|
|
|
Virus/trojan took over!
|
|
|
Mikeryan1
Newbie
|
2. January 2010 @ 16:26 |
Link to this message
|
I attempted to download a free version of a DVD ripper program last night. When I turned on my computer this morning, Windows Defender was freaking out! I tried to run search and destroy, Windows defender and even install Malewarebytes, but whatever it is has prevented me from doing that, or logging onto the internet.
Luckily, I have access to another computer, so, based on the Sticky up top, I first rebooted in Safe Mode to see if I could run Windows Defender or Search and Destroy. No luck. I backed up all my document and pictures files to be safe. While in Safe mode, I attempted to install Malwarebytes off of a flash drive, but wa unable to do so.
I downloaded HiJack this onto a flash drive and installed it on the infected computer. I have the file log, if someone would like to help me out.
Thank in advance,
Mike
I know enough to be dangerous!
|
|
Advertisement
|
 |
|
|
|
Mikeryan1
Newbie
|
2. January 2010 @ 16:36 |
Link to this message
|
Attached Log from HiJack:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 3:43:24 PM, on 1/2/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Mike\AppData\Local\Temp\settdebugx.exe
C:\Users\Mike\Documents\RCA Detective\RCADetective.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Mike\AppData\Local\Temp\wscsvc32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Mike\AppData\Local\Temp\Installer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wftv.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [settdebugx.exe] C:\Users\Mike\AppData\Local\Temp\settdebugx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: RCA Detective.lnk = C:\Users\Mike\Documents\RCA Detective\RCADetective.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008...toUploader5.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://125.206.34.117/cgi-bin/kxhcm10.ocx
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://76.108.199.199:1024/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009...oUploader55.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/j...ows-i586-jc.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://lts.maronda.com/dwa8W.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://63.165.41.9/JpegInst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\Windows\system32\lxdfcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 14646 bytes
I know enough to be dangerous!
|
Newbie
|
2. January 2010 @ 17:00 |
Link to this message
|
It looks like you're infected with a TDSS variant
Download, extract and run TDSSKiller - http://support.kaspersky.com/downloads/utils/tdsskiller.zip
If for some reason it doesn't run, rename it with random character such as "hf83cvf.exe" and remember to run it as Administrator
When TDSSKiller finishes, post the log that should be in C: and named like "TDSSKiller.2.1.1_02.log"
Also post another HjT log as well.
This message has been edited since posting. Last time this message was edited on 2. January 2010 @ 17:05
|
|
Mikeryan1
Newbie
|
2. January 2010 @ 17:16 |
Link to this message
|
THANKS!!
This is what I have:
17:11:25:100 3416 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
17:11:25:101 3416 ================================================================================
17:11:25:101 3416 SystemInfo:
17:11:25:101 3416 OS Version: 6.0.6001 ServicePack: 1.0
17:11:25:101 3416 Product type: Workstation
17:11:25:102 3416 ComputerName: MIKE-PC
17:11:25:104 3416 UserName: Mike
17:11:25:104 3416 Windows directory: C:\Windows
17:11:25:104 3416 Processor architecture: Intel x86
17:11:25:104 3416 Number of processors: 2
17:11:25:104 3416 Page size: 0x1000
17:11:25:110 3416 Boot type: Normal boot
17:11:25:111 3416 ================================================================================
17:11:25:120 3416 ForceUnloadDriver: NtUnloadDriver error 2
17:11:25:124 3416 ForceUnloadDriver: NtUnloadDriver error 2
17:11:25:127 3416 ForceUnloadDriver: NtUnloadDriver error 2
17:11:25:130 3416 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\Drivers\KLMD.sys) returned status 0
17:11:25:132 3416 main: Driver KLMD successfully dropped
17:11:25:165 3416 main: Driver KLMD successfully loaded
17:11:25:165 3416
Scanning Registry ...
17:11:25:167 3416 ScanServices: Searching service UACd.sys
17:11:25:167 3416 ScanServices: Open/Create key error 2
17:11:25:168 3416 ScanServices: Searching service TDSSserv.sys
17:11:25:168 3416 ScanServices: Open/Create key error 2
17:11:25:168 3416 ScanServices: Searching service gaopdxserv.sys
17:11:25:168 3416 ScanServices: Open/Create key error 2
17:11:25:168 3416 ScanServices: Searching service gxvxcserv.sys
17:11:25:168 3416 ScanServices: Open/Create key error 2
17:11:25:168 3416 ScanServices: Searching service MSIVXserv.sys
17:11:25:169 3416 ScanServices: Open/Create key error 2
17:11:25:175 3416 UnhookRegistry: Kernel module file name: C:\Windows\system32\ntkrnlpa.exe, base addr: 81E03000
17:11:25:177 3416 UnhookRegistry: Kernel local addr: 1CD0000
17:11:25:177 3416 UnhookRegistry: KeServiceDescriptorTable addr: 1E07B00
17:11:25:182 3416 UnhookRegistry: KiServiceTable addr: 1D888E0
17:11:25:183 3416 UnhookRegistry: NtEnumerateKey service number (local): 85
17:11:25:183 3416 UnhookRegistry: NtEnumerateKey local addr: 1ED7BAC
17:11:25:204 3416 KLMD_OpenDevice: Trying to open KLMD device
17:11:25:204 3416 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
17:11:25:205 3416 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
17:11:25:205 3416 KLMD_ReadMem: Trying to ReadMemory 0x81E58AAD[0x4]
17:11:25:205 3416 UnhookRegistry: NtEnumerateKey service number (kernel): 85
17:11:25:205 3416 KLMD_ReadMem: Trying to ReadMemory 0x81EBBAF4[0x4]
17:11:25:205 3416 UnhookRegistry: NtEnumerateKey real addr: 8200ABAC
17:11:25:205 3416 UnhookRegistry: NtEnumerateKey calc addr: 8200ABAC
17:11:25:206 3416 UnhookRegistry: No SDT hooks found on NtEnumerateKey
17:11:25:206 3416 KLMD_ReadMem: Trying to ReadMemory 0x8200ABAC[0xA]
17:11:25:206 3416 UnhookRegistry: No splicing found on NtEnumerateKey
17:11:25:213 3416
Scanning Kernel memory ...
17:11:25:214 3416 KLMD_OpenDevice: Trying to open KLMD device
17:11:25:215 3416 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
17:11:25:215 3416 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
17:11:25:215 3416 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 84DF0430
17:11:25:215 3416 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
17:11:25:215 3416 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 84191900
17:11:25:216 3416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84191900
17:11:25:216 3416 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 844E57E8
17:11:25:216 3416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 844E57E8
17:11:25:216 3416 KLMD_ReadMem: Trying to ReadMemory 0x844E57E8[0x38]
17:11:25:216 3416 DetectCureTDL3: DRIVER_OBJECT addr: 8413C670
17:11:25:216 3416 KLMD_ReadMem: Trying to ReadMemory 0x8413C670[0xA8]
17:11:25:217 3416 KLMD_ReadMem: Trying to ReadMemory 0x865153E0[0x208]
17:11:25:217 3416 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
17:11:25:217 3416 DetectCureTDL3: IrpHandler (0) addr: 9D59BB40
17:11:25:218 3416 DetectCureTDL3: IrpHandler (1) addr: 81E28FE3
17:11:25:218 3416 DetectCureTDL3: IrpHandler (2) addr: 9D59BBB8
17:11:25:218 3416 DetectCureTDL3: IrpHandler (3) addr: 9D59BC30
17:11:25:218 3416 DetectCureTDL3: IrpHandler (4) addr: 9D59BC30
17:11:25:218 3416 DetectCureTDL3: IrpHandler (5) addr: 81E28FE3
17:11:25:218 3416 DetectCureTDL3: IrpHandler (6) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (7) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (8) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (9) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (10) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (11) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (12) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (13) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (14) addr: 9D59B828
17:11:25:220 3416 DetectCureTDL3: IrpHandler (15) addr: 9D5904AA
17:11:25:220 3416 DetectCureTDL3: IrpHandler (16) addr: 81E28FE3
17:11:25:220 3416 DetectCureTDL3: IrpHandler (17) addr: 81E28FE3
17:11:25:220 3416 DetectCureTDL3: IrpHandler (18) addr: 81E28FE3
17:11:25:220 3416 DetectCureTDL3: IrpHandler (19) addr: 81E28FE3
17:11:25:220 3416 DetectCureTDL3: IrpHandler (20) addr: 81E28FE3
17:11:25:220 3416 DetectCureTDL3: IrpHandler (21) addr: 81E28FE3
17:11:25:221 3416 DetectCureTDL3: IrpHandler (22) addr: 9D599F9A
17:11:25:221 3416 DetectCureTDL3: IrpHandler (23) addr: 9D5977A2
17:11:25:221 3416 DetectCureTDL3: IrpHandler (24) addr: 81E28FE3
17:11:25:221 3416 DetectCureTDL3: IrpHandler (25) addr: 81E28FE3
17:11:25:221 3416 DetectCureTDL3: IrpHandler (26) addr: 81E28FE3
17:11:25:221 3416 KLMD_ReadMem: Trying to ReadMemory 0x9D592A44[0x400]
17:11:25:222 3416 TDL3_StartIoHookDetect: CheckParameters: 5, 9D596000, 0, 0
17:11:25:222 3416 TDL3_FileDetect: Processing driver: USBSTOR
17:11:25:223 3416 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk
17:11:25:223 3416 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys
17:11:25:223 3416 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys
17:11:25:246 3416 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 84EF3878
17:11:25:246 3416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84EF3878
17:11:25:246 3416 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 847A8950
17:11:25:246 3416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 847A8950
17:11:25:247 3416 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 847A6BA0
17:11:25:247 3416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 847A6BA0
17:11:25:247 3416 KLMD_ReadMem: Trying to ReadMemory 0x847A6BA0[0x38]
17:11:25:247 3416 DetectCureTDL3: DRIVER_OBJECT addr: 8479ABE0
17:11:25:247 3416 KLMD_ReadMem: Trying to ReadMemory 0x8479ABE0[0xA8]
17:11:25:247 3416 KLMD_ReadMem: Trying to ReadMemory 0x83E00038[0x208]
17:11:25:248 3416 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
17:11:25:248 3416 DetectCureTDL3: IrpHandler (0) addr: 807440FC
17:11:25:248 3416 DetectCureTDL3: IrpHandler (1) addr: 81E28FE3
17:11:25:248 3416 DetectCureTDL3: IrpHandler (2) addr: 807440FC
17:11:25:248 3416 DetectCureTDL3: IrpHandler (3) addr: 81E28FE3
17:11:25:248 3416 DetectCureTDL3: IrpHandler (4) addr: 81E28FE3
17:11:25:248 3416 DetectCureTDL3: IrpHandler (5) addr: 81E28FE3
17:11:25:248 3416 DetectCureTDL3: IrpHandler (6) addr: 81E28FE3
17:11:25:249 3416 DetectCureTDL3: IrpHandler (7) addr: 81E28FE3
17:11:25:249 3416 DetectCureTDL3: IrpHandler (8) addr: 81E28FE3
17:11:25:249 3416 DetectCureTDL3: IrpHandler (9) addr: 81E28FE3
17:11:25:249 3416 DetectCureTDL3: IrpHandler (10) addr: 81E28FE3
17:11:25:249 3416 DetectCureTDL3: IrpHandler (11) addr: 81E28FE3
17:11:25:250 3416 DetectCureTDL3: IrpHandler (12) addr: 81E28FE3
17:11:25:250 3416 DetectCureTDL3: IrpHandler (13) addr: 81E28FE3
17:11:25:250 3416 DetectCureTDL3: IrpHandler (14) addr: 807329D6
17:11:25:250 3416 DetectCureTDL3: IrpHandler (15) addr: 807329A8
17:11:25:250 3416 DetectCureTDL3: IrpHandler (16) addr: 81E28FE3
17:11:25:250 3416 DetectCureTDL3: IrpHandler (17) addr: 81E28FE3
17:11:25:250 3416 DetectCureTDL3: IrpHandler (18) addr: 81E28FE3
17:11:25:251 3416 DetectCureTDL3: IrpHandler (19) addr: 81E28FE3
17:11:25:251 3416 DetectCureTDL3: IrpHandler (20) addr: 81E28FE3
17:11:25:251 3416 DetectCureTDL3: IrpHandler (21) addr: 81E28FE3
17:11:25:251 3416 DetectCureTDL3: IrpHandler (22) addr: 80732A04
17:11:25:251 3416 DetectCureTDL3: IrpHandler (23) addr: 8073FB70
17:11:25:251 3416 DetectCureTDL3: IrpHandler (24) addr: 81E28FE3
17:11:25:251 3416 DetectCureTDL3: IrpHandler (25) addr: 81E28FE3
17:11:25:252 3416 DetectCureTDL3: IrpHandler (26) addr: 81E28FE3
17:11:25:252 3416 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
17:11:25:252 3416 KLMD_ReadMem: DeviceIoControl error 1
17:11:25:252 3416 TDL3_StartIoHookDetect: Unable to get StartIo handler code
17:11:25:252 3416 TDL3_FileDetect: Processing driver: atapi
17:11:25:253 3416 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\atapi.sys, C:\Windows\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk
17:11:25:253 3416 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
17:11:25:253 3416 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
17:11:25:276 3416
Completed
Results:
17:11:25:278 3416 Infected objects in memory: 0
17:11:25:278 3416 Cured objects in memory: 0
17:11:25:279 3416 Infected objects on disk: 0
17:11:25:280 3416 Objects on disk cured on reboot: 0
17:11:25:281 3416 Objects on disk deleted on reboot: 0
17:11:25:282 3416 Registry nodes deleted on reboot: 0
17:11:25:283 3416
I know enough to be dangerous!
|
Newbie
|
2. January 2010 @ 17:27 |
Link to this message
|
Alright well, that seemed to be pretty useless ;)
Download and run OTL - http://oldtimer.geekstogo.com/OTL.exe
Check "Scan all users" and tick "Standard Output"
Then click "Run Scan"
It may take awhile before its finished, OTL should produce a log, post that here.
|
|
Mikeryan1
Newbie
|
2. January 2010 @ 17:41 |
Link to this message
|
|
&?%#^%*!!!
Didn't recognize my USB drives for the flash drive and it just logged me out because of corrupt system files!
Stand by please...
I know enough to be dangerous!
|
|
Mikeryan1
Newbie
|
2. January 2010 @ 17:46 |
Link to this message
|
|
it's OK to do this in Safe Mode, correct?
I know enough to be dangerous!
|
Newbie
|
2. January 2010 @ 17:51 |
Link to this message
|
|
Yes, it should work the same safe mode.
Also, did you manage to catch what system files were corrupted?
|
|
Mikeryan1
Newbie
|
2. January 2010 @ 17:57 |
Link to this message
|
It did not say. It was just a message box that popped up.
OTL log:
OTL logfile created on: 1/2/2010 5:45:50 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = H:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 82.35 Gb Free Space | 58.56% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.81 Gb Free Space | 21.43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.96 Gb Total Space | 0.86 Gb Free Space | 44.03% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
Computer Name: MIKE-PC
Current User Name: Mike
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2010/01/02 17:33:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2009/11/21 01:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:33:11 | 00,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2010/01/02 17:33:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
MOD - [2008/01/19 02:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2009/12/21 20:29:42 | 00,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/04/13 14:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/03/25 06:57:37 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/04 02:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/04/15 12:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/03/28 18:04:58 | 00,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/03/06 16:19:44 | 00,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2008/03/06 16:19:44 | 00,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2008/03/06 16:19:40 | 01,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 19:28:34 | 00,271,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/12/19 19:28:34 | 00,112,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/11/12 10:37:34 | 01,252,232 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/05/31 09:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/29 13:06:44 | 00,598,960 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxdfcoms.exe -- (lxdf_device)
SRV - [2007/05/29 13:06:20 | 00,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe -- (lxdfCATSCustConnectService)
SRV - [2007/05/03 16:51:50 | 00,151,552 | ---- | M] (SprintNextel) [Disabled | Stopped] -- C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe -- (Access Utility Service)
SRV - [2007/02/17 06:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/01/14 08:11:06 | 00,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/13 04:40:58 | 00,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 06:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/10 06:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 06:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 06:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 09:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/11/28 11:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2008/12/04 02:42:00 | 07,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/04/01 16:29:08 | 00,445,184 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2008/03/03 19:32:00 | 00,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/01/19 00:57:15 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/01/19 00:56:08 | 00,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2007/11/12 10:34:53 | 00,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/11/06 17:28:40 | 00,180,272 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071220.001\IDSvix86.sys -- (IDSvix86)
DRV - [2007/10/30 19:55:44 | 00,037,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2007/10/30 19:55:38 | 00,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/30 19:55:34 | 00,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/10/30 19:55:28 | 00,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/10/30 19:55:20 | 00,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/10/30 19:55:14 | 00,012,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/05/31 12:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/03/08 17:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2007/03/06 23:15:58 | 01,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 09:42:22 | 00,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 18:50:32 | 00,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/02/13 00:12:04 | 00,021,376 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/23 12:03:28 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 11:40:20 | 00,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 10:24:58 | 00,026,496 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2007/01/12 22:59:02 | 00,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/01/03 10:43:12 | 00,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/01/03 10:43:12 | 00,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/12/07 10:05:58 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/12/07 10:04:36 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/12/07 10:04:26 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/30 12:24:58 | 00,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 11:44:52 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 00,163,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/18 21:10:57 | 01,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/06/28 11:54:00 | 00,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/06/19 09:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-897006483-1081127982-554325316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-897006483-1081127982-554325316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-897006483-1081127982-554325316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wftv.com/index.html
IE - HKU\S-1-5-21-897006483-1081127982-554325316-1000\S-1-5-21-897006483-1081127982-554325316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/11/07 16:34:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/26 14:36:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/26 14:36:20 | 00,000,000 | ---D | M]
[2009/03/01 20:02:40 | 00,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2009/12/25 17:41:41 | 00,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\oduxrvtv.default\extensions
[2009/12/25 14:10:46 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\oduxrvtv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/03/01 20:02:21 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: (292023 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10057 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-897006483-1081127982-554325316-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-897006483-1081127982-554325316-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [lxdfamon] C:\Program Files\Lexmark 6500 Series\lxdfamon.exe ()
O4 - HKLM..\Run: [lxdfmon.exe] C:\Program Files\Lexmark 6500 Series\lxdfmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-897006483-1081127982-554325316-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-897006483-1081127982-554325316-1000..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-897006483-1081127982-554325316-1000..\Run: [settdebugx.exe] C:\Users\Mike\AppData\Local\Temp\settdebugx.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-897006483-1081127982-554325316-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-897006483-1081127982-554325316-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-897006483-1081127982-554325316-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\Mike\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-897006483-1081127982-554325316-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-897006483-1081127982-554325316-1000\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://125.206.34.117/cgi-bin/kxhcm10.ocx (KXHCM10 Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} http://76.108.199.199:1024/img/NetCamPlayerWeb11g.ocx (NetCamPlayerWeb11g Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/j...ows-i586-jc.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fla...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://lts.maronda.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} http://63.165.41.9/JpegInst.cab (pmjpegcam Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 06:08:39 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{653bf888-9181-11dc-8e59-001a73b126bf}\Shell - "" = AutoRun
O33 - MountPoints2\{653bf888-9181-11dc-8e59-001a73b126bf}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e270c71b-f923-11dd-92d9-001b24b20d2e}\Shell\AutoRun\command - "" = G:\rcasw_setup.exe -- File not found
O33 - MountPoints2\{e270c71b-f923-11dd-92d9-001b24b20d2e}\Shell\Manage your videos\command - "" = RCAMemoryMgr.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010/01/02 17:10:15 | 00,000,000 | ---D | C] -- C:\tdsskiller
[2010/01/02 15:42:41 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/02 15:34:19 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2010/01/02 12:59:48 | 00,000,000 | ---D | C] -- C:\Program Files\Malware Defense
[2010/01/01 23:00:14 | 00,000,000 | ---D | C] -- C:\Program Files\Aimersoft
[2009/12/25 22:17:23 | 00,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Blackberry Desktop
[2009/12/25 22:13:27 | 00,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Research In Motion
[2009/12/25 21:48:30 | 00,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2009/12/25 21:44:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/12/25 21:13:27 | 00,026,496 | ---- | C] (Research in Motion Ltd) -- C:\Windows\System32\drivers\RimSerial.sys
[2009/12/25 21:12:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2009/12/25 21:12:12 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2009/12/23 03:21:03 | 00,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer
[2009/12/15 21:30:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009/12/10 03:10:12 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/10 03:10:04 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/09 08:26:32 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/12/09 08:26:32 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/12/09 08:26:31 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/12/09 08:26:31 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/12/09 08:26:31 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/12/09 08:26:31 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/12/09 08:26:31 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/12/09 08:26:31 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/12/09 08:26:31 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/12/09 08:26:31 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/12/09 08:26:31 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/12/09 08:26:31 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/12/09 08:26:31 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/12/09 08:26:30 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/12/09 08:25:57 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/12/09 08:25:57 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/12/08 22:56:23 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2008/04/23 13:23:48 | 00,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdfhcp.dll
