-
XP firewall virus infection
DDS data is at end of post and attached. First is a description of what happened.
Yesterday while I was looking for pictures of an actress I like, I was infected with the XP firewall virus (It seems those sites with pictures of stars are very dangerous) It took over my system and I could not run anything I booted into safe mode admin account (Other accounts could not be accessed as the virus ran in those) I ran spybot and it claimed to remove it along with 2 other things that were probably related. I then ran avira which also found a few things. I cannot find a report in spybot that details what was found and removed. I did find a report inAvira as to what was found and removed. Here is a copy of the pertinent section of that report.
Begin scan in 'C:\'
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
--> Object
[DETECTION] Is the TR/Dropper.Gen Trojan
--> [PluginsDir]/ic1.exe
[DETECTION] Is the TR/Dldr.MSIL.Agent.TJ.1 Trojan
Beginning disinfection:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '564133c8.qua'.
I am concerned that it found two objects that it did not seem to do anything about.
After running Spybot and Avira I ran malwarebytes which found a registry key involving the windows security and something about disableNotify. Unfortunately Malwarebytes made no log of the session.
All of the above was done in safe mode. When I went back to my regular account the XP firewall virus was still there and prevented use of the system. I then booted back to safe mode and restored the system to a restore point 1 day prior to when the problem started. The restoration worked and I am now able to use the system but am afraid this thing may not be gone. It evaded three different and well recommended anti malware/virus tools. So I think I really need to make sure this thing is gone and do something to prevent it from happening again.
Also, I know we are not supposed to run anti virus fixes before coming here. However, I had to do all the above just to get my system back to be able to come here:(
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by User at 20:20:12.17 on Mon 03/21/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1352 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\User\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - c:\program files\xi\netxfer\NXIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\xi\netxfer\NXToolBar.dll
uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Ask and Record FLV Service] "c:\program files\replay media catcher\FLVSrvc.exe" /run
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Clearwire Connection Manager] "c:\program files\clearwire\connection manager\ClearwireCM.exe" -a
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
IE: Download all by NetXfer - c:\program files\xi\netxfer\NXAddList.html
IE: Download by NetXfer - c:\program files\xi\netxfer\NXAddLink.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\rv51vow5.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52323
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-30 64288]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-26 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-26 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-26 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-26 61960]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-7-15 35088]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2009-11-9 107856]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-11 135664]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-10-1 282112]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-10-1 51712]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2009-11-9 120144]
S3 GSService;GSService;c:\windows\system32\GSService.exe [2011-3-15 122880]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
.
=============== File Associations ===============
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-03-22 00:35:10 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-22 00:35:10 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-21 11:29:50 0 ----a-w- c:\documents and settings\user\ntuser.tmp
2011-03-19 11:01:37 -------- d-----w- c:\docume~1\user\applic~1\Xi
2011-03-19 11:00:58 -------- d-----w- c:\program files\Xi
2011-03-19 05:47:36 49664 ----a-w- c:\windows\system32\CamCodec.dll
2011-03-19 05:47:36 -------- d-----w- c:\program files\CamStudio 2.6b
2011-03-15 06:24:05 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Jaksta_Technologies_Pty_L
2011-03-15 06:22:52 -------- d-----w- c:\docume~1\user\applic~1\Replay Media Catcher 4
2011-03-15 06:22:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Applian
2011-03-15 06:22:44 -------- d-----w- c:\program files\Applian Technologies
2011-03-15 05:51:33 -------- d-----w- c:\windows\SxsCaPendDel
2011-03-15 05:50:35 -------- d-----w- c:\program files\AnyMedia Player
2011-03-15 05:49:09 -------- d-----w- c:\program files\FLVCodec
2011-03-15 05:49:07 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2011-03-15 05:49:06 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2011-03-15 05:49:05 -------- d-----w- c:\program files\ffdshow
2011-03-15 05:48:58 -------- d-----w- c:\program files\WinPcap
2011-03-15 05:48:52 122880 ----a-w- c:\windows\system32\GSService.exe
2011-03-15 05:48:51 -------- d-----w- c:\program files\RipTiger
2011-03-15 05:38:02 -------- d-----w- c:\docume~1\user\applic~1\Foxreal
2011-03-09 11:27:54 -------- d-----w- c:\program files\Fox
.
==================== Find3M ====================
.
2011-03-15 06:19:19 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2011-03-15 06:19:18 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2006-05-03 17:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 18:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 20:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 20:21:20.54 ===============
-
Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Lets do a few things
Please download ATF Cleaner by Atribune to your desktop.
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
When you run Malwarebytes, remove everything thats checked and if Whitesmoke is not checked, check it for removal also
Please download Malwarebytes from Here or Here
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
There is more to do but dont want to overwhelm you
-
Thanks the MalwareBytes Log is atached in a zip file. It was too large to post.
It looks like it got rid of white smoke tool bar. Which I did not want and tried to disable and delete. I got it when I downloaded Super 2011 a well recommended multimedia conversion software. I was immediately suspicious when I saw the layout of the web page. It had a style to it that reeked of scam. (Yes you can sometimes tell something is wrong just by the way they laid out the web page). Then the text went on WAY TOO MUCH about how there was no malware or spyware. When someone goes on too much about a quality they or their work possess or does no possess they are almost always lying to themselves and others. (i.e. If you ever hire people and get one that goes on and on about how they are always on time. If you hire them I guarantee they will have a chronic tardiness problem)
After checking around a second time. I downloaded SUPER 2011. It offered to install the well known spyware program real media. I declined the installation and it was not installed. Howerever the annoying toolar whitesmoke was installed. I uninstalled it but it obviously did not go away completely.
There is also some confusion as whitesmoke is also the name of a virus. I am not sure but I think the two are different things. One is a virus the other just another annoying useless toolbar (I hate toolbars!!!!)
SUPER 2011 turned out to be a very useful file conversion program. It is regrettable that the author chooses to distribute it bundled with such questionable products
-
Good Morning,
Real Media is spyware also, Whitesmoke is a real nuisance. I saw some things in your DDS log that need to be fixed so lets run this program .
Run ATF Cleaner again to get rid of any things that may be leftover from Whitesmoke that could be in a temp file
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
-
I ran OTL 2 times and it only gives the OTL.txt and it does not make the extras.txt.
OTL logfile created on: 3/24/2011 10:23:09 AM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\User\My Documents\Downloads\02
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 27.81 Gb Free Space | 37.32% Space Free | Partition Type: NTFS
Drive E: | 3.81 Gb Total Space | 0.18 Gb Free Space | 4.74% Space Free | Partition Type: FAT32
Computer Name: USER-8E19CF174C | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Documents and Settings\User\My Documents\Downloads\02\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
PRC - C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\User\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll (Applian Technologies, Inc.)
MOD - C:\Documents and Settings\User\My Documents\Downloads\02\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (DataSvr2) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (GSService) -- C:\WINDOWS\System32\GSService.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (CLEARWIRERcAppSvc) -- C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (SMSI Device Launch Service) -- C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Driver Services (SafeList) ==========
DRV - (UIUSys) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (OMCI) -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS File not found
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\System32\DRIVERS\NETw5x32.sys File not found
DRV - (catchme) -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (truecrypt) -- C:\WINDOWS\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (appliandMP) -- C:\WINDOWS\system32\drivers\appliand.sys (Applian Technologies Inc.)
DRV - (appliand) -- C:\WINDOWS\system32\drivers\appliand.sys (Applian Technologies Inc.)
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (bcmbusctr) -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.)
DRV - (bcm) -- C:\WINDOWS\system32\drivers\drxvi314.sys (Beceem communications pvt ltd.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (ULCDRHlp) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys (Ulead Systems, Inc.)
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1844237615-764733703-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\S-1-5-21-1844237615-764733703-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1844237615-764733703-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C D5 24 59 F5 03 CA 01 [binary data]
IE - HKU\S-1-5-21-1844237615-764733703-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-1844237615-764733703-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1844237615-764733703-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52323
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/15 00:37:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/15 00:37:45 | 000,000,000 | ---D | M]
[2010/03/24 17:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/03/23 19:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rv51vow5.default\extensions
[2010/07/08 20:05:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rv51vow5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/06 07:24:26 | 000,000,000 | ---D | M] (WhiteSmoke Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rv51vow5.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}
[2010/08/04 22:20:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rv51vow5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/23 05:19:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/17 14:14:58 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/04 15:38:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2011/03/16 06:25:57 | 000,430,388 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14840 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKU\S-1-5-21-1844237615-764733703-682003330-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Clearwire Connection Manager] C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1844237615-764733703-682003330-1003..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-764733703-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1844237615-764733703-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1844237615-764733703-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = False
O7 - HKU\S-1-5-21-1844237615-764733703-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1844237615-764733703-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/03 12:17:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/24 03:00:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/03/24 01:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Zombie RoadKill
[2011/03/21 23:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\MSDN
[2011/03/21 20:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/19 06:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\NetXfer
[2011/03/19 06:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Xi
[2011/03/19 06:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Xi
[2011/03/19 00:47:36 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\WINDOWS\System32\CamCodec.dll
[2011/03/19 00:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.6b
[2011/03/15 01:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Jaksta_Technologies_Pty_L
[2011/03/15 01:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Replay Media Catcher 4
[2011/03/15 01:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applian
[2011/03/15 01:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2011/03/15 00:51:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/03/15 00:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\AnyMedia Player
[2011/03/15 00:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\FLVCodec
[2011/03/15 00:49:06 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2011/03/15 00:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2011/03/15 00:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/03/15 00:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\RipTiger
[2011/03/15 00:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Foxreal
[2011/03/15 00:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Foxreal
[2011/03/09 06:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\Fox
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\User\*.tmp files -> C:\Documents and Settings\User\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/24 10:20:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2D4D1D3B-05AD-4C66-8484-B628F282445D}.job
[2011/03/24 07:13:32 | 000,169,453 | ---- | M] () -- C:\Documents and Settings\User\My Documents\CartridgeComparison.jpg
[2011/03/23 20:25:46 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\cbyethk.sys
[2011/03/23 19:52:17 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/23 19:52:17 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/23 19:47:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/22 02:41:37 | 000,078,292 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Icon-Browser-Firefox-Alt2.png
[2011/03/21 23:32:16 | 000,001,035 | ---- | M] () -- C:\Documents and Settings\User\Desktop\FireFox Limited User.lnk
[2011/03/21 20:43:36 | 000,004,372 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Attach.zip
[2011/03/21 20:18:01 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\User\Desktop\NTREGOPT.lnk
[2011/03/21 20:18:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2011/03/21 19:37:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/21 19:28:24 | 000,015,780 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\jqf5rg5gw7xl0cc64v108yvr122f6sk8vj25h0eaor
[2011/03/21 19:28:24 | 000,015,780 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jqf5rg5gw7xl0cc64v108yvr122f6sk8vj25h0eaor
[2011/03/21 06:26:29 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\User\Application Data\902E.36B
[2011/03/21 00:36:55 | 000,107,103 | ---- | M] () -- C:\Documents and Settings\User\My Documents\296021045onLQMT_ph.jpg
[2011/03/21 00:36:07 | 000,164,429 | ---- | M] () -- C:\Documents and Settings\User\My Documents\HunterBagent.jpg
[2011/03/21 00:34:39 | 000,194,508 | ---- | M] () -- C:\Documents and Settings\User\My Documents\shawn_johnson_camp_woodward_09.jpg
[2011/03/21 00:34:07 | 000,051,610 | ---- | M] () -- C:\Documents and Settings\User\My Documents\4-4.jpg
[2011/03/21 00:33:52 | 000,066,039 | ---- | M] () -- C:\Documents and Settings\User\My Documents\CampWoodward.jpg
[2011/03/21 00:33:39 | 000,007,381 | ---- | M] () -- C:\Documents and Settings\User\My Documents\images.jpeg
[2011/03/21 00:32:53 | 000,152,656 | ---- | M] () -- C:\Documents and Settings\User\My Documents\13.jpg
[2011/03/21 00:32:09 | 000,163,825 | ---- | M] () -- C:\Documents and Settings\User\My Documents\11.jpg
[2011/03/20 07:58:21 | 000,221,727 | ---- | M] () -- C:\Documents and Settings\User\My Documents\LWpepperspray.pdf
[2011/03/20 06:25:28 | 000,547,407 | ---- | M] () -- C:\Documents and Settings\User\My Documents\wallpaper_1600x1280_04.jpg
[2011/03/20 04:34:55 | 000,756,214 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Archer - What What Pirate Virus.flv
[2011/03/20 04:32:15 | 000,510,790 | ---- | M] () -- C:\Documents and Settings\User\My Documents\archer-pirate-virus.gif
[2011/03/19 06:01:08 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Net Transport.lnk
[2011/03/19 06:01:08 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FTP Transport.lnk
[2011/03/17 22:11:51 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/03/16 06:25:57 | 000,430,388 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/16 03:01:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/15 12:36:34 | 000,188,416 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/15 02:26:04 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Gravity 2.9.lnk
[2011/03/15 01:22:48 | 000,001,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Replay Media Catcher 4.lnk
[2011/03/15 01:19:19 | 000,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2011/03/15 01:19:18 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2011/03/04 08:27:41 | 000,429,882 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110316-062557.backup
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\User\*.tmp files -> C:\Documents and Settings\User\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/24 07:13:32 | 000,169,453 | ---- | C] () -- C:\Documents and Settings\User\My Documents\CartridgeComparison.jpg
[2011/03/23 20:25:46 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cbyethk.sys
[2011/03/22 02:41:36 | 000,078,292 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Icon-Browser-Firefox-Alt2.png
[2011/03/21 23:23:02 | 000,001,035 | ---- | C] () -- C:\Documents and Settings\User\Desktop\FireFox Limited User.lnk
[2011/03/21 20:43:36 | 000,004,372 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Attach.zip
[2011/03/21 20:18:01 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\User\Desktop\NTREGOPT.lnk
[2011/03/21 20:18:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2011/03/21 06:26:24 | 000,015,780 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\jqf5rg5gw7xl0cc64v108yvr122f6sk8vj25h0eaor
[2011/03/21 06:26:24 | 000,015,780 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jqf5rg5gw7xl0cc64v108yvr122f6sk8vj25h0eaor
[2011/03/21 06:25:55 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\User\Application Data\902E.36B
[2011/03/21 00:36:55 | 000,107,103 | ---- | C] () -- C:\Documents and Settings\User\My Documents\296021045onLQMT_ph.jpg
[2011/03/21 00:36:06 | 000,164,429 | ---- | C] () -- C:\Documents and Settings\User\My Documents\HunterBagent.jpg
[2011/03/21 00:34:38 | 000,194,508 | ---- | C] () -- C:\Documents and Settings\User\My Documents\shawn_johnson_camp_woodward_09.jpg
[2011/03/21 00:34:07 | 000,051,610 | ---- | C] () -- C:\Documents and Settings\User\My Documents\4-4.jpg
[2011/03/21 00:33:52 | 000,066,039 | ---- | C] () -- C:\Documents and Settings\User\My Documents\CampWoodward.jpg
[2011/03/21 00:33:39 | 000,007,381 | ---- | C] () -- C:\Documents and Settings\User\My Documents\images.jpeg
[2011/03/21 00:32:53 | 000,152,656 | ---- | C] () -- C:\Documents and Settings\User\My Documents\13.jpg
[2011/03/21 00:32:09 | 000,163,825 | ---- | C] () -- C:\Documents and Settings\User\My Documents\11.jpg
[2011/03/20 07:58:21 | 000,221,727 | ---- | C] () -- C:\Documents and Settings\User\My Documents\LWpepperspray.pdf
[2011/03/20 06:25:28 | 000,547,407 | ---- | C] () -- C:\Documents and Settings\User\My Documents\wallpaper_1600x1280_04.jpg
[2011/03/20 04:34:53 | 000,756,214 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Archer - What What Pirate Virus.flv
[2011/03/20 04:32:15 | 000,510,790 | ---- | C] () -- C:\Documents and Settings\User\My Documents\archer-pirate-virus.gif
[2011/03/19 06:01:08 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Net Transport.lnk
[2011/03/19 06:01:08 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FTP Transport.lnk
[2011/03/15 01:22:48 | 000,001,956 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Replay Media Catcher 4.lnk
[2011/03/15 00:49:07 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/03/15 00:48:52 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe
[2011/02/06 07:37:22 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/07/27 00:58:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/15 19:45:44 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/07/13 01:51:24 | 000,002,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/10 16:55:39 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2010/05/07 00:02:14 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\User\Application Data\default.rss
[2010/05/07 00:02:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Application Data\downloads.m3u
[2010/05/06 23:58:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/12 13:13:25 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/04/04 20:56:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI
[2010/03/31 21:41:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2010/03/19 14:51:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/11/06 10:54:46 | 000,188,416 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/03 12:58:02 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2009/05/03 12:17:42 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2009/05/03 10:50:31 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/03 10:50:31 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/03 10:50:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/05/03 10:50:29 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/03 10:45:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/05/03 05:08:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/08 10:30:44 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[1998/07/24 00:54:06 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/07/15 22:44:30 | 000,134,656 | ---- | C] () -- C:\WINDOWS\System32\itijpg2.dll
========== LOP Check ==========
[2011/03/15 01:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applian
[2010/10/03 17:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clearwire
[2010/09/30 14:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt
[2009/05/04 09:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/03/18 17:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/05/03 12:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/06/12 22:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/30 17:38:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/10/02 04:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fudge Muffin\Application Data\Clearwire
[2010/09/29 14:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Clearwire
[2011/03/15 00:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Foxreal
[2011/03/24 06:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GrabIt
[2010/06/10 21:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Gravity
[2011/02/06 01:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Gui4Cli
[2010/03/18 21:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterVideo
[2011/03/15 01:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Replay Media Catcher 4
[2010/09/30 16:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TrueCrypt
[2010/03/18 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ulead Systems
[2009/05/03 12:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Wave Systems Corp
[2011/03/19 06:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Xi
[2011/03/24 10:20:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2D4D1D3B-05AD-4C66-8484-B628F282445D}.job
========== Purity Check ==========
< End of report >
-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules