Wopatoolie

Multiple Trojans That Cannot Be Deleted

Recommended Posts

There are several trojans my a-squared free says that I cannot delete and I'd like to get rid of them. For the most part while having this p.c. for over a year and a half there have been absolutely no problems with regular maintenance. I know what some of them are, I also know that no trojans are a good thing, and most of them have been problem free because they help my programs to work correctly. But recently I have been having some strange problems that I don't know if they are the cause of or not. The main problem I recently noticed is; after about 12 hours or so of my computer sitting idle all programs on my desktop (browsers, Camfrog, antispyware, Windows Media Player etc.), including after clicking Start the restart, shutdown etc. simply don't work, and I am forced to unplug my p.c. to get it to restart. It works fine after restarting (I guess) but I'm not thrilled to have to suddenly start unplugging it because of this. Any advice or help?

OS WinVista SP2

Share this post


Link to post
Share on other sites

x86

McAfee Firewall & Antivirus

AdAware Anniversary Edition

A-Squared Free

I don't know what else I'm supposed to post; a good portion of the 'Start Here' link is info to be posted after doing other things that I either don't need to do or don't pertain to my problem.

Thank you

Share this post


Link to post
Share on other sites

There are 3 logs that need to be provided. The instructions in their entirety apply to all persons requesting malware removal support.

Share this post


Link to post
Share on other sites

Your logs don't show anything that could be causing the problem you described in your first post.

Let's use a tool that will gather much more information.

Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Attach both logs with your next reply.

Share this post


Link to post
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
    
    :Files
    C:\Windows\*.tmp 
    @C:\ProgramData\TEMP:9AEE100C
    @C:\Users\Workgroup\Documents\Shareaza:Shareaza.GUID
    @C:\Users\Workgroup\Documents\My Games:Shareaza.GUID
    @C:\Users\Workgroup\Documents\Camfrog Stuff-Shareaza:Shareaza.GUID
    @C:\ProgramData\TEMP:8CE646EE
    @C:\ProgramData\TEMP:94A19129
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Share this post


Link to post
Share on other sites

Now I'm told I have used too much of my quota to upload the log file from this OTL run. It says the file is 107k and I have 34.57k left.....?

OK, go ahead and copy & paste the OTL log to your reply.

Share this post


Link to post
Share on other sites

OTL logfile created on: 10/17/2009 8:44:46 PM - Run 2

OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\Workgroup

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18828)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.78 Gb Total Space | 63.19 Gb Free Space | 28.36% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 6.25 Gb Free Space | 62.52% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: D2M5CJF1

Current User Name: Workgroup

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

PRC - C:\Program Files\IObit\IObit Security 360\IS360srv.exe (IObit)

PRC - C:\Program Files\IObit\IObit Security 360\is360tray.exe (IObit)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()

PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Users\Workgroup\OTL.exe (OldTimer Tools)

PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)

PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)

PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (a2free [Auto | Running]) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)

SRV - (AERTFilters [Auto | Running]) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (BroadCamService [On_Demand | Stopped]) -- C:\Program Files\NCH Software\BroadCam\broadcam.exe (NCH Software)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (DellAMBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe ()

SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()

SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)

SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (gupdate1c9919d68e3ab03 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (idsvc [unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (IS360service [Auto | Running]) -- C:\Program Files\IObit\IObit Security 360\IS360srv.exe (IObit)

SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()

SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

SRV - (McShield [unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)

SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (RapiMgr [Auto | Running]) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)

SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)

SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)

SRV - (WcesComm [Auto | Running]) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (XAudioService [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (acedrv11 [Auto | Running]) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)

DRV - (atksgt [Auto | Running]) -- C:\Windows\System32\DRIVERS\atksgt.sys ()

DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (camfilt2 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\camfilt2.sys (Guillemot Corporation)

DRV - (CAMTHWDM [Auto | Running]) -- C:\Windows\System32\DRIVERS\CAMTHWDM.sys ()

DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (datunidr [Auto | Running]) -- C:\Windows\System32\DRIVERS\datunidr.sys (Gteko Ltd.)

DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)

DRV - (dsunidrv [Auto | Running]) -- C:\Windows\System32\DRIVERS\dsunidrv.sys (Gteko Ltd.)

DRV - (dvdmmg [Auto | Running]) -- C:\Windows\System32\drivers\dvdmmg.sys ()

DRV - (e1express [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\e1e6032.sys (Intel Corporation)

DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)

DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWBS2 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.)

DRV - (iaStor [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)

DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (igfx [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)

DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (Lbd [boot | Running]) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (lirsgt [Auto | Running]) -- C:\Windows\System32\DRIVERS\lirsgt.sys ()

DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LVUSBSta [On_Demand | Running]) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (mcdbus [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\mcdbus.sys (MagicISO, Inc.)

DRV - (mchInjDrv [system | Running]) -- C:\Windows\System32\Drivers\mchInjDrv.sys ()

DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (mfeavfk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfebopk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (mfehidk [system | Running]) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mferkdk [On_Demand | Stopped]) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)

DRV - (mfesmfk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)

DRV - (MPFP [system | Running]) -- C:\Windows\System32\Drivers\Mpfp.sys (McAfee, Inc.)

DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (MREMP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (NAL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\iqvw32.sys (Intel Corporation )

DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (PID_0928 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\LV561AV.SYS (Logitech Inc.)

DRV - (PTproct [On_Demand | Stopped]) -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys (Gteko Ltd.)

DRV - (PxHelp20 [boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)

DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (SNPSTD3 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\snpstd3.sys (Sonix Co. Ltd.)

DRV - (sptd [boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (ssfs0bbc [boot | Running]) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))

DRV - (sshrmd [boot | Running]) -- C:\Windows\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))

DRV - (ssidrv [boot | Running]) -- C:\Windows\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))

DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (tapavpn [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\tapavpn.sys (Steganos GmbH)

DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (usbaudio [On_Demand | Running]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (winachsf [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (XAudio [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080122

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = att.my.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "St. Louis Cardinals Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT206385&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85

FF - prefs.js..extensions.enabledItems: [email protected]:1.4.4

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071302000002

FF - prefs.js..extensions.enabledItems: [email protected]:0.4.2

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20090630

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT206385&SearchSource=2&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/30 11:19:20 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 14:09:36 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/12 21:35:27 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/12 21:35:26 | 00,000,000 | ---D | M]

[2009/03/18 07:20:01 | 00,000,000 | ---D | M] -- C:\Users\Workgroup\AppData\Roaming\mozilla\Extensions

[2009/03/18 07:20:01 | 00,000,000 | ---D | M] -- C:\Users\Workgroup\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/10/17 17:04:55 | 00,000,000 | ---D | M] -- C:\Users\Workgroup\AppData\Roaming\mozilla\Firefox\Profiles\o9sx8cfe.default\extensions

[2009/06/24 22:04:12 | 00,000,000 | ---D | M] -- C:\Users\Workgroup\AppData\Roaming\mozilla\Firefox\Profiles\o9sx8cfe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/06/30 21:31:32 | 00,000,000 | ---D | M] -- C:\Users\Workgroup\AppData\Roaming\mozilla\Firefox\Profiles\o9sx8cfe.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2009/10/10 05:48:46 | 00,000,000 | ---D | M] -- C:\Users\Workgroup\AppData\Roaming\mozilla\Firefox\Profiles\o9sx8cfe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/08/20 20:23:22 | 00,000,000 | ---D | M] -- C:\Users\Workgroup\AppData\Roaming\mozilla\Firefox\Profiles\o9sx8cfe.default\extensions\[email protected]

[2009/04/25 20:21:52 | 00,000,000 | ---D | M] -- C:\Users\Workgroup\AppData\Roaming\mozilla\Firefox\Profiles\o9sx8cfe.default\extensions\[email protected]

[2009/07/01 17:19:22 | 00,000,000 | ---D | M] -- C:\Users\Workgroup\AppData\Roaming\mozilla\Firefox\Profiles\o9sx8cfe.default\extensions\[email protected]

[2009/09/14 02:00:04 | 00,000,000 | ---D | M] -- C:\Users\Workgroup\AppData\Roaming\mozilla\Firefox\Profiles\o9sx8cfe.default\extensions\[email protected]

[2009/03/18 07:19:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/09/12 04:54:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/09/12 04:54:35 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/09/12 04:54:35 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll

[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2008/01/03 19:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll

[2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll

[2008/03/20 18:21:26 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll

[2009/09/12 04:54:37 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009/09/12 21:35:25 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/09/12 21:35:25 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/09/12 21:35:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/09/12 21:35:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/09/12 21:35:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/09/12 21:35:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/09/12 21:35:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll

[2009/08/20 20:22:12 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/08/20 20:22:12 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/08/20 20:22:12 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/08/20 20:22:12 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/08/20 20:22:12 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/08/20 20:22:12 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/08/20 20:22:12 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (743 bytes) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Reg Error: Value error.)

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218864025590 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: Livevideo Publisher http://livevideo.com/on2/plugins/livevideo_publisher.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O30 - LSA: Authentication Packages - (ows\S) - File not found

O30 - LSA: Security Packages - (Z2가㫏盁) - File not found

O30 - LSA: Security Packages - (摷杩獥⹴汤[email protected]뻯㬍갛㭒ӝ&) - File not found

O30 - LSA: Security Packages - (㝎) - File not found

O30 - LSA: Security Packages - (Ԫ) - File not found

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O34 - HKLM BootExecute: (sasnative32) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/20 21:53:48 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}

[2009/09/23 23:12:12 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit

[2009/09/30 16:32:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files

[2009/10/12 22:08:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/09/18 21:56:17 | 00,000,000 | ---D | C] -- C:\ProgramData\NCH Software

[2009/09/19 03:10:40 | 00,000,000 | ---D | C] -- C:\Users\Workgroup\AppData\Roaming\FileZilla

[2009/10/12 22:08:44 | 00,000,000 | ---D | C] -- C:\Users\Workgroup\AppData\Roaming\Malwarebytes

[2009/09/18 21:57:05 | 00,000,000 | ---D | C] -- C:\Users\Workgroup\AppData\Roaming\NCH Software

[2009/09/19 02:50:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio

[2009/10/13 14:09:21 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware

[2009/10/12 21:56:02 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free

[2009/09/20 23:35:06 | 00,000,000 | ---D | C] -- C:\Program Files\CinemaForge

[2009/09/22 05:09:16 | 00,000,000 | ---D | C] -- C:\Program Files\ESET

[2009/09/19 03:10:14 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client

[2009/09/22 00:44:13 | 00,000,000 | ---D | C] -- C:\Program Files\Free Audio Pack

[2009/10/03 20:52:43 | 00,000,000 | ---D | C] -- C:\Program Files\iPod

[2009/09/26 22:47:55 | 00,000,000 | ---D | C] -- C:\Program Files\iPod(135)

[2009/09/18 21:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Software

[2009/09/19 02:49:07 | 00,000,000 | ---D | C] -- C:\Program Files\Riva

[2009/10/14 00:41:24 | 00,000,000 | ---D | C] -- C:\ISeeYouXP

[2009/10/13 16:31:06 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll

[2009/10/13 16:30:55 | 03,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2009/10/13 16:30:55 | 03,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2009/10/13 16:30:04 | 05,940,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll

[2009/10/13 16:30:03 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll

[2009/10/13 16:30:02 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll

[2009/10/13 16:30:01 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll

[2009/10/13 16:30:01 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll

[2009/10/13 16:30:01 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2009/10/13 16:30:01 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2009/10/13 16:30:01 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll

[2009/10/13 16:30:00 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2009/10/13 16:29:59 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2009/10/13 16:29:59 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2009/10/13 16:29:59 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2009/10/13 16:29:59 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2009/10/13 16:29:58 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2009/10/13 16:29:58 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2009/10/13 16:29:58 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2009/10/13 16:29:58 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2009/10/13 16:29:58 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2009/10/13 16:29:58 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2009/10/13 16:29:58 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2009/10/13 16:29:49 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll

[2009/10/13 16:23:31 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys

[2009/10/13 16:23:25 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL

[2009/10/12 21:56:02 | 00,000,000 | ---D | C] -- C:\Users\Workgroup\Documents\a-squared Free

[2009/10/02 18:15:07 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2009/10/01 22:46:47 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe

[2009/10/01 22:46:47 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2009/10/01 22:46:46 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2009/10/01 22:46:46 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll

[2009/10/01 22:46:12 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2009/10/01 22:46:12 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2009/10/01 22:46:12 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2009/10/01 22:45:57 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2009/10/01 22:45:57 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2009/09/22 00:44:16 | 00,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll

[2009/09/22 00:44:16 | 00,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll

[2009/09/22 00:44:16 | 00,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll

[2009/09/22 00:44:16 | 00,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll

[2009/09/22 00:44:15 | 02,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll

[2009/09/22 00:44:15 | 01,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll

[2009/09/22 00:44:15 | 01,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll

[2009/09/22 00:44:15 | 00,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll

[2009/09/22 00:44:15 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL

[2009/09/22 00:44:15 | 00,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinet.OCX

[2009/09/22 00:44:15 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6STKIT.DLL

[2009/09/22 00:44:15 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTFR.DLL

[2009/09/22 00:44:15 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetfr.DLL

[2009/09/22 00:44:14 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL

[2009/09/22 00:44:14 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscc2fr.dll

[2009/09/22 00:44:14 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGFR.DLL

[2009/09/20 21:55:23 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2009/09/20 19:46:57 | 00,000,000 | ---D | C] -- C:\sav_install

[2009/03/05 18:57:41 | 00,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll

[2009/03/05 18:57:39 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]

[2009/10/17 20:43:42 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/10/17 20:43:42 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/10/17 20:43:42 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/10/17 20:39:38 | 00,034,491 | ---- | M] () -- C:\Windows\System32\Config.MPF

[2009/10/17 20:39:09 | 00,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/10/17 20:39:09 | 00,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/10/17 20:39:06 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2009/10/17 20:38:59 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/10/17 20:38:57 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/10/17 20:38:01 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2009/10/17 20:37:56 | 03,595,463 | -H-- | M] () -- C:\Users\Workgroup\AppData\Local\IconCache.db

[2009/10/17 20:08:01 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2009/10/15 01:20:00 | 00,000,348 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job

[2009/10/14 16:31:30 | 00,085,516 | ---- | M] () -- C:\Users\Workgroup\Documents\bookmarks-2009-10-14.json

[2009/10/14 01:43:31 | 00,126,464 | ---- | M] () -- C:\Users\Workgroup\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/14 01:18:49 | 00,002,560 | ---- | M] () -- C:\Windows\System32\drivers\mchInjDrv.sys

[2009/10/14 00:37:34 | 00,000,098 | ---- | M] () -- C:\index.ini

[2009/10/13 13:37:53 | 00,085,067 | ---- | M] () -- C:\Users\Workgroup\Documents\bookmarks-2009-10-13.json

[2009/10/12 21:55:26 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2009/10/12 05:00:00 | 00,000,450 | ---- | M] () -- C:\Windows\tasks\SpyHunter Scanner.job

[2009/10/06 00:21:45 | 00,001,632 | ---- | M] () -- C:\Users\Workgroup\Desktop\CCleaner.lnk

[2009/10/05 01:32:11 | 00,084,436 | ---- | M] () -- C:\Users\Workgroup\Documents\bookmarks-2009-10-05.json

[2009/10/04 22:00:03 | 00,000,392 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job

[2009/10/03 20:53:38 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2009/10/02 14:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

[2009/10/02 03:54:08 | 00,000,845 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk

[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2009/10/01 01:00:47 | 00,000,340 | ---- | M] () -- C:\Windows\tasks\McQcTask.job

[2009/09/22 04:26:03 | 00,000,988 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk

[2009/09/21 22:06:13 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe

[2009/09/20 21:53:47 | 00,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2009/09/18 21:51:15 | 00,000,867 | ---- | M] () -- C:\Users\Public\Desktop\Prism Video Converter.lnk

[2009/09/18 02:24:32 | 00,085,038 | ---- | M] () -- C:\Users\Workgroup\Documents\bookmarks-2009-09-18.json

========== Files - No Company Name ==========

[2009/10/14 16:31:30 | 00,085,516 | ---- | C] () -- C:\Users\Workgroup\Documents\bookmarks-2009-10-14.json

[2009/10/14 00:55:12 | 00,011,254 | ---- | C] () -- C:\Windows\System32\locate.com

[2009/10/14 00:37:34 | 00,000,098 | ---- | C] () -- C:\index.ini

[2009/10/13 13:37:53 | 00,085,067 | ---- | C] () -- C:\Users\Workgroup\Documents\bookmarks-2009-10-13.json

[2009/10/05 01:32:11 | 00,084,436 | ---- | C] () -- C:\Users\Workgroup\Documents\bookmarks-2009-10-05.json

[2009/10/03 20:53:38 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2009/10/02 03:54:08 | 00,000,845 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk

[2009/09/22 21:56:19 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2009/09/22 04:26:03 | 00,000,988 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk

[2009/09/22 00:44:16 | 00,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx

[2009/09/21 02:55:53 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe

[2009/09/20 21:53:47 | 00,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2009/09/20 21:24:18 | 00,000,450 | ---- | C] () -- C:\Windows\tasks\SpyHunter Scanner.job

[2009/09/20 21:00:17 | 00,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys

[2009/09/18 21:51:15 | 00,000,867 | ---- | C] () -- C:\Users\Public\Desktop\Prism Video Converter.lnk

[2009/09/18 00:00:35 | 00,085,038 | ---- | C] () -- C:\Users\Workgroup\Documents\bookmarks-2009-09-18.json

[2009/09/17 14:16:13 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/04/15 00:24:02 | 00,000,990 | -HS- | C] () -- C:\Users\Workgroup\AppData\Roaming\systemfl.$dk

[2009/03/30 19:27:02 | 00,000,114 | ---- | C] () -- C:\Windows\AVFTP.INI

[2009/03/05 18:57:40 | 00,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini

[2009/02/03 02:45:15 | 00,000,009 | ---- | C] () -- C:\Windows\ULEAD32.INI

[2009/02/03 00:14:00 | 00,000,052 | ---- | C] () -- C:\Windows\Relax.ini

[2008/12/29 18:56:20 | 00,000,063 | ---- | C] () -- C:\Windows\SIERRA.INI

[2008/12/29 18:55:36 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll

[2008/12/29 18:55:36 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll

[2008/12/29 18:55:36 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll

[2008/12/26 16:12:47 | 00,011,142 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2008/10/03 18:29:57 | 00,000,761 | ---- | C] () -- C:\Windows\CoD.INI

[2008/08/31 11:53:38 | 00,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2008/08/31 11:53:36 | 00,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2008/08/13 17:33:08 | 00,000,102 | ---- | C] () -- C:\Windows\wininit.ini

[2008/07/21 03:53:40 | 00,000,133 | ---- | C] () -- C:\Users\Workgroup\AppData\Roaming\default.pls

[2008/07/12 01:02:58 | 00,000,035 | ---- | C] () -- C:\Windows\dice.ini

[2008/06/06 04:06:46 | 03,595,463 | -H-- | C] () -- C:\Users\Workgroup\AppData\Local\IconCache.db

[2008/05/04 23:08:11 | 00,000,100 | ---- | C] () -- C:\Users\Workgroup\AppData\Roaming\wklnhst.dat

[2008/03/11 09:14:54 | 00,941,784 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys

[2008/02/14 20:49:30 | 00,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI

[2008/02/14 15:47:09 | 00,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll

[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll

[2008/02/05 14:28:20 | 00,000,051 | ---- | C] () -- C:\Users\Workgroup\AppData\Local\setup.txt

[2008/01/25 04:09:45 | 00,024,206 | ---- | C] () -- C:\Users\Workgroup\AppData\Roaming\UserTile.png

[2008/01/23 21:18:56 | 00,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2008/01/23 16:00:09 | 00,002,032 | ---- | C] () -- C:\Users\Workgroup\AppData\Local\d3d9caps.dat

[2008/01/23 14:02:44 | 00,126,464 | ---- | C] () -- C:\Users\Workgroup\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/01/23 13:53:53 | 00,087,840 | ---- | C] () -- C:\Users\Workgroup\AppData\Local\GDIPFONTCACHEV1.DAT

[2008/01/22 11:57:40 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2008/01/22 11:57:40 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll

[2008/01/22 11:57:40 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/01/02 17:57:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/01/02 17:47:22 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/01/02 17:47:22 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2007/11/14 13:42:27 | 00,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2007/11/09 07:01:59 | 00,000,164 | ---- | C] () -- C:\Windows\System32\psyswin32.dll

[2007/10/18 10:12:20 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll

[2007/10/12 02:11:58 | 00,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2007/09/06 07:15:22 | 00,005,504 | ---- | C] () -- C:\Windows\System32\drivers\dvdmmg.sys

[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2007/02/26 17:24:20 | 00,220,672 | ---- | C] () -- C:\Windows\System32\dxr.dll

[2007/02/26 17:22:42 | 00,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll

[2007/02/26 17:22:36 | 00,110,592 | ---- | C] () -- C:\Windows\System32\avi.dll

[2007/02/26 17:22:34 | 00,106,496 | ---- | C] () -- C:\Windows\System32\avss.dll

[2007/02/26 17:22:30 | 00,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll

[2007/02/26 17:22:24 | 00,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll

[2007/02/26 17:22:14 | 00,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll

[2007/02/26 17:22:04 | 00,151,552 | ---- | C] () -- C:\Windows\System32\ts.dll

[2007/02/26 17:21:46 | 00,099,840 | ---- | C] () -- C:\Windows\System32\avs.dll

[2007/02/26 17:21:38 | 00,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll

[2007/02/26 17:21:38 | 00,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll

[2007/02/12 15:21:22 | 03,426,304 | ---- | C] () -- C:\Windows\System32\libavcodec.dll

[2007/02/12 15:21:22 | 00,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll

[2007/02/12 15:21:22 | 00,462,848 | ---- | C] () -- C:\Windows\System32\ff_x264.dll

[2007/02/12 15:21:22 | 00,399,872 | ---- | C] () -- C:\Windows\System32\libmplayer.dll

[2007/02/12 15:21:22 | 00,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll

[2007/02/12 15:21:22 | 00,225,280 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll

[2007/02/12 15:21:22 | 00,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll

[2007/02/12 15:21:22 | 00,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll

[2007/02/12 15:21:22 | 00,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll

[2007/02/12 15:21:22 | 00,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll

[2007/02/12 15:21:22 | 00,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll

[2007/02/12 15:21:22 | 00,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll

[2007/02/12 15:21:22 | 00,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll

[2007/02/12 15:21:22 | 00,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll

[2007/02/12 15:21:22 | 00,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll

[2007/02/12 15:21:22 | 00,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll

[2007/02/12 15:21:22 | 00,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll

[2007/02/12 15:21:22 | 00,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2007/02/12 15:21:22 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2006/11/07 15:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/02 08:48:00 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini

[2006/11/02 06:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

[2006/11/02 06:23:31 | 00,000,180 | ---- | C] () -- C:\Windows\win.ini

[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/01 10:54:30 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2006/11/01 10:52:38 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2006/09/17 01:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/09/17 01:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/07/07 11:51:02 | 00,008,192 | ---- | C] () -- C:\Windows\System32\FLT_ffdshow.dll

[2002/05/17 18:18:30 | 00,124,928 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll

[1996/02/23 17:34:48 | 00,014,629 | ---- | C] () -- C:\Windows\System32\Declw.dll

[1996/02/22 15:09:20 | 00,032,256 | ---- | C] () -- C:\Windows\System32\Decln.dll

========== Custom Scans ==========

< :OTL >

< PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) >

< >

< :Files >

< C:\Windows\*.tmp >

[1 C:\Windows\*.tmp files]

< @C:\ProgramData\TEMP:9AEE100C >

< @C:\Users\Workgroup\Documents\Shareaza:Shareaza.GUID >

< @C:\Users\Workgroup\Documents\My Games:Shareaza.GUID >

< @C:\Users\Workgroup\Documents\Camfrog Stuff-Shareaza:Shareaza.GUID >

< @C:\ProgramData\TEMP:8CE646EE >

< @C:\ProgramData\TEMP:94A19129 >

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [start explorer] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:9AEE100C

@Alternate Data Stream - 16 bytes -> C:\Users\Workgroup\Documents\Shareaza:Shareaza.GUID

@Alternate Data Stream - 16 bytes -> C:\Users\Workgroup\Documents\My Games:Shareaza.GUID

@Alternate Data Stream - 16 bytes -> C:\Users\Workgroup\Documents\Camfrog Stuff-Shareaza:Shareaza.GUID

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8CE646EE

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129

< End of report >

Share this post


Link to post
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Files
    @C:\ProgramData\TEMP:9AEE100C
    @C:\Users\Workgroup\Documents\Shareaza:Shareaza.GUID
    @C:\Users\Workgroup\Documents\My Games:Shareaza.GUID
    @C:\Users\Workgroup\Documents\Camfrog Stuff-Shareaza:Shareaza.GUID
    @C:\ProgramData\TEMP:8CE646EE
    @C:\ProgramData\TEMP:94A19129
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Share this post


Link to post
Share on other sites

sorry, must have hit the wrong button last time i ran otl.exe. a blue screen showed up on reboot, don't know exactly what it said but one part said 'stop' w/ a bunch of numbers after it, no drive names, and i had to unplug my pc to reboot back to my desktop. thanks again

Share this post


Link to post
Share on other sites

I noticed things were better almost right away, thank you very much. I freaked when my boot screen turned blue and said something was wrong, but after I unplugged and rebooted it has been fine. There is no longer a need to unplug to reboot after half a day or so, and I also ran another antivirus and removed a dozen from the registry manually because the stupid program wouldn't get rid of them itself, they weren't too serious but any bugs are bad. I don't know much about them but I'm slowly being forced to learn through trial and error, it seems not as hard as it looks when you do it a few times. As I said, most people wouldn't take the time to help as you did and I appreciate it more than you know.

A quick question: was there a program called 'explorer.exe' that was the main problem? For some reason I remember that from the boot screen before I had to reboot....

Anyway, what can I do to show my appreciation for your help? :)

Share this post


Link to post
Share on other sites

explorer.exe is the one of the Windows core files and it's what powers your Windows Desktop among other things. Sometimes, removing malware can cause explorer to crash, but is normally easily recovered from.

Your logs look fine.

Unless you are having problems from Malware it is time to do the final steps.

If you used ComboFix, uninstall ComboFix:

  • Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.)
  • AvoidTDSS /u or combofix /u
    Note: The space before /u, must be there.
    This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  • Delete the C:\AvoidTDSS or C:\ComboFix folder from combofix.
    Delete everything in C:\!KillBox

Delete the following from your Desktop (If they exist)

Avenger.exe

Avenger.txt

Avenger.zip

DisableAutoRuns.reg

FixMe.reg

FixReg.reg

ISeeYouXP.exe

ISeeYouXP.lnk

ISeeYouXP.txt

Anything else I had you use

Delete the following: (If they exist)

C:\Avenger.txt

C:\Avenger

C:\ComboFix.txt

C:\ComboFix

C:\SDFix

C:\Qoobox

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Empty the Recycle Bin

Run ATF Cleaner

In the ISeeYouXP folder double-click HideIT.bat.

Turn off System restore to flush all your restore points then turn system restore back on.

To manually turn off System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

4 Click Yes when you receive the prompt to the turn off System Restore.

To turn on System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Delete C:\ISeeYouXP

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

That should take care of everything.

Safe Surfing!

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.