[2008/04/23 13:23:45 | 00,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdfinpa.dll
[2008/04/23 13:23:45 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdfiesc.dll
[2008/04/23 13:23:44 | 01,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdfserv.dll
[2008/04/23 13:23:44 | 00,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdfusb1.dll
[2008/04/23 13:23:43 | 00,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdfpmui.dll
[2008/04/23 13:23:43 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdfprox.dll
[2008/04/23 13:23:42 | 00,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdflmpm.dll
[2008/04/23 13:23:38 | 00,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdfhbn3.dll
[2008/04/23 13:23:36 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdfcomm.dll
[2008/04/23 13:23:35 | 00,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdfcomc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2010/01/02 17:43:08 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/02 17:42:43 | 18,322,4464 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/02 17:41:35 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/02 17:41:17 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/02 17:41:17 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/02 17:41:15 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/02 17:41:15 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/02 17:41:13 | 00,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/02 17:40:07 | 07,602,176 | -HS- | M] () -- C:\Users\Mike\ntuser.dat
[2010/01/02 17:40:05 | 00,524,288 | -HS- | M] () -- C:\Users\Mike\ntuser.dat{8b9f35d3-98b9-11dd-b7e7-001b24b20d2e}.TMContainer00000000000000000001.regtrans-ms
[2010/01/02 17:40:05 | 00,065,536 | -HS- | M] () -- C:\Users\Mike\ntuser.dat{8b9f35d3-98b9-11dd-b7e7-001b24b20d2e}.TM.blf
[2010/01/02 17:39:45 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/02 17:39:42 | 02,195,441 | -H-- | M] () -- C:\Users\Mike\AppData\Local\IconCache.db
[2010/01/02 17:35:07 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/02 15:43:14 | 00,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/02 15:43:14 | 00,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/02 15:43:14 | 00,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/02 15:43:00 | 00,002,515 | ---- | M] () -- C:\Users\Mike\Desktop\HiJackThis.lnk
[2010/01/02 15:41:46 | 00,136,192 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/02 15:36:25 | 00,027,744 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/01/02 15:13:52 | 00,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/01/02 12:47:40 | 00,000,876 | ---- | M] () -- C:\Windows\System32\krl32mainweq.dll
[2010/01/02 12:46:38 | 00,000,202 | ---- | M] () -- C:\Windows\System32\srcr.dat
[2010/01/02 12:44:57 | 00,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini
[2010/01/01 22:07:31 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ED00D37D-CE43-4E52-844B-71672EF8F201}.job
[2009/12/31 11:56:53 | 00,034,473 | ---- | M] () -- C:\Users\Mike\Desktop\Cap one bowl.gif
[2009/12/30 16:42:09 | 00,009,222 | ---- | M] () -- C:\Users\Mike\Desktop\Ryan December Bank Statement.pdf
[2009/12/30 16:35:13 | 00,009,778 | ---- | M] () -- C:\Users\Mike\Desktop\Ryan November Bank Statement.pdf
[2009/12/30 16:19:26 | 05,309,136 | ---- | M] () -- C:\Users\Mike\Desktop\Paystubs Nov and Dec. Ryan.PDF
[2009/12/29 23:10:53 | 00,015,331 | ---- | M] () -- C:\Users\Mike\Desktop\Masters vs Bach chart.xlsx
[2009/12/26 15:22:49 | 00,130,143 | ---- | M] () -- C:\Users\Mike\Desktop\Honeymoon Disc Art.stx
[2009/12/26 09:55:51 | 00,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
[2009/12/26 09:09:44 | 00,065,536 | ---- | M] () -- C:\Users\Mike\Desktop\Advent Calendar.jpg
[2009/12/25 21:53:11 | 00,396,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/25 21:35:47 | 00,111,248 | ---- | M] () -- C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/25 21:12:45 | 00,001,869 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2009/12/24 23:33:58 | 00,014,524 | ---- | M] () -- C:\Users\Mike\Desktop\disney-castle2.jpg
[2009/12/24 11:38:00 | 03,330,873 | ---- | M] () -- C:\Users\Mike\Desktop\Pop's Stone.jpg
[2009/12/24 11:05:00 | 03,402,267 | ---- | M] () -- C:\Users\Mike\Desktop\Gammy's stone.jpg
[2009/12/23 03:21:58 | 15,269,8880 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/12/23 03:21:58 | 00,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/12/23 03:21:58 | 00,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/12/22 20:40:20 | 00,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/16 00:27:33 | 00,019,015 | ---- | M] () -- C:\Users\Mike\Desktop\Preparation for QLC1.docx
[2009/12/09 20:05:45 | 03,356,989 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2009/12/09 17:49:28 | 00,078,205 | ---- | M] () -- C:\Users\Mike\Desktop\Channel Lineup.pdf
[2009/12/08 17:42:16 | 01,247,083 | ---- | M] () -- C:\Users\Mike\Desktop\Matthew and Santa 2009.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/01/02 15:42:41 | 00,002,515 | ---- | C] () -- C:\Users\Mike\Desktop\HiJackThis.lnk
[2010/01/02 12:47:40 | 00,000,876 | ---- | C] () -- C:\Windows\System32\krl32mainweq.dll
[2010/01/02 12:46:38 | 00,000,202 | ---- | C] () -- C:\Windows\System32\srcr.dat
[2010/01/02 12:44:57 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/12/31 11:58:47 | 00,034,473 | ---- | C] () -- C:\Users\Mike\Desktop\Cap one bowl.gif
[2009/12/30 16:42:09 | 00,009,222 | ---- | C] () -- C:\Users\Mike\Desktop\Ryan December Bank Statement.pdf
[2009/12/30 16:35:13 | 00,009,778 | ---- | C] () -- C:\Users\Mike\Desktop\Ryan November Bank Statement.pdf
[2009/12/30 16:21:25 | 05,309,136 | ---- | C] () -- C:\Users\Mike\Desktop\Paystubs Nov and Dec. Ryan.PDF
[2009/12/29 23:02:42 | 00,015,331 | ---- | C] () -- C:\Users\Mike\Desktop\Masters vs Bach chart.xlsx
[2009/12/26 09:10:49 | 00,065,536 | ---- | C] () -- C:\Users\Mike\Desktop\Advent Calendar.jpg
[2009/12/25 22:13:32 | 00,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/12/25 21:12:45 | 00,001,869 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2009/12/24 23:37:33 | 00,130,143 | ---- | C] () -- C:\Users\Mike\Desktop\Honeymoon Disc Art.stx
[2009/12/24 23:33:21 | 00,014,524 | ---- | C] () -- C:\Users\Mike\Desktop\disney-castle2.jpg
[2009/12/24 11:38:00 | 03,330,873 | ---- | C] () -- C:\Users\Mike\Desktop\Pop's Stone.jpg
[2009/12/24 11:05:00 | 03,402,267 | ---- | C] () -- C:\Users\Mike\Desktop\Gammy's stone.jpg
[2009/12/23 03:02:47 | 00,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/12/23 03:02:47 | 00,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/12/23 03:02:46 | 15,269,8880 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/12/22 20:40:20 | 00,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/21 20:30:19 | 00,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/21 20:30:16 | 00,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/16 00:27:31 | 00,019,015 | ---- | C] () -- C:\Users\Mike\Desktop\Preparation for QLC1.docx
[2009/12/09 17:49:27 | 00,078,205 | ---- | C] () -- C:\Users\Mike\Desktop\Channel Lineup.pdf
[2009/12/08 17:42:43 | 01,247,083 | ---- | C] () -- C:\Users\Mike\Desktop\Matthew and Santa 2009.jpg
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/30 06:29:38 | 00,004,096 | -H-- | C] () -- C:\Users\Mike\AppData\Local\keyfile3.drm
[2009/02/16 08:02:58 | 00,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/16 08:02:52 | 00,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/14 21:43:13 | 00,561,152 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/14 21:43:13 | 00,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/30 21:30:26 | 00,015,275 | ---- | C] () -- C:\ProgramData\lxdf
[2008/04/25 07:44:15 | 00,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\wklnhst.dat
[2008/04/23 13:41:51 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdfcoin.dll
[2008/04/23 13:33:35 | 00,032,768 | ---- | C] () -- C:\Windows\System32\LXDFFXPU.DLL
[2008/04/23 13:33:34 | 00,045,056 | ---- | C] () -- C:\Windows\System32\LXDFPMON.DLL
[2008/04/23 13:33:14 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdfoem.dll
[2008/04/23 13:24:24 | 00,000,060 | ---- | C] () -- C:\Windows\System32\lxdfrwrd.ini
[2008/04/23 13:23:51 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdfinst.dll
[2008/04/23 13:23:38 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdfgrd.dll
[2007/12/25 10:37:41 | 00,000,053 | ---- | C] () -- C:\Windows\WININIT.INI
[2007/12/25 10:37:34 | 00,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2007/12/23 09:47:24 | 00,038,431 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Comma Separated Values (DOS).ADR
[2007/11/14 08:47:12 | 00,136,192 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/13 00:10:37 | 00,027,240 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\nvModes.dat
[2007/11/13 00:10:37 | 00,027,240 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\nvModes.001
[2007/11/12 09:00:18 | 00,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\QSwitch.txt
[2007/11/12 09:00:18 | 00,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\DSwitch.txt
[2007/11/12 09:00:18 | 00,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\AtStart.txt
[2007/09/05 19:01:22 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/08/23 11:55:34 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/08/23 11:50:04 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2007/08/23 11:50:04 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2007/08/04 05:53:27 | 00,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/05/24 23:24:25 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdfdrs.dll
[2007/05/22 17:09:48 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxdfcaps.dll
[2007/04/17 17:17:05 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdfcnv4.dll
[2007/02/27 15:43:02 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 01:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/01 08:53:18 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdfvs.dll
[2006/03/09 19:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 07:06:00 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 64 bytes -> C:\Users\Mike\Desktop\Kayak vs Gator.MOV:TOC.WMV
< End of report >
I know enough to be dangerous!
|
Newbie
|
2. January 2010 @ 18:13 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 2. January 2010 @ 18:16
|
|
Mikeryan1
Newbie
|
2. January 2010 @ 18:30 |
Link to this message
|
I saved the Maleware link to my flash drive and tried to run it on the infected computer (after running Rkill)and I got the error code 707 (3,0). The Maleware forum says the answer to this is reinstallation, yet I have tried 3 times and get the same code. Any hints?
I know enough to be dangerous!
|
Newbie
|
2. January 2010 @ 19:49 |
Link to this message
|
Try SUPERAntiSpyware as an alternative - http://www.superantispyware.com/superantispyware.html
When you have SUPERAntiSpyware installed and updated.
Click "Scan my Computer"
Select the drive your OS (Operating System) is on and tick "Perform Complete Scan".
Remove any entries it finds.
When you're back at the main menu, goto "Preferences..."
Goto the "Statistics/Logs" tab and double click the scan log that you just performed.
Post the log here.
This message has been edited since posting. Last time this message was edited on 2. January 2010 @ 19:54
|
|
Mikeryan1
Newbie
|
2. January 2010 @ 20:02 |
Link to this message
|
|
Thanks...don't go to bed on me yet! :-)
I know enough to be dangerous!
|
Newbie
|
2. January 2010 @ 20:07 |
Link to this message
|
Originally posted by Mikeryan1:
Thanks...don't go to bed on me yet! :-)
Heh, if you want to chat in real-time you can click the edited by ddp". Don't worry I won't charge anything. I only do free work for this forum. ;)
This message has been edited since posting. Last time this message was edited on 2. January 2010 @ 23:50
|
|
Mikeryan1
Newbie
|
2. January 2010 @ 20:10 |
Link to this message
|
|
"Superantispyware has stopped working, Windows is checking for a solution"
This may have something to do with what's going on in safe mode. When I picked the 1st repair it..., it asked for my admin password. Since it's Vista, I used the same password that I logged in and it said that my password is no longer valid, please see an admin. This is a home computer and there is no other admin except me.
How screwed am I?
I know enough to be dangerous!
|
Newbie
|
2. January 2010 @ 21:17 |
Link to this message
|
Hmmm...
I hate to keep asking you to download programs, but could you download Dr.Web CureIt! ? - http://www.freedrweb.com/download+cureit/
When you run CureIt, it doesn't need to be installed just click "Scan". It'll take a bit to initialize the scan. "Cure" anything it finds.
Note: If it doesn't run, rename it with random characters.
Sorry I wasn't answering on Crossloop, I stepped away for some grub. I should be on
This message has been edited since posting. Last time this message was edited on 2. January 2010 @ 21:20
|
|
Mikeryan1
Newbie
|
2. January 2010 @ 21:18 |
Link to this message
|
|
That's OK! My stomach is in too many knots to think about eating!
I know enough to be dangerous!
|
|
Mikeryan1
Newbie
|
2. January 2010 @ 21:24 |
Link to this message
|
|
That page was in Russian and Google translator din't translate which program. (I clicke 30 day demo...then it redirected t the untranslatable page)
I know enough to be dangerous!
|
Newbie
|
2. January 2010 @ 21:28 |
Link to this message
|
|
|
|
Mikeryan1
Newbie
|
2. January 2010 @ 21:38 |
Link to this message
|
|
its downloading....
I know enough to be dangerous!
|
|
Mikeryan1
Newbie
|
2. January 2010 @ 21:41 |
Link to this message
|
|
scanning...
still scanning...80,000 files so far and nothing in the box next to the ticking counter...
I know enough to be dangerous!
This message has been edited since posting. Last time this message was edited on 2. January 2010 @ 22:31
|
Newbie
|
2. January 2010 @ 21:47 |
Link to this message
|
Please remember that there is a Edit function for your posts. ;)
This message has been edited since posting. Last time this message was edited on 2. January 2010 @ 23:52
|
|
Mikeryan1
Newbie
|
2. January 2010 @ 22:49 |
Link to this message
|
|
100475 files scanned, no viruses found!
It's not looking good...
I know enough to be dangerous!
|
Newbie
|
2. January 2010 @ 23:07 |
Link to this message
|
Alright, lets try removing
C:\Users\Mike\AppData\Local\Temp\wscsvc32.exe
and
C:\Users\Mike\AppData\Local\Temp\settdebugx.exe
If you aren't able to delete them, try KillBox - http://killbox.net/downloads/beta/KillBox.exe
Open KillBox and paste the path to the files above into "Full Path of File to Delete" then click the red circle with the "X" in it.
This message has been edited since posting. Last time this message was edited on 2. January 2010 @ 23:11
|
|
Advertisement
|
|
|
|
Mikeryan1
Newbie
|
2. January 2010 @ 23:37 |
Link to this message
|
|
Both files deleted....next step?
There are 3 files in that directory that keep appearing as desktop Icons...youporn, naked tube and another porn site. Theres a very small thumbnail on the "browse for files or folders" directory. Should I delete those too? They aren't directory files, but single files.
Also, is it possible to delete by date? Any file that was instaled after X time?
I know enough to be dangerous!
This message has been edited since posting. Last time this message was edited on 2. January 2010 @ 23:42
|
|
