Random Internet Explorer Pop-ups

View previous topic View next topic Go down

Random Internet Explorer Pop-ups

Post by DerPancake on Sun 19 Jun 2011, 5:38 am

Hello, I have a problem with Internet Explorer because it starts giving me pop-ups about stuff like I won something, dating services, etc..., the problem is I don't even use Internet Explorer anymore, and many times this lags my computer.


OTL logfile created on: 6/18/2011 11:15:38 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 135.29 Mb Available Physical Memory | 26.88% Memory free
1.20 Gb Paging File | 0.80 Gb Available in Paging File | 66.99% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.18 Gb Total Space | 9.51 Gb Free Space | 18.58% Space Free | Partition Type: NTFS

Computer Name: ORGANIZA-5YHGNH | User Name: Luis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/18 11:14:35 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\My Documents\Downloads\OTL.com
PRC - [2011/06/13 16:52:23 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/06/11 18:26:18 | 000,188,416 | ---- | M] (Voobly) -- C:\Program Files\Voobly\voobly.exe
PRC - [2011/06/07 12:20:08 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/18 11:14:35 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\My Documents\Downloads\OTL.com
MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)


========== Driver Services (SafeList) ==========

DRV - [2011/04/27 19:18:34 | 000,239,472 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2010/07/15 09:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/03/16 18:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/02/08 14:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2007/01/30 10:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/05/03 13:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 13:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 13:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/04/13 19:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2002/09/24 10:53:06 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search Powered by Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {8a26dbf5-f61b-4239-81bd-d9fba99a8d74}:2.5.6.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.7
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.9.15079
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/28 21:25:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/25 16:47:50 | 000,000,000 | ---D | M]

[2009/10/17 14:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Application Data\Mozilla\Extensions
[2011/05/31 14:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Application Data\Mozilla\Firefox\Profiles\rcmjn0p8.default\extensions
[2010/05/19 14:40:32 | 000,000,000 | ---D | M] (GameFOX) -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Application Data\Mozilla\Firefox\Profiles\rcmjn0p8.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2010/05/19 14:40:31 | 000,000,000 | ---D | M] (compliance0615 Toolbar) -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Application Data\Mozilla\Firefox\Profiles\rcmjn0p8.default\extensions\{8a26dbf5-f61b-4239-81bd-d9fba99a8d74}
[2010/06/04 16:22:56 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Application Data\Mozilla\Firefox\Profiles\rcmjn0p8.default\extensions\eafo3fflauncher@ea.com
[2011/02/05 16:50:22 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Application Data\Mozilla\Firefox\Profiles\rcmjn0p8.default\extensions\ffxtlbr@Facemoods.com
[2010/03/29 17:23:08 | 000,000,000 | ---D | M] (Wild Pockets Loader) -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Application Data\Mozilla\Firefox\Profiles\rcmjn0p8.default\extensions\wildpocketsloader@simopsstudios.com
[2009/10/21 20:01:26 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Application Data\Mozilla\Firefox\Profiles\rcmjn0p8.default\searchplugins\conduit.xml
[2011/05/31 14:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/25 16:47:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/25 16:47:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/04/25 16:47:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/12/13 05:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchddr.xml

O1 HOSTS File: ([2002/09/03 09:34:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/26 14:42:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4e5eb9e4-f1b0-11de-b662-0014a4d1ee80}\Shell\AutoRun\command - "" = E:\RECYCLERTEMP\autorun.exe
O33 - MountPoints2\{4e5eb9e4-f1b0-11de-b662-0014a4d1ee80}\Shell\open\command - "" = E:\RECYCLERTEMP\autorun.exe
O33 - MountPoints2\{f0515646-7e7b-11df-b765-001422edfa9b}\Shell - "" = AutoRun
O33 - MountPoints2\{f0515646-7e7b-11df-b765-001422edfa9b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f0515646-7e7b-11df-b765-001422edfa9b}\Shell\AutoRun\command - "" = E:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "McComponentHostService"
MsConfig - Services: "McciCMService"
MsConfig - Services: "PnkBstrA"
MsConfig - Services: "LVPrcSrv"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "IS360service"
MsConfig - Services: "idsvc"
MsConfig - Services: "IDriverT"
MsConfig - Services: "FreeAgentGoNext Service"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^RVS 2010.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Luis.ORGANIZA-5YHGNH^Start Menu^Programs^Startup^GameRanger.lnk - C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Application Data\GameRanger\GameRanger\GameRanger.exe - (GameRanger Technologies)
MsConfig - StartUpFolder: C:^Documents and Settings^Luis.ORGANIZA-5YHGNH^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Luis.ORGANIZA-5YHGNH^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Luis.ORGANIZA-5YHGNH^Start Menu^Programs^Startup^Seagate 2GHM4X82 Product Registration.lnk - C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Application Data\Leadertech\PowerRegister\Seagate 2GHM4X82 Product Registration.exe - (Leader Technologies/Seagate)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DownloadAccelerator - hkey= - key= - File not found
MsConfig - StartUpReg: facemoods - hkey= - key= - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: IObit Security 360 - hkey= - key= - File not found
MsConfig - StartUpReg: Logitech Vid - hkey= - key= - C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig - StartUpReg: MaxMenuMgr - hkey= - key= - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
MsConfig - StartUpReg: PRISMSVR.EXE - hkey= - key= - File not found
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: Voobly - hkey= - key= - C:\Program Files\Voobly\voobly.exe (Voobly)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 1

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: IMFservice - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - File not found
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - Reg Error: Value error.
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IV41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 18:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\IObit Malware Fighter
[2011/06/13 14:54:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/18 10:25:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/18 09:43:18 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/18 09:43:18 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/06/18 09:43:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/17 18:58:47 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\IObit Malware Fighter.lnk
[2011/06/17 11:37:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/13 21:21:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/13 16:55:36 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/13 14:57:42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/13 10:12:22 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Desktop\Voobly.lnk
[2011/06/09 13:53:30 | 000,131,329 | ---- | M] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Desktop\nacimiento-jesus.jpg
[2011/05/31 14:21:27 | 000,046,913 | ---- | M] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Desktop\AtlantisProperties 5-31-11.JPG
[2011/05/31 11:18:45 | 000,000,004 | ---- | M] () -- C:\Program Files\35250.dat
[2011/05/31 11:16:08 | 000,000,004 | ---- | M] () -- C:\Program Files\35375.dat
[2011/05/31 11:11:45 | 000,000,004 | ---- | M] () -- C:\Program Files\37593.dat
[2011/05/26 18:34:27 | 000,018,069 | ---- | M] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Desktop\522797-5051-6.jpg
[2011/05/20 15:58:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Local Settings\Application Data\{7596CBBB-E91E-4946-848D-BCA39B3B4AD2}
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/17 18:58:47 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\IObit Malware Fighter.lnk
[2011/06/13 14:57:42 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/13 14:57:42 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Start Menu\Programs\Internet Explorer.lnk
[2011/06/09 13:52:44 | 000,131,329 | ---- | C] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Desktop\nacimiento-jesus.jpg
[2011/06/08 13:59:30 | 000,001,082 | ---- | C] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Start Menu\Programs\GameRanger.lnk
[2011/06/02 15:45:27 | 001,275,186 | ---- | C] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Desktop\CAM_0850.JPG
[2011/06/02 15:45:27 | 001,155,008 | ---- | C] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Desktop\CAM_0852.JPG
[2011/06/02 15:45:27 | 001,065,421 | ---- | C] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Desktop\CAM_0851.JPG
[2011/05/31 14:21:25 | 000,046,913 | ---- | C] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Desktop\AtlantisProperties 5-31-11.JPG
[2011/05/31 11:18:45 | 000,000,004 | ---- | C] () -- C:\Program Files\35250.dat
[2011/05/31 11:16:08 | 000,000,004 | ---- | C] () -- C:\Program Files\35375.dat
[2011/05/31 11:11:45 | 000,000,004 | ---- | C] () -- C:\Program Files\37593.dat
[2011/05/28 10:29:44 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Desktop\Voobly.lnk
[2011/05/27 16:16:31 | 000,795,655 | ---- | C] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Desktop\CAM_0805.JPG
[2011/05/26 18:34:28 | 000,018,069 | ---- | C] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Desktop\522797-5051-6.jpg
[2011/05/20 15:58:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Local Settings\Application Data\{7596CBBB-E91E-4946-848D-BCA39B3B4AD2}
[2010/12/24 11:31:11 | 002,217,088 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/12/24 11:31:11 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/12/24 11:31:11 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/12/24 11:31:11 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/12/24 11:31:11 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/08/13 16:01:55 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/31 21:06:54 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2010/07/23 13:18:09 | 000,000,053 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/10 06:33:56 | 000,130,958 | ---- | C] () -- C:\WINDOWS\hpoins12.dat
[2010/05/10 06:33:56 | 000,001,470 | ---- | C] () -- C:\WINDOWS\hpomdl12.dat
[2010/03/22 15:55:25 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Local Settings\Application Data\PUTTY.RND
[2010/02/12 20:29:50 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/12/25 16:52:46 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2009/11/01 17:35:31 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/11/01 17:35:31 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Application Data\PnkBstrK.sys
[2009/11/01 17:35:12 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/11/01 17:35:10 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/11/01 17:35:09 | 002,395,944 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2009/10/17 18:57:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/17 18:46:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/10/17 16:13:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/17 16:13:13 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/10/17 15:18:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/10/17 14:34:58 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/17 14:10:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/17 14:05:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/17 13:57:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/17 06:43:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/17 06:42:21 | 000,136,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/12/29 13:46:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/09/03 10:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 10:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 09:58:49 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/09/03 09:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 09:52:00 | 000,519,278 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 09:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 09:51:54 | 000,104,706 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 09:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 09:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 09:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 09:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 09:30:33 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2010/02/15 12:18:48 | 000,114,352 | ---- | M] (GameRanger Technologies) -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Desktop\GameRangerSetup.exe
[2010/05/22 11:20:55 | 014,554,440 | ---- | M] () -- C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\Desktop\winzip145.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/09/16 15:02:28 | 000,000,000 | ---- | M] () -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/09/16 15:02:28 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/09/16 15:02:28 | 000,000,000 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2010/08/24 19:31:23 | 000,243,160 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2008/08/15 13:47:26 | 000,000,000 | ---D | M] -- C:\Program Files\2Wire
[2009/09/15 18:03:31 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2009/04/13 20:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
[2010/06/20 19:13:28 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/07/17 16:48:39 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2009/01/06 22:22:36 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/04/16 11:56:52 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/11/25 17:20:18 | 000,000,000 | ---D | M] -- C:\Program Files\Asprate
[2009/10/31 22:07:46 | 000,000,000 | ---D | M] -- C:\Program Files\AssaultCube_v1.0
[2010/12/24 14:20:52 | 000,000,000 | ---D | M] -- C:\Program Files\AtlantisRO
[2009/03/25 16:33:49 | 000,000,000 | ---D | M] -- C:\Program Files\ATT
[2010/03/22 15:53:07 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-RC
[2009/02/23 21:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2009/05/16 21:34:44 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/10/17 15:17:12 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2009/02/27 18:39:09 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/04/25 16:48:31 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/12/26 14:39:05 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/12/29 13:48:05 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/06/04 16:43:24 | 000,000,000 | ---D | M] -- C:\Program Files\Copystar
[2011/02/28 21:25:10 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2009/05/16 21:34:45 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/05/25 22:34:03 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2010/06/24 15:26:10 | 000,000,000 | ---D | M] -- C:\Program Files\DAP
[2009/10/17 16:13:13 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2009/05/28 19:12:07 | 000,000,000 | ---D | M] -- C:\Program Files\DreamQuest
[2008/09/20 21:45:36 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Identifier
[2007/12/27 18:31:02 | 000,000,000 | ---D | M] -- C:\Program Files\Dx9c
[2009/11/01 16:51:48 | 000,000,000 | ---D | M] -- C:\Program Files\EA Games
[2010/12/24 11:30:59 | 000,000,000 | ---D | M] -- C:\Program Files\EASEUS
[2009/06/12 11:41:03 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
[2011/02/05 16:50:21 | 000,000,000 | ---D | M] -- C:\Program Files\facemoods.com
[2007/12/29 18:05:19 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2010/10/14 17:23:36 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2008/10/15 18:17:49 | 000,000,000 | ---D | M] -- C:\Program Files\Game_Maker7
[2010/07/27 11:47:21 | 000,000,000 | ---D | M] -- C:\Program Files\Game_Maker8
[2009/05/06 21:43:22 | 000,000,000 | ---D | M] -- C:\Program Files\GGPO
[2009/12/28 21:30:59 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/12/14 11:46:36 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/05/10 06:41:17 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/02/11 19:19:36 | 000,000,000 | ---D | M] -- C:\Program Files\HyCam2
[2009/09/17 19:00:11 | 000,000,000 | ---D | M] -- C:\Program Files\IGZones
[2010/12/26 00:37:34 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/12/29 13:43:19 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/06/14 14:10:07 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/06/17 18:58:29 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2008/11/25 17:22:26 | 000,000,000 | ---D | M] -- C:\Program Files\iWin
[2011/02/05 16:24:25 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/12/25 21:57:22 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2009/09/15 18:19:10 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2010/07/21 15:30:20 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/06 22:25:56 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/04/14 08:24:49 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/02/12 16:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\Melody Assistant
[2010/08/17 17:20:14 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/09/12 14:54:52 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2011/02/05 16:40:44 | 000,000,000 | ---D | M] -- C:\Program Files\MetaGeek
[2009/10/21 17:20:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/12/27 18:05:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2007/12/26 14:42:11 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/07/31 21:07:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/06/01 17:11:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/15 16:51:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/06/01 17:08:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/06/01 17:13:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/03/13 13:40:38 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/05/31 14:06:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/12/23 16:22:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/09/12 18:11:55 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/10/17 13:56:20 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/12/26 14:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/01/03 20:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/12/29 12:16:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/11/14 16:10:53 | 000,000,000 | ---D | M] -- C:\Program Files\Netflix
[2009/10/21 16:52:08 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/25 16:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\Nick Arcade
[2010/06/02 21:02:50 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2007/12/26 14:40:48 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/10/31 22:05:34 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2008/01/02 18:20:31 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.3
[2011/04/25 16:49:49 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/07/17 20:30:45 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/10/18 15:54:13 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/05/16 21:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\PerformanceTest
[2009/09/18 16:32:43 | 000,000,000 | ---D | M] -- C:\Program Files\PFPortChecker
[2008/03/27 20:54:34 | 000,000,000 | ---D | M] -- C:\Program Files\PowerISO
[2010/07/23 13:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\Prevx
[2010/12/23 16:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/09 17:07:28 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2010/06/22 21:01:23 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2010/12/26 00:37:09 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
[2008/09/07 19:38:37 | 000,000,000 | ---D | M] -- C:\Program Files\Shockwave.com
[2007/12/29 13:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2009/07/30 17:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\Software Informer
[2010/02/15 11:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2009/08/31 16:23:50 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2009/10/31 22:54:08 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2009/03/25 16:33:47 | 000,000,000 | ---D | M] -- C:\Program Files\Total Video Converter
[2009/05/16 21:35:37 | 000,000,000 | ---D | M] -- C:\Program Files\Triggersoft
[2009/06/12 11:38:05 | 000,000,000 | ---D | M] -- C:\Program Files\True Sword 5
[2009/09/15 17:56:28 | 000,000,000 | ---D | M] -- C:\Program Files\Undisker
[2007/12/26 14:48:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/09/10 20:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2009/09/10 17:38:58 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/05/01 19:08:32 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2008/02/19 19:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011/06/13 10:12:22 | 000,000,000 | ---D | M] -- C:\Program Files\Voobly
[2010/12/23 16:27:57 | 000,000,000 | ---D | M] -- C:\Program Files\WBFS
[2009/10/21 17:20:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/01/19 21:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009/10/21 17:20:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2008/11/14 16:19:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/04/30 22:25:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/10/21 16:51:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/10/17 17:48:30 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/03/29 22:15:52 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/01/03 19:29:05 | 000,000,000 | ---D | M] -- C:\Program Files\Wolfenstein - Enemy Territory
[2007/12/26 14:42:11 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/05/16 21:34:38 | 000,000,000 | ---D | M] -- C:\Program Files\XPC Tools
[2008/08/03 18:31:39 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/09/12 18:05:14 | 000,000,000 | ---D | M] -- C:\Program Files\YOSENIO Removal Tool
[2009/05/16 21:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/03 10:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/09/03 09:27:33 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2002/09/03 10:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2004/08/03 22:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\disk.sys
[2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\disk.sys
[2002/09/03 09:30:56 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=D1B16340CEACEECBF52340A0CBDF43E1 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2002/09/03 09:48:22 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-15 05:11:38

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/13 16:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/08/24 19:31:07 | 000,615,120 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/08/24 19:31:07 | 000,615,120 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/08/24 19:31:07 | 000,615,120 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/09/16 15:02:28 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/09/16 15:02:28 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/09/16 15:02:28 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/13 16:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/13 16:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/13 16:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/13 16:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 06:30:57 | 000,221,696 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 06:30:57 | 000,221,696 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 06:30:57 | 000,221,696 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/09/03 09:45:27 | 000,155,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/13 16:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/08/24 19:31:07 | 000,615,120 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/08/24 19:31:07 | 000,615,120 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/08/24 19:31:07 | 000,615,120 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/09/16 15:02:28 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/09/16 15:02:28 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/09/16 15:02:28 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/13 16:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/13 16:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/13 16:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/13 16:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 06:30:57 | 000,221,696 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 06:30:57 | 000,221,696 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 06:30:57 | 000,221,696 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/09/03 09:45:27 | 000,155,648 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D74B6CF5

< End of report >

DerPancake

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-05-18
Operating System : XP

View user profile

Back to top Go down

Re: Random Internet Explorer Pop-ups

Post by DerPancake on Sun 19 Jun 2011, 5:43 am

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-18 11:41:53
-----------------------------
11:41:53.343 OS Version: Windows 5.1.2600 Service Pack 2
11:41:53.343 Number of processors: 1 586 0xD08
11:41:53.343 ComputerName: ORGANIZA-5YHGNH UserName: Luis
11:41:55.265 Initialize success
11:42:01.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:42:01.078 Disk 0 Vendor: Size: 0MB BusType: 0
11:42:03.125 Disk 0 MBR read successfully
11:42:03.125 Disk 0 MBR scan
11:42:03.125 Disk 0 Whistler@MBR code has been found
11:42:03.125 Disk 0 MBR hidden
11:42:03.125 Disk 0 MBR [Whistler] **ROOTKIT**
11:42:03.125 Disk 0 scanning C:\WINDOWS\system32\drivers
11:42:14.078 Service scanning
11:42:16.796 Disk 0 trace - called modules:
11:42:16.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
11:42:16.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823a4030]
11:42:16.859 3 CLASSPNP.SYS[f84d305b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82329230]
11:42:16.859 Scan finished successfully
11:42:43.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\My Documents\Downloads\MBR.dat"
11:42:43.906 The log file has been saved successfully to "C:\Documents and Settings\Luis.ORGANIZA-5YHGNH\My Documents\Downloads\aswMBR.txt"


DerPancake

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-05-18
Operating System : XP

View user profile

Back to top Go down

Re: Random Internet Explorer Pop-ups

Post by Pancake on Sun 19 Jun 2011, 10:00 am

Please download Malwarebytes' Anti-Malware from one of these places:

Majorgeeks or Besttechie


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.



===============================================



Download Combofix from Bleepingcomputer or Geekstogo and place it on your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : [You must be registered and logged in to see this link.]

Please include the C:\ComboFix.txt in your next reply for further review.


Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper













Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Random Internet Explorer Pop-ups

Post by DerPancake on Sun 19 Jun 2011, 10:54 am

Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Database version: 6891

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/18/2011 4:37:27 PM
mbam-log-2011-06-18 (16-37-27).txt

Scan type: Quick scan
Objects scanned: 242484
Time elapsed: 20 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RSVP (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\rsvp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\luis.organiza-5yhgnh\my documents\downloads\whitesmokeinstaller_9128.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\calc.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\luis.organiza-5yhgnh\local settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

ComboFix coming next...

DerPancake

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-05-18
Operating System : XP

View user profile

Back to top Go down

Re: Random Internet Explorer Pop-ups

Post by Pancake on Sun 19 Jun 2011, 11:06 am

Ok.Just need the Combofix now.Did you click Fix on the MBR scan.?






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Random Internet Explorer Pop-ups

Post by DerPancake on Sun 19 Jun 2011, 1:25 pm

ComboFix has been running for more than 2 hours, is this supposed to happen?

DerPancake

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2009-05-18
Operating System : XP

View user profile

Back to top Go down

Re: Random Internet Explorer Pop-ups

Post by Pancake on Sun 19 Jun 2011, 2:39 pm

Stop it.Run it in safe mode.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Random Internet Explorer Pop-ups

Post by Sponsored content Today at 8:03 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum