Maurice:
Here's the three scan reports. Had trouble with the GMER scan; had several crash dumps during teh scan, and finally had to boot in safe mode. Then, scan ran OK.
One thing I noticed is that after running McaFee quick scan, after the reboot, the pc acts OK until either another scan, or a reboot. Then continue to get crash dump screen. Anyway, here are the results of the scans:
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: could not delete file "C:\Users\Don\AppData\Local\temp\geyekr000"
Deletion of file "C:\Users\Don\AppData\Local\temp\geyekr000" failed!
Status: 0xc0000156
Error: could not delete file "C:\Windows\System32\drivers\geyekrocdmwyxp.sys"
Deletion of file "C:\Windows\System32\drivers\geyekrocdmwyxp.sys" failed!
Status: 0xc0000156
Error: file "C:\Windows\system32\drivers\SKYNEThiwqcpmy.sys" not found!
Deletion of file "C:\Windows\system32\drivers\SKYNEThiwqcpmy.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: could not delete file "C:\Windows\system32\geyekrnntptbvt.dll"
Deletion of file "C:\Windows\system32\geyekrnntptbvt.dll" failed!
Status: 0xc0000156
Error: file "C:\Windows\system32\SKYNETyiqrpnfq.dat" not found!
Deletion of file "C:\Windows\system32\SKYNETyiqrpnfq.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Windows\system32\SKYNETxctihped.dll" not found!
Deletion of file "C:\Windows\system32\SKYNETxctihped.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Windows\system32\SKYNETmisjusmt.dat" not found!
Deletion of file "C:\Windows\system32\SKYNETmisjusmt.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Windows\system32\SKYNETevnbwcxi.dll" not found!
Deletion of file "C:\Windows\system32\SKYNETevnbwcxi.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: could not delete file "C:\Windows\System32\geyekrcitdecti.dat"
Deletion of file "C:\Windows\System32\geyekrcitdecti.dat" failed!
Status: 0xc0000156
Error: could not delete file "C:\Windows\System32\geyekrdfepqgwh.dll"
Deletion of file "C:\Windows\System32\geyekrdfepqgwh.dll" failed!
Status: 0xc0000156
Error: could not delete file "C:\Windows\System32\geyekrvrivrnlm.dat"
Deletion of file "C:\Windows\System32\geyekrvrivrnlm.dat" failed!
Status: 0xc0000156
Error: file "C:\Windows\Temp\geyekreevuxmryit.tmp" not found!
Deletion of file "C:\Windows\Temp\geyekreevuxmryit.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\drivers\msqpdxserv.sys" not found!
Deletion of file "c:\windows\system32\drivers\msqpdxserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\windows\system32\drivers\tdssserv.sys" not found!
Deletion of file "C:\windows\system32\drivers\tdssserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\drivers\TDSSmact.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\TDSSmact.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\sysguard.exe" not found!
Deletion of file "c:\windows\sysguard.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\sdra64.exe" not found!
Deletion of file "c:\windows\system32\sdra64.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Driver "SKYNETrpbltdkt" deleted successfully.
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\geyekrocdmwyxp" not found!
Deletion of driver "geyekrocdmwyxp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\SKYNEThiwqcpmy" not found!
Deletion of driver "SKYNEThiwqcpmy" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Driver "geyekrxdxiwesy" deleted successfully.
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gxvxcserv" not found!
Deletion of driver "gxvxcserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ovfsthx" not found!
Deletion of driver "ovfsthx" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\UACd.sys" not found!
Deletion of driver "UACd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\UACd" not found!
Deletion of driver "UACd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gaopdxserv.sys" not found!
Deletion of driver "gaopdxserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gaopdxserv" not found!
Deletion of driver "gaopdxserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gaopdx" not found!
Deletion of driver "gaopdx" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdss" not found!
Deletion of driver "tdss" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdssserv" not found!
Deletion of driver "tdssserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\msqpdxserv" not found!
Deletion of driver "msqpdxserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: "C:\Users\Don\AppData\Local\temp\geyekr000" is not a folder! It may instead be a file.
Deletion of folder "C:\Users\Don\AppData\Local\temp\geyekr000" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file
Error: folder "C:\recycler" not found!
Deletion of folder "C:\recycler" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: could not open folder "D:\recycler"
Deletion of folder "D:\recycler" failed!
Status: 0xc0000013
Error: could not open folder "e:\recycler"
Deletion of folder "e:\recycler" failed!
Status: 0xc0000013
Error: folder "f:\recycler" not found!
Deletion of folder "f:\recycler" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: could not open folder "g:\recycler"
Deletion of folder "g:\recycler" failed!
Status: 0xc0000013
Error: could not open folder "h:\recycler"
Deletion of folder "h:\recycler" failed!
Status: 0xc0000013
Completed script processing.
*******************
Finished! Terminate.
Here's the GMER report:
GMER 1.0.15.15011 [gmer.exe] -
http://www.gmer.net
Rootkit scan 2009-08-04 22:07:49
Windows 6.0.6001 Service Pack 1
---- System - GMER 1.0.15 ----
Code 87396130 ZwEnumerateKey
Code 87361130 ZwFlushInstructionCache
Code 884262CE ZwSaveKey
Code 8737C12E ZwSaveKeyEx
Code 8842134D IofCallDriver
Code 868B3976 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCompleteRequest 8226DFE2 5 Bytes JMP 868B397B
.text ntkrnlpa.exe!IofCallDriver 822EFF6F 5 Bytes JMP 88421352
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 823E630B 5 Bytes JMP 87361134
PAGE ntkrnlpa.exe!ZwEnumerateKey 8243BBA2 5 Bytes JMP 87396134
PAGE ntkrnlpa.exe!ZwSaveKey 82489523 5 Bytes JMP 884262D2
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8248962A 5 Bytes JMP 8737C132
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[220] ntdll.dll!LdrLoadDll 774E7933 5 Bytes JMP 002F000A
.text C:\Windows\system32\wbem\unsecapp.exe[500] ntdll.dll!LdrLoadDll 774E7933 5 Bytes JMP 001B000A
.text C:\Windows\system32\winlogon.exe[544] ntdll.dll!LdrLoadDll 774E7933 5 Bytes JMP 0074000A
.text C:\Windows\system32\lsm.exe[612] ntdll.dll!LdrLoadDll 774E7933 5 Bytes JMP 001C000A
.text C:\Windows\system32\svchost.exe[760] ntdll.dll!LdrLoadDll 774E7933 5 Bytes JMP 0026000A
.text ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74377BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [743B98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7437D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7436F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74377599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7436E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743AB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7437D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7437012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74370095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743671F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [743FD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [743975E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7436DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7436668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743666BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74371E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- Services - GMER 1.0.15 ----
Service C:\Windows\system32\drivers\geyekrocdmwyxp.sys (*** hidden *** ) [SYSTEM] geyekrxdxiwesy <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy@imagepath \systemroot\system32\drivers\geyekrocdmwyxp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy\main@aid 10063
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy\modules@geyekrrk.sys \systemroot\system32\drivers\geyekrocdmwyxp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy\modules@geyekrcmd.dll \systemroot\system32\geyekrcireqlfo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy\modules@geyekrlog.dat \systemroot\system32\geyekrbrbexmob.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrxdxiwesy\modules@geyekrwsp.dll \systemroot\system32\geyekrmyrdwjqx.dll
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy@imagepath \systemroot\system32\drivers\geyekrocdmwyxp.sys
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy\main@aid 10063
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy\modules@geyekrrk.sys \systemroot\system32\drivers\geyekrocdmwyxp.sys
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy\modules@geyekrcmd.dll \systemroot\system32\geyekrdfepqgwh.dll
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy\modules@geyekrlog.dat \systemroot\system32\geyekrcitdecti.dat
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy\modules@geyekrwsp.dll \systemroot\system32\geyekrnntptbvt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\geyekrxdxiwesy\modules@geyekr.dat \systemroot\system32\geyekrvrivrnlm.dat
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy@imagepath \systemroot\system32\drivers\geyekrocdmwyxp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy\main@aid 10063
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy\modules@geyekrrk.sys \systemroot\system32\drivers\geyekrocdmwyxp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy\modules@geyekrcmd.dll \systemroot\system32\geyekrdfepqgwh.dll
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy\modules@geyekrlog.dat \systemroot\system32\geyekrcitdecti.dat
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy\modules@geyekrwsp.dll \systemroot\system32\geyekrnntptbvt.dll
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrxdxiwesy\modules@geyekr.dat \systemroot\system32\geyekrvrivrnlm.dat
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy@imagepath \systemroot\system32\drivers\geyekrocdmwyxp.sys
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy\main@aid 10063
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy\main@sid 0
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy\modules@geyekrrk.sys \systemroot\system32\drivers\geyekrocdmwyxp.sys
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy\modules@geyekrcmd.dll \systemroot\system32\geyekrdfepqgwh.dll
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy\modules@geyekrlog.dat \systemroot\system32\geyekrcitdecti.dat
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy\modules@geyekrwsp.dll \systemroot\system32\geyekrnntptbvt.dll
Reg HKLM\SYSTEM\ControlSet004\Services\geyekrxdxiwesy\modules@geyekr.dat \systemroot\system32\geyekrvrivrnlm.dat
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy@imagepath \systemroot\system32\drivers\geyekrocdmwyxp.sys
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy\main@aid 10063
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy\main@sid 0
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy\modules@geyekrrk.sys \systemroot\system32\drivers\geyekrocdmwyxp.sys
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy\modules@geyekrcmd.dll \systemroot\system32\geyekrdfepqgwh.dll
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy\modules@geyekrlog.dat \systemroot\system32\geyekrcitdecti.dat
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy\modules@geyekrwsp.dll \systemroot\system32\geyekrnntptbvt.dll
Reg HKLM\SYSTEM\ControlSet005\Services\geyekrxdxiwesy\modules@geyekr.dat \systemroot\system32\geyekrvrivrnlm.dat
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy@imagepath \systemroot\system32\drivers\geyekrocdmwyxp.sys
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy\main@aid 10063
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy\main@sid 0
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy\modules@geyekrrk.sys \systemroot\system32\drivers\geyekrocdmwyxp.sys
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy\modules@geyekrcmd.dll \systemroot\system32\geyekrcireqlfo.dll
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy\modules@geyekrlog.dat \systemroot\system32\geyekrbrbexmob.dat
Reg HKLM\SYSTEM\ControlSet006\Services\geyekrxdxiwesy\modules@geyekrwsp.dll \systemroot\system32\geyekrmyrdwjqx.dll
---- Files - GMER 1.0.15 ----
File C:\Users\Don\AppData\Local\temp\geyekr000 0 bytes
File C:\Windows\System32\drivers\geyekrocdmwyxp.sys 69632 bytes <-- ROOTKIT !!!
File C:\Windows\System32\geyekrvrivrnlm.dat 91 bytes
File C:\Windows\System32\geyekrbrbexmob.dat 1549 bytes
File C:\Windows\System32\geyekrcireqlfo.dll 43008 bytes
File C:\Windows\System32\geyekrcitdecti.dat 174392 bytes
File C:\Windows\System32\geyekrdfepqgwh.dll 43008 bytes
File C:\Windows\System32\geyekrhicpjcmu.dat 91 bytes
File C:\Windows\System32\geyekrmyrdwjqx.dll 19456 bytes
File C:\Windows\System32\geyekrnntptbvt.dll 18432 bytes
---- EOF - GMER 1.0.15 ----
And here is the OTL log:
OTL logfile created on: 8/4/2009 10:09:14 PM - Run 6
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Don\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 372.61 Gb Total Space | 331.79 Gb Free Space | 89.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 698.63 Gb Total Space | 602.31 Gb Free Space | 86.21% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DON-PC
Current User Name: Don
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2008/10/29 08:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/19 09:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 09:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/03/03 04:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/01/08 20:30:26 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/07/31 21:49:55 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2007/05/15 16:08:40 | 00,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca [Auto | Stopped])
SRV - [2009/02/02 02:33:18 | 00,317,440 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent [Auto | Stopped])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008/11/05 17:35:08 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2008/07/27 20:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/19 09:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 14:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 14:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/19 09:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/20 03:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - File not found -- -- (FYMMY [On_Demand | Stopped])
SRV - [2009/03/22 15:59:04 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/20 03:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/04/13 17:49:00 | 00,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC [Auto | Stopped])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2006/12/15 02:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Stopped])
SRV - [2008/07/26 08:27:42 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Stopped])
SRV - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Stopped])
SRV - [2009/04/01 14:21:30 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Stopped])
SRV - [2009/03/25 11:05:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Stopped])
SRV - [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Stopped])
SRV - [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - File not found -- -- (MicrosoftTHREADORDER [Auto | Stopped])
SRV - [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2008/06/20 03:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/12/24 02:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008/11/04 22:34:50 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Stopped])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/01/19 09:35:27 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2007/01/25 19:31:34 | 00,093,048 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2008/01/19 09:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [On_Demand | Stopped])
SRV - [2008/01/19 09:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tbff50ie7&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query="
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/20 16:12:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/03/20 19:41:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/06/24 10:59:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/14 17:20:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2009/07/17 17:14:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/07/14 15:32:40 | 00,000,000 | ---D | M]
[2008/09/06 20:11:48 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\mozilla\Firefox\Profiles\45zlaw1e.default\extensions
[2007/12/09 15:46:29 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\mozilla\Firefox\Profiles\45zlaw1e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/09/10 17:49:01 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\mozilla\Firefox\Profiles\45zlaw1e.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2008/09/06 20:11:46 | 00,000,246 | ---- | M] () -- C:\Users\Don\AppData\Roaming\Mozilla\FireFox\Profiles\45zlaw1e.default\searchplugins\AIM Search.src
[2008/09/10 17:49:10 | 00,001,010 | ---- | M] () -- C:\Users\Don\AppData\Roaming\Mozilla\FireFox\Profiles\45zlaw1e.default\searchplugins\aimsearch.gif
[2008/09/10 17:49:10 | 00,000,301 | ---- | M] () -- C:\Users\Don\AppData\Roaming\Mozilla\FireFox\Profiles\45zlaw1e.default\searchplugins\aimsearch.src
[2008/11/22 12:00:04 | 00,000,275 | ---- | M] () -- C:\Users\Don\AppData\Roaming\Mozilla\FireFox\Profiles\45zlaw1e.default\searchplugins\search.xml
