280250 - c:\remote programs\Pirate Hunter\GPlrLanc.exe
AddRemove-exent_330550 - c:\remote programs\Age of Empires II - Gold Edition\GPlrLanc.exe
AddRemove-exent_652450 - c:\remote programs\Kudos 2\GPlrLanc.exe
AddRemove-exent_652550 - c:\remote programs\Kudos_ Rock Legend\GPlrLanc.exe
AddRemove-Sega Smash Pack - c:\sega\Smash Pack\Uninst.isu
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-Yahoo! Messenger - c:\progra~1\Yahoo!\MESSEN~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-10-31 07:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6712)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-10-31 08:14:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-31 12:14

Pre-Run: 30,394,396,672 bytes free
Post-Run: 30,357,610,496 bytes free

- - End Of File - - A2D2332DC40EE9FF0300C8F6DBCA9D34

svoboda

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-10-28
Operating System : Windows

View user profile

Back to top Go down

Re: Stolen Data

Post by Belahzur on Mon 01 Nov 2010, 12:21 pm

Hello.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Stolen Data

Post by svoboda on Tue 02 Nov 2010, 9:00 am

Here are the results

GooredFix by jpshortstuff (03.07.10.1)
Log created at 17:59 on 01/11/2010 (John)
Firefox version 3.6.12 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{E99E75E7-A6A9-45A9-B1D6-E2B1A97B8AA0} -> Success!
Deleting C:\Documents and Settings\John\Local Settings\Application Data\{E99E75E7-A6A9-45A9-B1D6-E2B1A97B8AA0} -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{9AF61E57-1552-42CF-B909-861AA0B4EC85} -> Success!
Deleting C:\Documents and Settings\Natalie\Local Settings\Application Data\{9AF61E57-1552-42CF-B909-861AA0B4EC85} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:53 14/01/2009]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [21:43 28/02/2009]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [17:13 23/06/2010]

C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\n11iic3e.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [03:24 02/08/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [02:09 22/08/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [17:12 23/06/2010]
"{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}"="C:\WINDOWS\system32\5006" [01:21 21/10/2010]

-=E.O.F=-

svoboda

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-10-28
Operating System : Windows

View user profile

Back to top Go down

Re: Stolen Data

Post by Belahzur on Tue 02 Nov 2010, 11:36 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    File::
    c:\windows\system32\srvblck2.tmp
    c:\windows\system32\n11iic3e.default.tmp

    Folder::
    c:\documents and settings\John\Application Data\Olil
    c:\documents and settings\John\Application Data\Qeevq
    c:\windows\system32\5006

    Driver::
    COMServer

    Registry::
    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}"=-
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Stolen Data

Post by svoboda on Wed 03 Nov 2010, 8:35 am

Here are the results:

ComboFix 10-10-30.01 - John 11/01/2010 21:25:32.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.247.91 [GMT -4:00]
Running from: c:\documents and settings\John\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\John\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\n11iic3e.default.tmp"
"c:\windows\system32\srvblck2.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\John\Application Data\Olil
c:\documents and settings\John\Application Data\Olil\nyci.tmp
c:\documents and settings\John\Application Data\Qeevq
c:\windows\system32\5006
c:\windows\system32\5006\components\AcroFF.dll
c:\windows\system32\5006\components\AcroFF.txt
c:\windows\system32\5006\install.rdf
c:\windows\system32\n11iic3e.default.tmp
c:\windows\system32\srvblck2.tmp
c:\windows\system32\xmldm
c:\windows\system32\xmldm\2208_FF_0000001824.htm
c:\windows\system32\xmldm\2208_FF_0000001825.key
c:\windows\system32\xmldm\2208_FF_0000001826.frm
c:\windows\system32\xmldm\2208_FF_0000001827.pst
c:\windows\system32\xmldm\2208_FF_0000001828.pst
c:\windows\system32\xmldm\2208_FF_0000001829.pst
c:\windows\system32\xmldm\2208_FF_0000001830.htm
c:\windows\system32\xmldm\2208_FF_0000001831.key
c:\windows\system32\xmldm\2208_FF_0000001832.frm
c:\windows\system32\xmldm\2208_FF_0000001833.htm
c:\windows\system32\xmldm\2208_FF_0000001834.key
c:\windows\system32\xmldm\2208_FF_0000001835.frm
c:\windows\system32\xmldm\2208_FF_0000001836.pst
c:\windows\system32\xmldm\2208_FF_0000001837.htm
c:\windows\system32\xmldm\2208_FF_0000001838.key
c:\windows\system32\xmldm\2208_FF_0000001839.frm
c:\windows\system32\xmldm\2208_FF_0000001840.pst
c:\windows\system32\xmldm\2208_FF_0000001841.htm
c:\windows\system32\xmldm\2208_FF_0000001842.key
c:\windows\system32\xmldm\2208_FF_0000001843.htm
c:\windows\system32\xmldm\2208_FF_0000001844.key
c:\windows\system32\xmldm\2208_FF_0000001845.htm
c:\windows\system32\xmldm\2208_FF_0000001846.pst
c:\windows\system32\xmldm\2208_FF_0000001847.htm
c:\windows\system32\xmldm\2208_FF_0000001848.htm
c:\windows\system32\xmldm\2208_FF_0000001849.key
c:\windows\system32\xmldm\2208_FF_0000001850.frm
c:\windows\system32\xmldm\2208_FF_0000001851.pst
c:\windows\system32\xmldm\2208_FF_0000001852.htm
c:\windows\system32\xmldm\2208_FF_0000001853_ifrm.htm
c:\windows\system32\xmldm\2208_FF_0000001854.htm
c:\windows\system32\xmldm\2208_FF_0000001855.key
c:\windows\system32\xmldm\2208_FF_0000001856.htm
c:\windows\system32\xmldm\2208_FF_0000001857.key
c:\windows\system32\xmldm\2208_FF_0000001858.htm
c:\windows\system32\xmldm\2208_FF_0000001859.key
c:\windows\system32\xmldm\2208_FF_0000001860.htm
c:\windows\system32\xmldm\2208_FF_0000001861.key
c:\windows\system32\xmldm\2208_FF_0000001862.htm
c:\windows\system32\xmldm\2208_FF_0000001863.key
c:\windows\system32\xmldm\2208_FF_0000001864.frm
c:\windows\system32\xmldm\2208_FF_0000001865.frm
c:\windows\system32\xmldm\2208_FF_0000001866.htm
c:\windows\system32\xmldm\2208_FF_0000001867.key
c:\windows\system32\xmldm\2208_FF_0000001868.htm
c:\windows\system32\xmldm\2208_FF_0000001869.key
c:\windows\system32\xmldm\2208_FF_0000001870.htm
c:\windows\system32\xmldm\2208_FF_0000001871.key
c:\windows\system32\xmldm\2208_FF_0000001872.key
c:\windows\system32\xmldm\2208_FF_0000001873_ifrm.htm
c:\windows\system32\xmldm\2208_FF_0000001874.htm
c:\windows\system32\xmldm\2208_FF_0000001875.htm
c:\windows\system32\xmldm\2208_FF_0000001876.key
c:\windows\system32\xmldm\2208_FF_0000001877.htm
c:\windows\system32\xmldm\2208_FF_0000001878.key
c:\windows\system32\xmldm\2208_FF_0000001879.htm
c:\windows\system32\xmldm\2208_FF_0000001880_ifrm.htm
c:\windows\system32\xmldm\2208_FF_0000001881.htm
c:\windows\system32\xmldm\2208_FF_0000001882.key
c:\windows\system32\xmldm\2208_FF_0000001883.htm
c:\windows\system32\xmldm\2208_FF_0000001884.key
c:\windows\system32\xmldm\2208_FF_0000001885.pst
c:\windows\system32\xmldm\2208_FF_0000001886.htm
c:\windows\system32\xmldm\2208_FF_0000001887.key
c:\windows\system32\xmldm\2208_FF_0000001888.frm
c:\windows\system32\xmldm\2208_FF_0000001889.frm
c:\windows\system32\xmldm\2208_FF_0000001890.htm
c:\windows\system32\xmldm\2208_FF_0000001891.key
c:\windows\system32\xmldm\2208_FF_0000001892_ifrm.htm
c:\windows\system32\xmldm\2208_FF_0000001893.htm
c:\windows\system32\xmldm\2208_FF_0000001894.key
c:\windows\system32\xmldm\2208_FF_0000001895_ifrm.htm
c:\windows\system32\xmldm\2208_FF_0000001896.htm
c:\windows\system32\xmldm\2208_FF_0000001897.key
c:\windows\system32\xmldm\2208_FF_0000001898.htm
c:\windows\system32\xmldm\2208_FF_0000001899.key
c:\windows\system32\xmldm\2208_FF_0000001900.pst
c:\windows\system32\xmldm\2208_FF_0000001901.htm
c:\windows\system32\xmldm\2208_FF_0000001902.key
c:\windows\system32\xmldm\2208_FF_0000001903_ifrm.htm
c:\windows\system32\xmldm\2208_FF_0000001904.htm
c:\windows\system32\xmldm\2208_FF_0000001905.key
c:\windows\system32\xmldm\2208_FF_0000001906.htm
c:\windows\system32\xmldm\2208_FF_0000001907.key
c:\windows\system32\xmldm\2208_FF_0000001908.htm
c:\windows\system32\xmldm\2208_FF_0000001909.key
c:\windows\system32\xmldm\2208_FF_0000001910.htm
c:\windows\system32\xmldm\2208_FF_0000001911.key
c:\windows\system32\xmldm\2208_FF_0000001912.htm
c:\windows\system32\xmldm\2208_FF_0000001913.key
c:\windows\system32\xmldm\2208_FF_0000001914.htm
c:\windows\system32\xmldm\2208_FF_0000001915.key
c:\windows\system32\xmldm\2208_FF_0000001916_ifrm.htm
c:\windows\system32\xmldm\2208_FF_0000001917.htm
c:\windows\system32\xmldm\2208_FF_0000001918.key
c:\windows\system32\xmldm\2208_FF_0000001919.htm
c:\windows\system32\xmldm\2208_FF_0000001920.key
c:\windows\system32\xmldm\2208_FF_0000001921.htm
c:\windows\system32\xmldm\2208_FF_0000001922.key
c:\windows\system32\xmldm\2208_FF_0000001923_ifrm.htm
c:\windows\system32\xmldm\2208_FF_0000001924.htm
c:\windows\system32\xmldm\2208_FF_0000001925.key
c:\windows\system32\xmldm\2208_FF_0000001926.htm
c:\windows\system32\xmldm\2208_FF_0000001927.key
c:\windows\system32\xmldm\2208_FF_0000001928.htm
c:\windows\system32\xmldm\2208_FF_0000001929.key
c:\windows\system32\xmldm\2208_FF_0000001930.htm
c:\windows\system32\xmldm\2208_FF_0000001931.key
c:\windows\system32\xmldm\2208_FF_0000001932.htm
c:\windows\system32\xmldm\2208_FF_0000001933.key
c:\windows\system32\xmldm\2208_FF_0000001934.htm
c:\windows\system32\xmldm\2208_FF_0000001935.key
c:\windows\system32\xmldm\2208_FF_0000001936.htm
c:\windows\system32\xmldm\2208_FF_0000001937.key
c:\windows\system32\xmldm\2208_FF_0000001938.htm
c:\windows\system32\xmldm\2208_FF_0000001939.key
c:\windows\system32\xmldm\2208_FF_0000001940.htm
c:\windows\system32\xmldm\2208_FF_0000001941.key
c:\windows\system32\xmldm\2208_FF_0000001942.htm
c:\windows\system32\xmldm\2208_FF_0000001943.key
c:\windows\system32\xmldm\2208_FF_0000001944.htm
c:\windows\system32\xmldm\2208_FF_0000001945.htm
c:\windows\system32\xmldm\2208_FF_0000001946.frm
c:\windows\system32\xmldm\2208_FF_0000001947.htm
c:\windows\system32\xmldm\2208_FF_0000001948.key
c:\windows\system32\xmldm\2208_FF_0000001949.frm
c:\windows\system32\xmldm\2208_FF_0000001950.htm
c:\windows\system32\xmldm\2208_FF_0000001951.key
c:\windows\system32\xmldm\2208_FF_0000001952.htm
c:\windows\system32\xmldm\2208_FF_0000001953.key
c:\windows\system32\xmldm\2208_FF_0000001954.frm
c:\windows\system32\xmldm\2208_FF_0000001955.frm
c:\windows\system32\xmldm\2208_FF_0000001956.frm
c:\windows\system32\xmldm\2208_FF_0000001957.htm
c:\windows\system32\xmldm\2208_FF_0000001958.key
c:\windows\system32\xmldm\2208_FF_0000001959.htm
c:\windows\system32\xmldm\2208_FF_0000001960.key
c:\windows\system32\xmldm\2208_FF_0000001961.frm
c:\windows\system32\xmldm\2208_FF_0000001962.frm
c:\windows\system32\xmldm\2208_FF_0000001963.frm
c:\windows\system32\xmldm\2208_FF_0000001964.htm
c:\windows\system32\xmldm\2208_FF_0000001965.key
c:\windows\system32\xmldm\2208_FF_0000001966.htm
c:\windows\system32\xmldm\2208_FF_0000001967.key
c:\windows\system32\xmldm\2208_FF_0000001968.htm
c:\windows\system32\xmldm\2208_FF_0000001969.key
c:\windows\system32\xmldm\2208_FF_0000001970.htm
c:\windows\system32\xmldm\2208_FF_0000001971.key
c:\windows\system32\xmldm\2208_FF_0000001972.htm
c:\windows\system32\xmldm\2208_FF_0000001973.key
c:\windows\system32\xmldm\2208_FF_0000001974.pst
c:\windows\system32\xmldm\2208_FF_0000001975.htm
c:\windows\system32\xmldm\2208_FF_0000001976.key
c:\windows\system32\xmldm\2208_FF_0000001977.pst
c:\windows\system32\xmldm\2208_FF_0000001978.htm
c:\windows\system32\xmldm\2208_FF_0000001979.key
c:\windows\system32\xmldm\2208_FF_0000001980.frm
c:\windows\system32\xmldm\2208_FF_0000001981.htm
c:\windows\system32\xmldm\2208_FF_0000001982.key
c:\windows\system32\xmldm\2208_FF_0000001983.frm
c:\windows\system32\xmldm\2208_FF_0000001984.htm
c:\windows\system32\xmldm\2208_FF_0000001985.key
c:\windows\system32\xmldm\2208_FF_0000001986.frm
c:\windows\system32\xmldm\2208_FF_0000001987.htm
c:\windows\system32\xmldm\2208_FF_0000001988.key
c:\windows\system32\xmldm\2208_FF_0000001989.htm
c:\windows\system32\xmldm\2208_FF_0000001990.key
c:\windows\system32\xmldm\2208_FF_0000001991.htm
c:\windows\system32\xmldm\2208_FF_0000001992.key
c:\windows\system32\xmldm\2208_FF_0000001993.frm
c:\windows\system32\xmldm\2208_FF_0000001994.frm
c:\windows\system32\xmldm\2208_FF_0000001995.frm
c:\windows\system32\xmldm\2208_FF_0000001996.frm
c:\windows\system32\xmldm\2208_FF_0000001997.htm
c:\windows\system32\xmldm\2208_FF_0000001998.key
c:\windows\system32\xmldm\2208_FF_0000001999.htm
c:\windows\system32\xmldm\2208_FF_0000002000.key
c:\windows\system32\xmldm\2208_FF_0000002001.htm
c:\windows\system32\xmldm\2208_FF_0000002002.key
c:\windows\system32\xmldm\2208_FF_0000002003.htm
c:\windows\system32\xmldm\2208_FF_0000002004.key
c:\windows\system32\xmldm\2208_FF_0000002005.htm
c:\windows\system32\xmldm\2208_FF_0000002006.key
c:\windows\system32\xmldm\2208_FF_0000002007.htm
c:\windows\system32\xmldm\2208_FF_0000002008.key
c:\windows\system32\xmldm\2208_FF_0000002009.htm
c:\windows\system32\xmldm\2208_FF_0000002010.key
c:\windows\system32\xmldm\2208_FF_0000002011.frm
c:\windows\system32\xmldm\2208_FF_0000002012.htm
c:\windows\system32\xmldm\2208_FF_0000002013.key
c:\windows\system32\xmldm\2208_FF_0000002014.frm
c:\windows\system32\xmldm\2208_FF_0000002015.pst
c:\windows\system32\xmldm\2208_FF_0000002016.htm
c:\windows\system32\xmldm\2208_FF_0000002017.key
c:\windows\system32\xmldm\2208_FF_0000002018.frm
c:\windows\system32\xmldm\2208_FF_0000002019.frm
c:\windows\system32\xmldm\2208_FF_0000002020.frm
c:\windows\system32\xmldm\2208_FF_0000002021.frm
c:\windows\system32\xmldm\2208_FF_0000002022.frm
c:\windows\system32\xmldm\2208_FF_0000002023.htm
c:\windows\system32\xmldm\2208_FF_0000002024.key
c:\windows\system32\xmldm\2208_FF_0000002025.htm
c:\windows\system32\xmldm\2208_FF_0000002026.key
c:\windows\system32\xmldm\2208_FF_0000002027.htm
c:\windows\system32\xmldm\2208_FF_0000002028.key
c:\windows\system32\xmldm\2208_FF_0000002029.htm
c:\windows\system32\xmldm\2208_FF_0000002030.key
c:\windows\system32\xmldm\2208_FF_0000002031.htm
c:\windows\system32\xmldm\2208_FF_0000002032.key
c:\windows\system32\xmldm\2208_FF_0000002033.pst
c:\windows\system32\xmldm\2208_FF_0000002034.htm
c:\windows\system32\xmldm\2208_FF_0000002035.key
c:\windows\system32\xmldm\2208_FF_0000002036_ifrm.htm
c:\windows\system32\xmldm\2208_FF_0000002037.key
c:\windows\system32\xmldm\2208_FF_0000002038.frm
c:\windows\system32\xmldm\2208_FF_0000002039.pst
c:\windows\system32\xmldm\2208_FF_0000002040_ifrm.htm
c:\windows\system32\xmldm\2208_FF_0000002041.frm
c:\windows\system32\xmldm\2208_FF_0000002042.htm
c:\windows\system32\xmldm\2208_FF_0000002043.key
c:\windows\system32\xmldm\2208_FF_0000002044.htm
c:\windows\system32\xmldm\2208_FF_0000002045.key
