cyberson
2010-08-04, 17:46
Hello,
I have a severe virus on my PC. I have ran AVG, Malwarebytes, Spybot, and Avast (on Boot Scan). I have found the same virus over and over.
VBS:ExeDropper-gen (Trj)
Win32/Z.bot.A
Need to get this off of my computer pronto!
Please help...
Some of the symptoms
**Broswer redirect
**Can not access Firefox or do certain functions in IE
**Missing deskstop shortcuts
**Can not open files that I opened before
There might be more then just that virus.
Here are the dds log
I have also provided the attach.zip
Thank You
DDS (Ver_10-03-17.01) - NTFSx86
Run by Same Cane at 10:24:04.09 on Wed 08/04/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1534.985 [GMT -4:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\SoftwareDistribution\Download\a37ea2d49e8a7659886ac76c226cad7d\update\update.exe
C:\Documents and Settings\Same Cane\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://support.dell.com/support/downloads/download.aspx?c=us&l=en&s=gen&releaseid=R130051&SystemID=DIMENSION%205150/E510&os=WW1&osl=en&deviceid=10373&devlib=0&typecnt=1&vercnt=2&formatcnt=1&libid=32&fileid=173334&appindex=ds
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\userinit.exe ,c:\windows\system32\userinlt.exe,c:\program files\microsoft\desktoplayer.exe,
BHO: rsion - No File
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {0347C33E-8762-4905-BF09-768834316C61} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: {d0025934-45ed-c023-0570-ccd5fe5b4cff} - No File
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [{4A7AE0E8-B158-65FC-94C1-73BF7C86022F}] "c:\documents and settings\same cane\application data\oruc\zacyc.exe"
uRun: [a256fb97-162a-4558-be23-08ae4bbcb195_46] rundll32.exe "c:\documents and settings\same cane\application data\a256fb97-162a-4558-be23-08ae4bbcb195_46.avi", start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\sameca~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {066040F0-5018-4E15-8AA0-81D36136D989}
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168065754156
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204692064375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab53852.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab31267.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = scecli scecli scecli scecli scecli
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\sameca~1\applic~1\mozilla\firefox\profiles\lpwshgds.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint_03050024.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-3 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-3 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-27 596336]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-27 596336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-12 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
S0 dcdzvo;dcdzvo;c:\windows\system32\drivers\dcdzvo.sys [2010-7-24 0]
S0 uhxp;uhxp;c:\windows\system32\drivers\slvl.sys --> c:\windows\system32\drivers\slvl.sys [?]
S1 nneslhrv;nneslhrv;\??\c:\windows\system32\drivers\nneslhrv.sys --> c:\windows\system32\drivers\nneslhrv.sys [?]
S2 gupdate1c9cb7829016c2a;Google Update Service (gupdate1c9cb7829016c2a);c:\program files\google\update\GoogleUpdate.exe [2009-5-2 133104]
S2 McDetect.exe;McDetect.exe; [x]
S2 McTskshd.exe;McTskshd.exe; [x]
S3 mcupdmgr.exe;mcupdmgr.exe; [x]
S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [2006-9-25 56576]