[2009/07/30 17:20:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/10/06 11:21:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/10/06 11:20:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/30 17:20:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2007/10/06 11:20:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\realplayer@partners.mozilla.com
[2007/10/06 11:20:50 | 00,060,526 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/10/06 11:20:51 | 00,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/10/06 11:20:50 | 00,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2003/03/18 21:20:00 | 01,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\mfc71.dll
[2003/02/21 04:42:22 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr71.dll
[2009/07/30 17:19:52 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/01/04 23:57:08 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/01/08 01:14:26 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/05/19 10:05:00 | 00,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\mozilla firefox\plugins\npmfv.dll
[2007/10/06 11:20:51 | 00,017,032 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/10/06 11:22:06 | 00,140,624 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/14 15:32:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/14 15:32:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/14 15:32:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/14 15:32:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/14 15:32:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/14 15:32:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/14 15:32:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/10/06 11:22:18 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2007/10/06 11:21:56 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2005/08/09 20:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2007/10/06 11:20:52 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2007/10/06 11:20:52 | 00,000,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2007/10/06 11:20:52 | 00,001,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png
[2007/10/06 11:20:52 | 00,000,539 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src
[2007/10/06 11:20:52 | 00,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2007/10/06 11:20:52 | 00,001,007 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2007/10/06 11:20:52 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2007/10/06 11:20:52 | 00,001,056 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2007/10/06 11:20:52 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2007/10/06 11:20:52 | 00,000,718 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2007/10/06 11:20:52 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2007/10/06 11:20:52 | 00,001,122 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src
O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\system32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\system32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Replay AV] C:\Program Files\Replay AV 8\ReplayAV.exe (Applian Technologies Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
http://download.mcafee.com/molbin/iss-loc/...678/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 83.169.185.97
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 00,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 14 Days ==========
[2009/08/04 21:29:44 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/08/04 21:27:25 | 02,880,620 | -H-- | C] () -- C:\Users\Don\AppData\Local\IconCache.db
[2009/08/04 17:51:10 | 00,000,000 | ---D | C] -- C:\Users\Don\Desktop\Avenger
[2009/08/04 17:35:38 | 00,021,189 | ---- | C] () -- C:\Users\Don\Desktop\Fix-instructions 4 Aug 09.docx
[2009/08/04 08:33:16 | 00,278,846 | ---- | C] () -- C:\Users\Don\Desktop\gmer.zip
[2009/08/04 08:27:46 | 04,626,422 | ---- | C] () -- C:\Users\Don\Desktop\avz4.zip
[2009/08/04 08:27:22 | 00,000,000 | ---D | C] -- C:\Users\Don\Desktop\avz4
[2009/08/03 15:14:31 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/08/03 15:14:22 | 00,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/03 15:14:21 | 00,000,000 | ---D | C] -- C:\Users\Don\AppData\Roaming\SUPERAntiSpyware.com
[2009/08/03 15:14:21 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/03 14:57:51 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/08/02 21:03:33 | 03,153,042 | R--- | C] () -- C:\Users\Don\Desktop\Combo-Fix.exe
[2009/08/02 20:13:40 | 00,000,000 | ---D | C] -- C:\Users\Don\Desktop\FixPolicies
[2009/08/02 20:12:00 | 00,185,065 | ---- | C] () -- C:\Users\Don\Desktop\FixPolicies.exe
[2009/08/01 21:54:44 | 00,000,000 | ---D | C] -- C:\Users\Don\Desktop\Fix1Aug09
[2009/07/31 21:49:53 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe
[2009/07/31 16:47:15 | 00,000,706 | ---- | C] () -- C:\Users\Don\Desktop\opera.exe - Shortcut.lnk
[2009/07/30 21:37:04 | 00,000,000 | ---D | C] -- C:\DCE
[2009/07/30 21:05:36 | 00,035,127 | ---- | C] () -- C:\Users\Public\Documents\Malwarebytes Forum 30 July 09.docx
[2009/07/30 17:19:50 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/07/30 16:52:09 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/30 11:16:36 | 00,287,232 | ---- | C] () -- C:\Users\Don\Desktop\gmer.exe
[2009/07/25 19:42:17 | 00,562,539 | ---- | C] () -- C:\Users\Don\Desktop\SecurityCheck.exe
[2009/07/24 15:53:43 | 00,000,733 | ---- | C] () -- C:\Users\Don\Desktop\NTREGOPT.lnk
[2009/07/24 15:53:43 | 00,000,714 | ---- | C] () -- C:\Users\Don\Desktop\ERUNT.lnk
[2009/07/24 15:53:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
========== Files - Modified Within 14 Days ==========
[2009/08/04 21:51:14 | 02,514,382 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/04 21:51:14 | 00,757,910 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/04 21:51:14 | 00,005,064 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/04 21:47:14 | 00,005,349 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/08/04 21:44:45 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/04 21:42:04 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/04 21:42:04 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/04 21:42:03 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/04 21:40:51 | 26,177,6476 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/08/04 21:40:48 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2009/08/04 21:27:25 | 02,880,620 | -H-- | M] () -- C:\Users\Don\AppData\Local\IconCache.db
[2009/08/04 21:21:18 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/08/04 17:35:38 | 00,021,189 | ---- | M] () -- C:\Users\Don\Desktop\Fix-instructions 4 Aug 09.docx
[2009/08/04 16:10:23 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{09FC0A04-5003-4B4F-9F6B-0F4197BFE6BC}.job
[2009/08/04 08:34:01 | 00,287,232 | ---- | M] () -- C:\Users\Don\Desktop\gmer.exe
[2009/08/04 08:33:17 | 00,278,846 | ---- | M] () -- C:\Users\Don\Desktop\gmer.zip
[2009/08/04 08:27:49 | 04,626,422 | ---- | M] () -- C:\Users\Don\Desktop\avz4.zip
[2009/08/03 15:14:22 | 00,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/03 14:52:18 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/08/03 14:51:59 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/02 21:03:43 | 03,153,042 | R--- | M] () -- C:\Users\Don\Desktop\Combo-Fix.exe
[2009/08/02 20:12:01 | 00,185,065 | ---- | M] () -- C:\Users\Don\Desktop\FixPolicies.exe
[2009/08/02 11:45:57 | 00,142,944 | ---- | M] () -- C:\Users\Don\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/02 10:53:04 | 00,474,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/02 00:19:48 | 00,002,032 | ---- | M] () -- C:\Users\Don\AppData\Local\d3d9caps.dat
[2009/07/31 21:49:55 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Don\Desktop\OTL.exe
[2009/07/31 16:47:15 | 00,000,706 | ---- | M] () -- C:\Users\Don\Desktop\opera.exe - Shortcut.lnk
[2009/07/30 21:05:37 | 00,035,127 | ---- | M] () -- C:\Users\Public\Documents\Malwarebytes Forum 30 July 09.docx
[2009/07/25 19:42:19 | 00,562,539 | ---- | M] () -- C:\Users\Don\Desktop\SecurityCheck.exe
[2009/07/24 15:53:43 | 00,000,733 | ---- | M] () -- C:\Users\Don\Desktop\NTREGOPT.lnk
[2009/07/24 15:53:43 | 00,000,714 | ---- | M] () -- C:\Users\Don\Desktop\ERUNT.lnk
========== LOP Check ==========
[2009/08/03 15:14:21 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming
[2008/09/02 21:18:52 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\acccore
[2008/07/13 12:53:47 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Ahead
[2008/09/02 21:18:23 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\AIM
[2008/11/12 19:38:04 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Autodesk
[2009/06/07 18:28:28 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Canon
[2007/08/20 18:47:38 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Centra
[2008/04/13 12:34:35 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Intuit
[2008/09/02 19:07:40 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Leadertech
[2006/11/02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Media Center Programs
[2009/03/27 00:41:46 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Nokia
[2008/10/13 16:41:07 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\NSeries
[2007/05/11 16:28:15 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Opera
[2008/10/13 16:41:20 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\PC Suite
[2009/06/12 17:43:15 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\PureEdge
[2008/04/11 13:13:00 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\ScanSoft
[2007/07/03 22:59:14 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Share-to-Web Upload Folder
[2007/05/10 18:21:16 | 00,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Template
[2009/07/20 10:18:00 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/07/15 01:00:00 | 00,000,336 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/06/01 01:00:10 | 00,000,328 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/08/04 21:42:04 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/04 21:27:26 | 00,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/08/04 16:10:23 | 00,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{09FC0A04-5003-4B4F-9F6B-0F4197BFE6BC}.job
========== Purity Check ==========
< End of report >
What's next?
Don
Sign In
Create Account
3
Gmer_4Aug09.txt 42.16K
20 downloads
virusinfo_syscheck.htm 125.37K
28 downloads
Back to top