c:\windows\system32\xmldm\2208_FF_0000002046.htm
c:\windows\system32\xmldm\2208_FF_0000002047.key
c:\windows\system32\xmldm\2208_FF_0000002048.frm
c:\windows\system32\xmldm\2208_FF_0000002049.htm
c:\windows\system32\xmldm\2208_FF_0000002050.key
c:\windows\system32\xmldm\2208_FF_0000002051.htm
c:\windows\system32\xmldm\2208_FF_0000002052.key
c:\windows\system32\xmldm\2208_FF_0000002053.htm
c:\windows\system32\xmldm\2208_FF_0000002054.key
c:\windows\system32\xmldm\2208_FF_0000002055.frm
c:\windows\system32\xmldm\2208_FF_0000002056.htm
c:\windows\system32\xmldm\2208_FF_0000002057.key
c:\windows\system32\xmldm\2208_FF_0000002058_ifrm.htm
c:\windows\system32\xmldm\2208_FF_0000002059.htm
c:\windows\system32\xmldm\2208_FF_0000002060.key
c:\windows\system32\xmldm\2208_FF_0000002061.frm
c:\windows\system32\xmldm\2208_FF_0000002062.frm
c:\windows\system32\xmldm\2208_FF_0000002063.frm
c:\windows\system32\xmldm\2208_FF_0000002064.frm
c:\windows\system32\xmldm\2208_FF_0000002065.htm
c:\windows\system32\xmldm\2208_FF_0000002066.key
c:\windows\system32\xmldm\2208_FF_0000002067.frm
c:\windows\system32\xmldm\2208_FF_0000002068.frm
c:\windows\system32\xmldm\2208_FF_0000002069.htm
c:\windows\system32\xmldm\2208_FF_0000002070.key
c:\windows\system32\xmldm\2208_FF_0000002071_ifrm.htm
c:\windows\system32\xmldm\2208_FF_0000002072.htm
c:\windows\system32\xmldm\2208_FF_0000002073.key
c:\windows\system32\xmldm\2208_FF_0000002074_ifrm.htm
c:\windows\system32\xmldm\2208_FF_0000002075.htm
c:\windows\system32\xmldm\2208_FF_0000002076.key
c:\windows\system32\xmldm\2208_FF_0000002077.htm
c:\windows\system32\xmldm\2208_FF_0000002078.key
c:\windows\system32\xmldm\2208_FF_0000002079.htm
c:\windows\system32\xmldm\2208_FF_0000002080.key
c:\windows\system32\xmldm\2208_FF_0000002081.htm
c:\windows\system32\xmldm\2208_FF_0000002082.key
c:\windows\system32\xmldm\2208_FF_0000002083.htm
c:\windows\system32\xmldm\2208_FF_0000002084.key
c:\windows\system32\xmldm\2208_FF_0000002085.htm
c:\windows\system32\xmldm\2208_FF_0000002086.key
c:\windows\system32\xmldm\2208_FF_0000002087.htm
c:\windows\system32\xmldm\2208_FF_0000002088.key
c:\windows\system32\xmldm\2208_FF_0000002089.frm
c:\windows\system32\xmldm\2208_FF_0000002090.htm
c:\windows\system32\xmldm\2208_FF_0000002091.key
c:\windows\system32\xmldm\2208_FF_0000002092.htm
c:\windows\system32\xmldm\2208_FF_0000002093.key
c:\windows\system32\xmldm\2208_FF_0000002094.frm
c:\windows\system32\xmldm\2208_FF_0000002095_ifrm.htm
c:\windows\system32\xmldm\2208_FF_0000002096.htm
c:\windows\system32\xmldm\2208_FF_0000002097.key
c:\windows\system32\xmldm\2208_FF_0000002098.frm
c:\windows\system32\xmldm\2208_FF_0000002099.frm
c:\windows\system32\xmldm\2208_FF_0000002100.pst
c:\windows\system32\xmldm\2208_FF_0000002101.htm
c:\windows\system32\xmldm\2208_FF_0000002102.htm
c:\windows\system32\xmldm\2208_FF_0000002103.key
c:\windows\system32\xmldm\2208_FF_0000002104.frm
c:\windows\system32\xmldm\2208_FF_0000002105.htm
c:\windows\system32\xmldm\2208_FF_0000002106.frm
c:\windows\system32\xmldm\2208_FF_0000002107.frm
c:\windows\system32\xmldm\2208_FF_0000002108.pst
c:\windows\system32\xmldm\2208_FF_0000002109.htm
c:\windows\system32\xmldm\2208_FF_0000002110.key
c:\windows\system32\xmldm\2208_FF_0000002111.htm
c:\windows\system32\xmldm\2208_FF_0000002112.key
c:\windows\system32\xmldm\2208_FF_0000002113.htm
c:\windows\system32\xmldm\2208_FF_0000002114.key
c:\windows\system32\xmldm\2208_FF_0000002115.pst
c:\windows\system32\xmldm\2208_FF_0000002116.htm
c:\windows\system32\xmldm\2208_FF_0000002117.key
c:\windows\system32\xmldm\2208_FF_0000002118.htm
c:\windows\system32\xmldm\2208_FF_0000002119.key
c:\windows\system32\xmldm\2208_FF_0000002120_ifrm.htm
c:\windows\system32\xmldm\2208_FF_0000002121.htm
c:\windows\system32\xmldm\2208_FF_0000002122.key
c:\windows\system32\xmldm\2208_FF_0000002123.htm
c:\windows\system32\xmldm\2208_FF_0000002124.key