S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\saiuFF0C.sys [2006-9-25 19584]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2006-9-25 7548]
=============== Created Last 30 ================
2010-08-04 13:21:17 1355 ----a-w- c:\windows\imsins.BAK
2010-08-04 01:17:59 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2010-08-04 01:16:57 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe
2010-08-04 01:15:48 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-08-04 01:12:59 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-08-04 01:12:52 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-08-04 01:12:52 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-08-04 01:12:52 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-08-04 01:12:52 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-08-04 00:45:28 10559 ----a-r- c:\windows\SET9F.tmp
2010-08-04 00:45:27 22339 ----a-r- c:\windows\SET9E.tmp
2010-08-04 00:45:24 13753 ----a-r- c:\windows\SET67.tmp
2010-08-04 00:45:19 1086058 ----a-r- c:\windows\SET58.tmp
2010-08-04 00:45:17 1042903 ----a-r- c:\windows\SET55.tmp
2010-08-04 00:09:55 22339 ----a-r- c:\windows\SET9A.tmp
2010-08-04 00:09:55 10559 ----a-r- c:\windows\SET9B.tmp
2010-08-04 00:09:51 13753 ----a-r- c:\windows\SET66.tmp
2010-08-04 00:09:48 1086058 ----a-r- c:\windows\SET57.tmp
2010-08-04 00:09:46 1042903 ----a-r- c:\windows\SET54.tmp
2010-08-03 23:42:57 1086058 ----a-r- c:\windows\SET9C.tmp
2010-08-03 23:42:54 1042903 ----a-r- c:\windows\SET99.tmp
2010-08-03 18:45:42 38848 ----a-w- c:\windows\avastSS.scr
2010-08-03 18:45:17 0 dc----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-08-03 18:22:32 365 ----a-w- c:\documents and settings\same cane\Shortcut to Same Cane's Documents.lnk
2010-08-03 17:13:17 0 d-----w- c:\docume~1\sameca~1\applic~1\Oruc
2010-08-03 12:47:09 0 d-----w- c:\docume~1\sameca~1\applic~1\Leuvlo
2010-08-03 12:47:09 0 d-----w- c:\docume~1\sameca~1\applic~1\Itka
2010-08-03 08:54:44 0 d-----w- c:\docume~1\sameca~1\applic~1\Pouwsi
2010-08-03 05:05:45 0 d-----w- c:\docume~1\sameca~1\applic~1\Tuiw
2010-08-03 04:22:58 0 d-----w- c:\docume~1\sameca~1\applic~1\Elxii
2010-08-03 03:46:09 0 d-----w- c:\docume~1\sameca~1\applic~1\AceBIT
2010-08-03 03:45:37 0 d-----w- c:\docume~1\sameca~1\applic~1\AT&T
2010-08-03 03:45:37 0 d-----w- c:\docume~1\sameca~1\applic~1\AOL
2010-08-03 03:45:18 0 d-----w- c:\docume~1\sameca~1\applic~1\BellSouth
2010-08-03 03:45:12 0 d-----w- c:\docume~1\sameca~1\applic~1\Corel Photo Album
2010-08-03 03:45:11 0 d-----w- c:\docume~1\sameca~1\applic~1\GetRightToGo
2010-08-03 03:44:48 0 d-----w- c:\docume~1\sameca~1\applic~1\Icolvu
2010-08-03 03:44:46 0 d-----w- c:\docume~1\sameca~1\applic~1\iolo
2010-08-03 03:44:46 0 d-----w- c:\docume~1\sameca~1\applic~1\IEPro
2010-08-03 03:44:44 0 d-----w- c:\docume~1\sameca~1\applic~1\KompoZer
2010-08-03 03:44:37 0 d-----w- c:\docume~1\sameca~1\applic~1\Malwarebytes
2010-08-03 03:44:15 0 d-----w- c:\docume~1\sameca~1\applic~1\uTorrent
2010-08-03 03:44:15 0 d-----w- c:\docume~1\sameca~1\applic~1\Uniblue
2010-08-03 03:44:13 0 d-----w- c:\docume~1\sameca~1\applic~1\Windows Desktop Search
2010-08-02 02:55:39 0 d-----w- c:\windows\system32\CatRoot_bak
2010-08-02 01:30:59 1902 ----a-w- c:\windows\system32\SetupBD.din
2010-08-02 01:29:34 0 dc----w- C:\drvrtmp
2010-08-01 20:15:12 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-08-01 19:25:50 0 d--h--w- c:\program files\WindowsUpdate
2010-08-01 19:25:33 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-08-01 18:53:52 10559 ----a-r- c:\windows\SET92.tmp
2010-08-01 18:53:51 22339 ----a-r- c:\windows\SET91.tmp
2010-08-01 18:53:44 13753 ----a-r- c:\windows\SET5C.tmp
2010-08-01 18:53:38 1086058 ----a-r- c:\windows\SET50.tmp
2010-08-01 18:53:35 1042903 ----a-r- c:\windows\SET4D.tmp
2010-08-01 17:56:33 10559 ----a-r- c:\windows\SET90.tmp
2010-08-01 17:56:31 22339 ----a-r- c:\windows\SET8F.tmp
2010-08-01 17:56:24 13753 ----a-r- c:\windows\SET5B.tmp
2010-08-01 17:56:16 1086058 ----a-r- c:\windows\SET4F.tmp
2010-08-01 17:56:12 1042903 ----a-r- c:\windows\SET4C.tmp
2010-08-01 16:50:34 10559 ----a-r- c:\windows\SET8E.tmp
2010-08-01 16:50:33 22339 ----a-r- c:\windows\SET8D.tmp
2010-08-01 16:50:29 13753 ----a-r- c:\windows\SET5A.tmp
2010-08-01 16:50:25 1086058 ----a-r- c:\windows\SET4E.tmp
2010-08-01 16:50:22 1042903 ----a-r- c:\windows\SET4B.tmp
2010-08-01 15:44:07 0 d-----w- c:\program files\common files\ODBC
2010-08-01 15:43:40 22339 ----a-r- c:\windows\SET108.tmp
2010-08-01 15:43:40 10559 ----a-r- c:\windows\SET109.tmp
2010-08-01 15:43:30 13753 ----a-r- c:\windows\SETD5.tmp
2010-08-01 15:43:25 1086058 ----a-r- c:\windows\SETC9.tmp
2010-08-01 15:43:23 1042903 ----a-r- c:\windows\SETC6.tmp
2010-07-30 06:31:30 0 d-----w- c:\program files\Windows Live SkyDrive
2010-07-30 06:27:47 0 d-----w- c:\program files\common files\Windows Live
2010-07-29 00:43:34 0 d-----w- c:\program files\Bonjour
2010-07-27 05:06:40 0 dc----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-27 05:06:40 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-27 03:16:02 207734 ----a-w- c:\windows\setupapi.old
2010-07-27 00:32:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 00:32:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 00:32:08 0 dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-27 00:32:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 17:54:05 0 d-----w- c:\program files\riva
2010-07-26 17:53:53 0 d-----w- c:\program files\Microsoft
2010-07-25 14:00:45 9200 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2010-07-25 14:00:45 9072 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2010-07-25 14:00:42 133616 ----a-w- c:\windows\system32\pxafs.dll
2010-07-24 23:34:51 0 ----a-w- c:\windows\system32\drivers\dcdzvo.sys
2010-07-24 23:34:42 190 --s-a-w- c:\windows\system32\1320402504.dat
2010-07-24 19:25:30 0 d-----w- c:\program files\common files\Macrovision Shared
2010-07-23 20:35:58 53248 ----a-w- c:\windows\system32\Process.exe
2010-07-23 20:35:58 288417 ----a-w- c:\windows\system32\SrchSTS.exe
2010-07-23 20:35:58 135168 ----a-w- c:\windows\system32\swreg.exe
2010-07-23 14:39:10 0 d-----w- c:\program files\AVG
2010-07-23 14:39:09 0 dc----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-23 03:59:13 0 d-----w- c:\windows\All Users
2010-07-21 17:39:53 0 d-----w- c:\program files\Free Window Registry Repair
==================== Find3M ====================
2010-08-04 01:11:51 22800 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-03 15:07:40 126568 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-13 23:13:18 5330 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-04-08 02:07:36 66269 -c--a-w- c:\program files\INSTALL.LOG
2009-08-03 00:34:35 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009080220090803\index.dat
============= FINISH: 10:27:24.31 ===============
I have a severe virus on my PC. I have ran AVG, Malwarebytes, Spybot, and Avast (on Boot Scan). I have found the same virus over and over.
VBS:ExeDropper-gen (Trj)
Win32/Z.bot.A
Need to get this off of my computer pronto!
Please help...
Some of the symptoms
**Broswer redirect
**Can not access Firefox or do certain functions in IE
**Missing deskstop shortcuts
**Can not open files that I opened before
There might be more then just that virus.
Here are the dds log
I have also provided the attach.zip
Thank You
DDS (Ver_10-03-17.01) - NTFSx86
Run by Same Cane at 10:24:04.09 on Wed 08/04/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1534.985 [GMT -4:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\SoftwareDistribution\Download\a37ea2d49e8a7659886ac76c226cad7d\update\update.exe
C:\Documents and Settings\Same Cane\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://support.dell.com/support/downloads/download.aspx?c=us&l=en&s=gen&releaseid=R130051&SystemID=DIMENSION%205150/E510&os=WW1&osl=en&deviceid=10373&devlib=0&typecnt=1&vercnt=2&formatcnt=1&libid=32&fileid=173334&appindex=ds
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\userinit.exe ,c:\windows\system32\userinlt.exe,c:\program files\microsoft\desktoplayer.exe,
BHO: rsion - No File
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {0347C33E-8762-4905-BF09-768834316C61} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: {d0025934-45ed-c023-0570-ccd5fe5b4cff} - No File
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [{4A7AE0E8-B158-65FC-94C1-73BF7C86022F}] "c:\documents and settings\same cane\application data\oruc\zacyc.exe"
uRun: [a256fb97-162a-4558-be23-08ae4bbcb195_46] rundll32.exe "c:\documents and settings\same cane\application data\a256fb97-162a-4558-be23-08ae4bbcb195_46.avi", start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\sameca~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {066040F0-5018-4E15-8AA0-81D36136D989}
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168065754156
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204692064375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab53852.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab31267.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = scecli scecli scecli scecli scecli
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\sameca~1\applic~1\mozilla\firefox\profiles\lpwshgds.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint_03050024.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-3 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-3 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-27 596336]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-27 596336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-12 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
S0 dcdzvo;dcdzvo;c:\windows\system32\drivers\dcdzvo.sys [2010-7-24 0]
S0 uhxp;uhxp;c:\windows\system32\drivers\slvl.sys --> c:\windows\system32\drivers\slvl.sys [?]
S1 nneslhrv;nneslhrv;\??\c:\windows\system32\drivers\nneslhrv.sys --> c:\windows\system32\drivers\nneslhrv.sys [?]
S2 gupdate1c9cb7829016c2a;Google Update Service (gupdate1c9cb7829016c2a);c:\program files\google\update\GoogleUpdate.exe [2009-5-2 133104]
S2 McDetect.exe;McDetect.exe; [x]
S2 McTskshd.exe;McTskshd.exe; [x]
S3 mcupdmgr.exe;mcupdmgr.exe; [x]
S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [2006-9-25 56576]
S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\saiuFF0C.sys [2006-9-25 19584]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2006-9-25 7548]
=============== Created Last 30 ================
2010-08-04 13:21:17 1355 ----a-w- c:\windows\imsins.BAK
2010-08-04 01:17:59 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2010-08-04 01:16:57 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe
2010-08-04 01:15:48 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-08-04 01:12:59 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-08-04 01:12:52 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-08-04 01:12:52 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-08-04 01:12:52 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-08-04 01:12:52 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-08-04 00:45:28 10559 ----a-r- c:\windows\SET9F.tmp
2010-08-04 00:45:27 22339 ----a-r- c:\windows\SET9E.tmp
2010-08-04 00:45:24 13753 ----a-r- c:\windows\SET67.tmp
2010-08-04 00:45:19 1086058 ----a-r- c:\windows\SET58.tmp
2010-08-04 00:45:17 1042903 ----a-r- c:\windows\SET55.tmp
2010-08-04 00:09:55 22339 ----a-r- c:\windows\SET9A.tmp
2010-08-04 00:09:55 10559 ----a-r- c:\windows\SET9B.tmp
2010-08-04 00:09:51 13753 ----a-r- c:\windows\SET66.tmp
2010-08-04 00:09:48 1086058 ----a-r- c:\windows\SET57.tmp
2010-08-04 00:09:46 1042903 ----a-r- c:\windows\SET54.tmp
2010-08-03 23:42:57 1086058 ----a-r- c:\windows\SET9C.tmp
2010-08-03 23:42:54 1042903 ----a-r- c:\windows\SET99.tmp
2010-08-03 18:45:42 38848 ----a-w- c:\windows\avastSS.scr
2010-08-03 18:45:17 0 dc----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-08-03 18:22:32 365 ----a-w- c:\documents and settings\same cane\Shortcut to Same Cane's Documents.lnk
2010-08-03 17:13:17 0 d-----w- c:\docume~1\sameca~1\applic~1\Oruc
2010-08-03 12:47:09 0 d-----w- c:\docume~1\sameca~1\applic~1\Leuvlo
2010-08-03 12:47:09 0 d-----w- c:\docume~1\sameca~1\applic~1\Itka
2010-08-03 08:54:44 0 d-----w- c:\docume~1\sameca~1\applic~1\Pouwsi
2010-08-03 05:05:45 0 d-----w- c:\docume~1\sameca~1\applic~1\Tuiw
2010-08-03 04:22:58 0 d-----w- c:\docume~1\sameca~1\applic~1\Elxii
2010-08-03 03:46:09 0 d-----w- c:\docume~1\sameca~1\applic~1\AceBIT
2010-08-03 03:45:37 0 d-----w- c:\docume~1\sameca~1\applic~1\AT&T
2010-08-03 03:45:37 0 d-----w- c:\docume~1\sameca~1\applic~1\AOL
2010-08-03 03:45:18 0 d-----w- c:\docume~1\sameca~1\applic~1\BellSouth
2010-08-03 03:45:12 0 d-----w- c:\docume~1\sameca~1\applic~1\Corel Photo Album
2010-08-03 03:45:11 0 d-----w- c:\docume~1\sameca~1\applic~1\GetRightToGo
2010-08-03 03:44:48 0 d-----w- c:\docume~1\sameca~1\applic~1\Icolvu
2010-08-03 03:44:46 0 d-----w- c:\docume~1\sameca~1\applic~1\iolo
2010-08-03 03:44:46 0 d-----w- c:\docume~1\sameca~1\applic~1\IEPro
2010-08-03 03:44:44 0 d-----w- c:\docume~1\sameca~1\applic~1\KompoZer
2010-08-03 03:44:37 0 d-----w- c:\docume~1\sameca~1\applic~1\Malwarebytes
2010-08-03 03:44:15 0 d-----w- c:\docume~1\sameca~1\applic~1\uTorrent
2010-08-03 03:44:15 0 d-----w- c:\docume~1\sameca~1\applic~1\Uniblue
2010-08-03 03:44:13 0 d-----w- c:\docume~1\sameca~1\applic~1\Windows Desktop Search
2010-08-02 02:55:39 0 d-----w- c:\windows\system32\CatRoot_bak
2010-08-02 01:30:59 1902 ----a-w- c:\windows\system32\SetupBD.din
2010-08-02 01:29:34 0 dc----w- C:\drvrtmp
2010-08-01 20:15:12 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-08-01 19:25:50 0 d--h--w- c:\program files\WindowsUpdate
2010-08-01 19:25:33 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-08-01 18:53:52 10559 ----a-r- c:\windows\SET92.tmp
2010-08-01 18:53:51 22339 ----a-r- c:\windows\SET91.tmp
2010-08-01 18:53:44 13753 ----a-r- c:\windows\SET5C.tmp
2010-08-01 18:53:38 1086058 ----a-r- c:\windows\SET50.tmp
2010-08-01 18:53:35 1042903 ----a-r- c:\windows\SET4D.tmp
2010-08-01 17:56:33 10559 ----a-r- c:\windows\SET90.tmp
2010-08-01 17:56:31 22339 ----a-r- c:\windows\SET8F.tmp
2010-08-01 17:56:24 13753 ----a-r- c:\windows\SET5B.tmp
2010-08-01 17:56:16 1086058 ----a-r- c:\windows\SET4F.tmp
2010-08-01 17:56:12 1042903 ----a-r- c:\windows\SET4C.tmp
2010-08-01 16:50:34 10559 ----a-r- c:\windows\SET8E.tmp
2010-08-01 16:50:33 22339 ----a-r- c:\windows\SET8D.tmp
2010-08-01 16:50:29 13753 ----a-r- c:\windows\SET5A.tmp
2010-08-01 16:50:25 1086058 ----a-r- c:\windows\SET4E.tmp
2010-08-01 16:50:22 1042903 ----a-r- c:\windows\SET4B.tmp
2010-08-01 15:44:07 0 d-----w- c:\program files\common files\ODBC
2010-08-01 15:43:40 22339 ----a-r- c:\windows\SET108.tmp
2010-08-01 15:43:40 10559 ----a-r- c:\windows\SET109.tmp
2010-08-01 15:43:30 13753 ----a-r- c:\windows\SETD5.tmp
2010-08-01 15:43:25 1086058 ----a-r- c:\windows\SETC9.tmp
2010-08-01 15:43:23 1042903 ----a-r- c:\windows\SETC6.tmp
2010-07-30 06:31:30 0 d-----w- c:\program files\Windows Live SkyDrive
2010-07-30 06:27:47 0 d-----w- c:\program files\common files\Windows Live
2010-07-29 00:43:34 0 d-----w- c:\program files\Bonjour
2010-07-27 05:06:40 0 dc----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-27 05:06:40 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-27 03:16:02 207734 ----a-w- c:\windows\setupapi.old
2010-07-27 00:32:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 00:32:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 00:32:08 0 dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-27 00:32:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 17:54:05 0 d-----w- c:\program files\riva
2010-07-26 17:53:53 0 d-----w- c:\program files\Microsoft
2010-07-25 14:00:45 9200 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2010-07-25 14:00:45 9072 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2010-07-25 14:00:42 133616 ----a-w- c:\windows\system32\pxafs.dll
2010-07-24 23:34:51 0 ----a-w- c:\windows\system32\drivers\dcdzvo.sys
2010-07-24 23:34:42 190 --s-a-w- c:\windows\system32\1320402504.dat
2010-07-24 19:25:30 0 d-----w- c:\program files\common files\Macrovision Shared
2010-07-23 20:35:58 53248 ----a-w- c:\windows\system32\Process.exe
2010-07-23 20:35:58 288417 ----a-w- c:\windows\system32\SrchSTS.exe
2010-07-23 20:35:58 135168 ----a-w- c:\windows\system32\swreg.exe
2010-07-23 14:39:10 0 d-----w- c:\program files\AVG
2010-07-23 14:39:09 0 dc----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-23 03:59:13 0 d-----w- c:\windows\All Users
2010-07-21 17:39:53 0 d-----w- c:\program files\Free Window Registry Repair
==================== Find3M ====================
2010-08-04 01:11:51 22800 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-03 15:07:40 126568 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-13 23:13:18 5330 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-04-08 02:07:36 66269 -c--a-w- c:\program files\INSTALL.LOG
2009-08-03 00:34:35 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009080220090803\index.dat
============= FINISH: 10:27:24.31 ===============