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COMSERVER
-------\Service_COMServer


((((((((((((((((((((((((( Files Created from 2010-10-02 to 2010-11-02 )))))))))))))))))))))))))))))))
.

2010-10-31 02:43 . 2010-10-31 02:41 388608 -c--a-w- c:\windows\system32\CF2234.exe
2010-10-31 02:36 . 2010-10-31 02:32 388608 -c--a-w- c:\windows\system32\CF522.exe
2010-10-06 17:33 . 2010-10-06 17:33 -------- dc----w- c:\documents and settings\Natalie\Application Data\skypePM
2010-10-06 17:31 . 2010-10-06 23:31 -------- dc----w- c:\documents and settings\Natalie\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ stera

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00 15360 ----a-w- c:\windows\SYSTEM32\CTFMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05 127035 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 14:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 14:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 14:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-02-13 18:06 2196240 -c--a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 21:57 26192168 -c--a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 08:25 144784 -c--a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-07-03 19:32 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2009-11-18 14:50 4269296 -c--a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"GameConsoleService"=3 (0x3)
"SSScsiSV"=3 (0x3)
"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Paradox Entertainment\\Europa Universalis 2\\eu2.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPLAYSVR.EXE"=
"c:\\Program Files\\Sports Interactive\\Worldwide Soccer Manager 2007\\fm.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\WINDOWS\\SYSTEM32\\java.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R2 X4HS32Ex;X4HS32Ex;c:\program files\Verizon Games on Demand Player\X4HS32Ex.Sys [x]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2009-11-18 668912]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Trusted Zone: musicmatch.com\online
DPF: {197F8FE3-8DF6-4755-B925-B94A1FF2F58E} - [You must be registered and logged in to see this link.]
DPF: {2D0280B1-DC42-4DFA-9525-09BD48838539} - [You must be registered and logged in to see this link.]
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\n11iic3e.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-exent_311650 - c:\remote programs\Capitalism II\GPlrLanc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-02 17:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6604)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
.
**************************************************************************
.
Completion time: 2010-11-02 17:32:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-02 21:31
ComboFix2.txt 2010-10-31 12:14

Pre-Run: 30,901,121,024 bytes free
Post-Run: 30,848,475,136 bytes free

- - End Of File - - 64E20D9EF92D1201EBA60C2E64A8DCEA

svoboda

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-10-28
Operating System : Windows

View user profile

Back to top Go down

Re: Stolen Data

Post by Belahzur on Wed 03 Nov 2010, 11:45 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Stolen Data

Post by svoboda on Thu 04 Nov 2010, 1:20 pm

Here are the results

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=7.00.6000.17055 (vista_gdr.100414-0533)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2237396a4fa2b24893220fa906d48c39
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-04 02:08:48
# local_time=2010-11-03 10:08:48 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=144183
# found=17
# cleaned=17
# scan_time=5910
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\6.0\40\337b8d68-36f4b48b a variant of Java/TrojanDownloader.OpenStream.NAU trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Natalie\My Documents\My Games\Halo\savegames\Killerfoot\checkpoints\RiskIISetup-dm.exe a variant of Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\41a219f\78.mof.vir Win32/RogueAV.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appconf32.exe.vir a variant of Win32/Spy.Banker.UOR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cryptnet32.dll.vir Win32/Lukicsel.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\EXTRDCTR.dll.vir Win32/PSW.Papras.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP69\A0008738.dll Win32/Lukicsel.Q trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP69\A0009729.dll Win32/Lukicsel.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP69\A0011742.exe a variant of Win32/Adware.FakeAntiSpy.M application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP69\A0011746.dll Win32/Lukicsel.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP71\A0011838.dll Win32/Lukicsel.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\A0011877.mof Win32/RogueAV.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\A0011887.exe a variant of Win32/Spy.Banker.UOR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\A0011888.dll Win32/Lukicsel.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\A0011889.dll Win32/PSW.Papras.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0003267.dll a variant of Win32/Cimag.CK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.AED virus (deleted - quarantined) 00000000000000000000000000000000 C

svoboda

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-10-28
Operating System : Windows

View user profile

Back to top Go down

Re: Stolen Data

Post by Belahzur on Fri 05 Nov 2010, 9:26 am

Hello.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Stolen Data

Post by svoboda on Mon 08 Nov 2010, 3:15 am

It seems to be running well, but I ran Malwarebytes today and trojan.banker showed up

svoboda

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-10-28
Operating System : Windows

View user profile

Back to top Go down

Re: Stolen Data

Post by Sneakyone on Mon 08 Nov 2010, 5:02 am

Hi,

Please post the latest Malwarebytes log.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Stolen Data

Post by svoboda on Mon 08 Nov 2010, 5:57 am

Here it is

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 5066

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

11/7/2010 11:16:10 AM
mbam-log-2010-11-07 (11-16-10).txt

Scan type: Quick scan
Objects scanned: 172084
Time elapsed: 8 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

svoboda

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-10-28
Operating System : Windows

View user profile

Back to top Go down

Re: Stolen Data

Post by DragonMaster Jay on Mon 08 Nov 2010, 3:27 pm

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Stolen Data

Post by Sponsored content Today at 9:47 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum