Jump to content


Photo
- - - - -

Malwarebytes, Hijack This, Unhack Me will not run

Started by ghettogirll, Aug 30 2009 04:49 PM

  • This topic is locked This topic is locked
81 replies to this topic

#61 ghettogirll

ghettogirll

    New Member

  • Members
  • Pip
  • 46 posts
  • Gender:Female

Posted 25 September 2009 - 01:26 AM

OK, I ran WebCureIt but made a mistake and closed it before I saved the log. However, it said there were no viruses detected. If need be, I can run it again to produce a log.


Here is the DDS.log....



DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 2:20:57.33 on Fri 09/25/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.196 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [nwiz] nwiz.exe /install
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Sunshine%20Acres/Images/stg_drm.ocx
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184185348947
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Heartwild%20Solitaire/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\pupvatsk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={D89E47D3-B546-7880-3696-88E2B380E303}&q=
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pupvatsk.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 prohlp01;StarForce Protection Helper Driver v1;c:\windows\system32\drivers\prohlp01.sys [2002-12-26 61728]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214024]
R1 prodrv05;StarForce Protection Environment Driver v5;c:\windows\system32\drivers\prodrv05.sys [2002-12-26 53568]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-24 144704]
R3 als4k;Avance Wave Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys [2000-3-6 25658]
R3 ALS4KMF;ALS4KMF;c:\windows\system32\drivers\mf.sys [2004-8-3 63744]
R3 alsgame;Gameport for ALS4000 (WDM);c:\windows\system32\drivers\alsgame.sys [2000-2-24 10012]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-24 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-24 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-24 40552]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-24 359952]
R4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-9-24 606736]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 mbr;mbr;\??\c:\docume~1\owner\locals~1\temp\mbr.sys --> c:\docume~1\owner\locals~1\temp\mbr.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-24 34248]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 nenum13E;nenum13E;\??\c:\docume~1\owner\locals~1\temp\nenum13e.sys --> c:\docume~1\owner\locals~1\temp\nenum13E.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-4-18 34760]
S4 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-7-9 78104]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-09-24 04:03 5,001 a------- c:\windows\system32\Config.MPF
2009-09-24 03:58 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-09-24 03:58 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-09-24 03:58 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-09-24 03:58 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-09-24 03:57 <DIR> --d----- c:\program files\common files\McAfee
2009-09-24 03:57 <DIR> --d----- c:\program files\McAfee.com
2009-09-24 03:57 <DIR> --d----- c:\program files\McAfee
2009-09-24 03:53 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-09-22 13:31 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 13:31 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-22 13:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 03:25 <DIR> --d----- c:\program files\Slingo Mystery - Who's Gold
2009-09-22 03:22 <DIR> --d----- c:\program files\Paradise Beach
2009-09-20 23:04 <DIR> --d----- c:\program files\Funkitron
2009-09-16 14:19 <DIR> --d----- c:\program files\ESET
2009-09-16 13:45 <DIR> --d----- c:\docume~1\owner\applic~1\Merscom
2009-09-15 13:19 <DIR> --d----- c:\docume~1\owner\applic~1\Once Upon a Time in Chicago
2009-09-15 13:19 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Once Upon a Time in Chicago
2009-09-13 18:20 <DIR> --d----- c:\program files\AskBarDis
2009-09-13 13:44 <DIR> --d----- c:\docume~1\owner\applic~1\Sanna
2009-09-13 13:38 <DIR> --d----- c:\windows\The Legend of Sanna - Rise of a Great Colony
2009-09-13 13:38 <DIR> --d----- c:\program files\The Legend of Sanna - Rise of a Great Colony
2009-09-12 01:00 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\FarmFrenzy3
2009-09-12 00:58 <DIR> --d----- c:\program files\Alawar
2009-09-10 12:43 <DIR> --d----- c:\program files\Farm Frenzy
2009-09-07 17:21 <DIR> --d----- c:\docume~1\owner\applic~1\DivoGames
2009-09-07 16:58 <DIR> --d----- c:\program files\Be Richer
2009-09-07 16:54 <DIR> --d----- c:\windows\Be Richer
2009-09-05 15:20 <DIR> --d----- c:\program files\Zylom Games
2009-09-05 14:01 <DIR> --d----- c:\program files\RealArcade
2009-09-04 12:04 <DIR> -cd----- C:\_OTL
2009-09-04 02:00 <DIR> --d----- C:\DCE
2009-09-04 01:46 <DIR> --d----- c:\windows\ERUNT
2009-09-04 01:46 <DIR> -cd----- C:\!FixIEDef
2009-09-02 01:50 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-31 12:46 <DIR> --d----- c:\program files\Iceblast
2009-08-30 21:47 <DIR> -cd----- C:\Combo-Fix
2009-08-30 21:31 664 a------- c:\windows\system32\d3d9caps.dat
2009-08-30 18:46 <DIR> --d----- c:\program files\Lavalys
2009-08-30 18:03 <DIR> --d----- c:\documents and settings\owner\DoctorWeb
2009-08-30 16:56 <DIR> acdshr-- C:\cmdcons
2009-08-30 16:54 229,888 a------- c:\windows\PEV.exe
2009-08-30 16:54 161,792 a------- c:\windows\SWREG.exe
2009-08-30 16:54 98,816 a------- c:\windows\sed.exe
2009-08-29 19:27 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-29 19:01 <DIR> -cd----- C:\desktop.ini
2009-08-29 19:01 <DIR> -cd----- C:\comment.htt
2009-08-29 19:01 <DIR> -cd----- C:\autorun.inf
2009-08-29 17:36 <DIR> --d-h--- c:\documents and settings\owner\Recent(2)
2009-08-29 00:57 <DIR> --d----- c:\program files\iWin.com
2009-08-29 00:54 <DIR> --d----- c:\program files\iWin Games
2009-08-28 19:13 <DIR> --d----- c:\docume~1\owner\applic~1\panoramik
2009-08-28 18:53 <DIR> --d----- c:\windows\8HPW4CJRY6ELT18G
2009-08-27 11:50 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\game_fillup_v2_usa
2009-08-27 02:04 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\fillup

==================== Find3M ====================

2009-08-21 01:16 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-08-06 01:18 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll
2007-12-10 16:19 32 ac---r-- c:\documents and settings\all users\hash.dat
2007-10-30 18:38 110 ac------ c:\docume~1\alluse~1\applic~1\MostFunGameId.bin
2007-09-26 21:10 774,144 a------- c:\program files\RngInterstitial.dll
2009-04-18 16:31 2 a--shrot c:\windows\winstart.bat
2002-07-31 19:55 102 -c-sh--- c:\windows\WSYS049.SYS

============= FINISH: 2:23:01.92 ===============


Here is the Attach.log....



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/11/2007 03:51:33 PM
System Uptime: 9/25/2009 02:13:53 AM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | <<P4T>>
Processor: Intel® Pentium® 4 CPU 1400MHz | PGA 423 | 1406/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 19.419 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter
Device ID: PCI\VEN_1113&DEV_1211&SUBSYS_9207103C&REV_10\4&2B96F39&0&38F0
Manufacturer: Hewlett Packard
Name: HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1113&DEV_1211&SUBSYS_9207103C&REV_10\4&2B96F39&0&38F0
Service: rtl8139

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&15F50029&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&15F50029&0
Service: i8042prt

==== System Restore Points ===================

RP486: 9/24/2009 04:03:04 AM - Installed Tweakui Powertoy for Windows XP

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
Adobe Shockwave Player 11.5
Apple Software Update
Be Richer
Big Fish Games Client
CAM UnZip 4.42
CCleaner (remove only)
CEP - Color Enable Package
Colour Options 2.0 (beta) for The Sims 2 (and Sims 2 University
Critical Update for Windows Media Player 11 (KB959772)
Direct Show Ogg Vorbis Filter (remove only)
DirectX for Managed Code Update (December 2004)
EA Download Manager
ESET Online Scanner v3
EVGA Display Driver
GameHouse
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Update
iWin Games (remove only)
Java™ 6 Update 11
Java™ 6 Update 2
Java™ 6 Update 3
KnightsAndMerchants
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Network Play System (Patching)
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OpenAL
Paradise Beach
PC Camera
QuickTime
RealArcade
REALTEK GbE & FE Ethernet PCI NIC Driver
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SimCity 2000® Special Edition
Slingo Mystery: Who's Gold
System Requirements Lab
Tabloid Tycoon (remove only)
The Game Of Life
The Legend of Sanna - Rise of a Great Colony
The Sims 2
The Sims 2 Glamour Life Stuff
The Sims 2 Open For Business
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 IKEA® Home Stuff
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
Theme Hospital
Timershot Powertoy for Windows XP
TomTom HOME 2.7.2.1825
TomTom HOME Visual Studio Merge Modules
Tradewinds Odyssey
TSR Installation Wizard 2
Tweakui Powertoy for Windows XP
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Vuze
Web Games Player Plugin
WebFldrs XP
WebReg
Westward III: Gold Rush
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Yahtzee

==== Event Viewer Messages From Past Week ========

9/24/2009 12:30:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
9/24/2009 12:29:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec mfehidk MPFP MRxSmb NetBIOS NetBT Processor prodrv05 RasAcd Rdbss SASKUTIL Tcpip
9/24/2009 04:02:50 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file 'temp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/22/2009 12:48:46 PM, error: PlugPlayManager [11] - The device Root\LEGACY_OCTP\0000 disappeared from the system without first being prepared for removal.
9/22/2009 03:01:39 AM, error: PlugPlayManager [11] - The device Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226EE}\0000 disappeared from the system without first being prepared for removal.
9/22/2009 03:01:38 AM, error: PlugPlayManager [11] - The device Root\LEGACY_ROOTREPEAL\0000 disappeared from the system without first being prepared for removal.
9/22/2009 03:01:00 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file 'ap' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/22/2009 02:53:22 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
9/22/2009 02:53:03 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/21/2009 12:49:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
9/21/2009 12:49:10 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
9/21/2009 01:35:37 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'KB932168' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/20/2009 06:46:42 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
9/20/2009 06:42:45 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'temp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/20/2009 03:25:44 AM, error: PlugPlayManager [11] - The device Root\LEGACY_WHFPGLVN\0000 disappeared from the system without first being prepared for removal.
9/19/2009 05:59:17 PM, error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: Access is denied.
9/19/2009 05:59:17 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
9/19/2009 05:23:15 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
9/19/2009 04:33:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/19/2009 04:33:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/19/2009 04:32:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/19/2009 04:32:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor prodrv05 RasAcd Rdbss SASKUTIL ssmdrv Tcpip
9/19/2009 04:32:03 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2009 04:32:03 PM, error: Service Control Manager [7001] - The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2009 04:32:03 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2009 04:32:03 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2009 04:32:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================

#62 ghettogirll

ghettogirll

    New Member

  • Members
  • Pip
  • 46 posts
  • Gender:Female

Posted 26 September 2009 - 02:29 AM

Ran another Mbam scan again, here are the results.....


Malwarebytes' Anti-Malware 1.41
Database version: 2843
Windows 5.1.2600 Service Pack 3

9/26/2009 01:55:22 AM
mbam-log-2009-09-26 (01-55-22).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 215084
Time elapsed: 2 hour(s), 18 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#63 Maurice Naggar

Maurice Naggar

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,598 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 26 September 2009 - 07:27 AM

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!
Posted Image
If you are a casual viewer, do NOT try this on your system!
If you are not ghettogirll and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!
Posted Image Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

=

Step #1: Go to Microsoft's website Here ===>>> http://support.microsoft.com/kb/310994
Select the download for XP HOME Service Pack 2

Posted Image

Step #2: Let Combofix Install Recovery Console
Download the appropriate file from above to your Desktop, right next to Combofix.exe (the red lion icon)..
Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it.

Posted Image

Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. You should see this box if the process was successful:

Posted Image

Click "No" in the box.

Posted Image Important. Now Delete the Microsoft Setup download you had just gotten.

When complete, a log named CF_RC.txt will open. Save it to your Desktop and close Notepad.

<Credit Bill Castner for the above directions>
=

Step #3:
Reboot your machine , watch carefully and be ready at keyboard and when you get to the Boot Menu, select "Microsoft Windows Recovery Console"
Use the UP or DOWN arrow to highlight and select Recovery Console and press ENTER

Posted Image

When you get to the above screen, take note the number that references your operating system. If it's '1' like the picture above, type 1 and press Enter

Posted Image

Next type FIXMBR and press ENTER key

Posted Image

If it ask if you're sure you want to write a new MBR, answer 'Y'
Then type EXIT to reboot the machine.

<Credit sUBs for the above directions and snapshot graphics>
=

Step #4: Next, after Windows has restarted:

The MBAM definitions on your system are not current. Let's get MBAM updated & do a Quick scan.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.
At this time of posting, the current definitions are # 2861.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step #5:
Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.
=

Step #6:
If you already have Securitycheck.exe then skip the download.

Download Security Check by screen317 and save it to your Desktop: here or here
  • Next, run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Posted Image If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Reply with copy of the MBAM scan log
Gmer.txt
and checkup.txt
and tell me, How is your system now ?
Maurice Naggar
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#64 ghettogirll

ghettogirll

    New Member

  • Members
  • Pip
  • 46 posts
  • Gender:Female

Posted 26 September 2009 - 04:24 PM

I did as you said with combo-fix. However, when I rebooted and tried to go into microsoft recovery console it said this: NTLDR is compressed Press Ctrl+Alt+Del to restart. And wouldn't let me continue without restarting. Here is the log from combo-fix....


ComboFix 09-09-25.01 - Owner 09/26/2009 16:33.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.264 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))
.

2009-09-26 20:30 . 2009-09-26 20:32 -------- dc----w- C:\Combo-Fix24184C
2009-09-22 17:31 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 17:31 . 2009-09-22 17:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 17:31 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-22 07:37 . 2009-09-22 07:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Astar Games
2009-09-21 03:04 . 2009-09-21 04:15 -------- d-----w- c:\program files\Funkitron
2009-09-19 21:21 . 2009-09-19 21:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-16 18:19 . 2009-09-16 18:19 -------- d-----w- c:\program files\ESET
2009-09-16 17:45 . 2009-09-18 07:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Merscom
2009-09-15 17:19 . 2009-09-15 17:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Once Upon a Time in Chicago
2009-09-15 17:19 . 2009-09-15 17:19 -------- dc----w- c:\documents and settings\All Users\Application Data\Once Upon a Time in Chicago
2009-09-13 22:20 . 2009-09-13 22:20 -------- d-----w- c:\program files\AskBarDis
2009-09-13 17:44 . 2009-09-13 17:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Sanna
2009-09-13 17:38 . 2009-09-13 17:38 -------- d-----w- c:\program files\The Legend of Sanna - Rise of a Great Colony
2009-09-13 17:38 . 2009-09-13 17:38 -------- d-----w- c:\windows\The Legend of Sanna - Rise of a Great Colony
2009-09-12 05:00 . 2009-09-12 05:04 -------- dc----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3
2009-09-12 04:58 . 2009-09-13 04:00 -------- d-----w- c:\program files\Alawar
2009-09-10 16:43 . 2009-09-12 04:47 -------- d-----w- c:\program files\Farm Frenzy
2009-09-07 21:21 . 2009-09-07 21:21 -------- d-----w- c:\documents and settings\Owner\Application Data\DivoGames
2009-09-07 20:58 . 2009-09-07 20:58 -------- d-----w- c:\program files\Be Richer
2009-09-07 20:54 . 2009-09-07 20:54 -------- d-----w- c:\windows\Be Richer
2009-09-05 19:20 . 2009-09-05 19:20 -------- d-----w- c:\program files\Zylom Games
2009-09-05 18:01 . 2009-09-06 01:59 -------- d-----w- c:\program files\RealArcade
2009-09-04 16:04 . 2009-09-04 16:04 -------- dc----w- C:\_OTL
2009-09-04 06:00 . 2009-09-24 06:54 -------- d-----w- C:\DCE
2009-09-04 05:46 . 2009-09-04 05:46 -------- dc----w- C:\ERDNT
2009-09-04 05:46 . 2009-09-04 05:46 -------- d-----w- c:\windows\ERUNT
2009-09-04 05:46 . 2009-09-04 05:46 -------- dc----w- C:\!FixIEDef
2009-09-02 05:50 . 2009-09-02 05:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-31 16:46 . 2009-09-03 16:45 -------- d-----w- c:\program files\Iceblast
2009-08-31 01:47 . 2009-08-31 01:55 -------- dc----w- C:\Combo-Fix
2009-08-31 01:31 . 2009-09-19 20:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-30 22:46 . 2009-08-30 22:46 -------- d-----w- c:\program files\Lavalys
2009-08-30 22:03 . 2009-08-30 22:03 -------- d-----w- c:\documents and settings\Owner\DoctorWeb
2009-08-29 23:27 . 2009-09-02 05:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-29 23:01 . 2009-08-29 23:01 -------- dc----w- C:\comment.htt
2009-08-29 21:36 . 2009-08-29 23:03 -------- d--h--w- c:\documents and settings\Owner\Recent(2)
2009-08-29 21:32 . 2009-08-29 21:32 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2009-08-29 04:57 . 2009-08-29 16:34 -------- d-----w- c:\program files\iWin.com
2009-08-29 04:54 . 2009-08-29 21:48 -------- d-----w- c:\program files\iWin Games
2009-08-28 23:13 . 2009-08-28 23:13 -------- d-----w- c:\documents and settings\Owner\Application Data\panoramik
2009-08-28 22:53 . 2009-09-21 17:44 -------- d-----w- c:\windows\8HPW4CJRY6ELT18G

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-26 20:24 . 2008-11-14 17:35 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-26 03:32 . 2007-08-22 02:54 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-25 17:57 . 2007-08-23 23:39 -------- dc----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-09-25 17:19 . 2007-08-23 04:09 -------- dc----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-09-25 17:19 . 2007-08-22 03:32 -------- d-----w- c:\documents and settings\Owner\Application Data\PlayFirst
2009-09-25 17:16 . 2007-08-23 23:39 -------- d-----w- c:\program files\bfgclient
2009-09-25 06:38 . 2007-10-18 22:52 -------- d-----w- c:\documents and settings\Owner\Application Data\funkitron
2009-09-23 07:57 . 2008-02-03 13:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-20 06:47 . 2008-11-28 21:52 -------- d-----w- c:\documents and settings\Owner\Application Data\GameInvest
2009-09-19 21:26 . 2008-12-16 19:27 -------- d-----w- c:\documents and settings\Owner\Application Data\McAfee
2009-09-18 07:05 . 2009-06-30 01:47 -------- dc----w- c:\documents and settings\All Users\Application Data\Merscom
2009-09-14 01:10 . 2008-12-29 19:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2009-09-13 22:21 . 2008-12-29 19:44 -------- d-----w- c:\program files\Vuze
2009-09-13 04:00 . 2009-02-18 19:30 -------- dc----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-09-06 01:58 . 2009-02-09 15:09 -------- d-----w- c:\program files\CCleaner
2009-09-05 21:28 . 2009-06-30 00:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Sprouts Adventure
2009-09-05 18:05 . 2007-09-13 00:55 -------- dc----w- c:\documents and settings\All Users\Application Data\HipSoft
2009-09-04 06:29 . 2009-04-18 20:30 -------- d-----w- c:\program files\UnHackMe
2009-09-02 05:55 . 2008-11-22 06:03 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-29 23:27 . 2009-03-11 06:36 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-08-29 23:03 . 2009-03-28 21:19 -------- d-----w- c:\program files\Mcam
2009-08-27 16:46 . 2009-08-27 15:50 -------- dc----w- c:\documents and settings\All Users\Application Data\game_fillup_v2_usa
2009-08-27 06:04 . 2009-08-27 06:04 -------- dc----w- c:\documents and settings\All Users\Application Data\fillup
2009-08-22 22:54 . 2009-02-21 02:09 -------- d-----w- c:\program files\7-Zip
2009-08-22 22:26 . 2008-01-01 19:26 -------- dc----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-08-22 22:25 . 2007-10-22 21:48 -------- d-----w- c:\program files\Yahoo! Games
2009-08-22 05:28 . 2007-08-19 18:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-21 05:16 . 2009-08-21 05:16 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-20 17:52 . 2007-08-19 18:27 -------- d-----w- c:\program files\EA GAMES
2009-08-16 05:35 . 2009-08-16 05:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Batovi
2009-08-15 19:29 . 2007-08-22 01:48 -------- d-----w- c:\program files\Google
2009-08-14 05:56 . 2008-02-02 01:59 -------- dc----w- c:\documents and settings\All Users\Application Data\iwin
2009-08-14 05:56 . 2007-12-05 01:55 -------- d-----w- c:\documents and settings\Owner\Application Data\iWin
2009-08-12 05:23 . 2009-08-11 15:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Babylonia
2009-08-10 14:54 . 2009-08-10 14:54 -------- d-----w- c:\documents and settings\Owner\Application Data\GraveyardShift
2009-08-09 00:37 . 2009-08-09 00:36 -------- dc----w- c:\documents and settings\All Users\Application Data\Protexis
2009-08-09 00:27 . 2007-11-10 01:01 -------- d-----w- c:\program files\GamesBar
2009-08-09 00:25 . 2008-12-14 07:51 -------- d-----w- c:\documents and settings\Owner\Application Data\CaribbeanHideaway
2009-08-09 00:13 . 2009-08-09 00:13 -------- dc----w- c:\documents and settings\All Users\Application Data\Oberon Media
2009-08-08 23:07 . 2009-08-08 23:07 -------- dc----w- c:\documents and settings\All Users\Application Data\Candy Factory
2009-08-08 23:06 . 2009-08-08 23:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Oberon Media
2009-08-08 23:04 . 2009-08-08 23:04 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-08-06 05:24 . 2009-07-25 02:47 49 ----a-w- c:\windows\popcinfot.dat
2009-08-06 05:18 . 2009-03-28 18:40 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 05:50 . 2009-08-04 05:50 -------- dc----w- c:\documents and settings\All Users\Application Data\RealArcade
2009-08-03 17:29 . 2009-08-03 17:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Genimo
2009-08-03 05:16 . 2009-08-03 05:16 -------- d-----w- c:\documents and settings\Owner\Application Data\BigFishGames
2009-08-03 04:09 . 2009-08-03 04:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Reflexive
2009-08-03 03:03 . 2009-08-03 03:03 -------- d-----w- c:\documents and settings\Owner\Application Data\RealArcade
2009-08-02 19:49 . 2009-08-02 19:28 -------- dc----w- c:\documents and settings\All Users\Application Data\Pony-World-Deluxe
2009-08-01 04:55 . 2009-08-01 04:55 -------- dc----w- c:\documents and settings\All Users\Application Data\GoBit Games
2009-07-31 16:25 . 2009-06-14 17:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Aveyond 3
2009-07-30 04:58 . 2009-07-30 04:56 -------- dc----w- c:\documents and settings\All Users\Application Data\DreamFarm
2009-07-29 17:00 . 2009-07-29 17:00 -------- dc----w- c:\documents and settings\All Users\Application Data\CasualForge
2009-07-29 17:00 . 2009-07-29 17:00 -------- d-----w- c:\documents and settings\Owner\Application Data\CasualForge
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 01:08 . 2007-08-24 14:50 13888 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 17:09 . 2004-08-04 12:00 915456 ------w- c:\windows\system32\wininet.dll
2007-09-27 01:10 . 2007-09-27 01:11 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-04-18 20:31 . 2009-04-18 20:31 2 --shatr- c:\windows\winstart.bat
2002-07-31 23:55 . 2007-10-11 02:23 102 -csh--w- c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((( SnapShot@2009-09-22_07.04.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-11 19:52 . 2009-09-25 06:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-11 19:52 . 2009-09-20 20:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-11 19:52 . 2009-09-25 06:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-07-11 19:52 . 2009-09-20 20:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-09-19 21:21 . 2009-09-20 20:02 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-09-19 21:21 . 2009-09-25 06:23 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2007-07-11 19:52 . 2009-09-20 20:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-24 18:07 . 2009-09-25 06:23 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2002-03-19 21:30 . 2002-03-19 21:30 177152 c:\windows\system32\tweakui.exe
- 2004-08-04 12:00 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-04 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2007-07-11 19:45 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
- 2007-07-11 19:45 . 2008-04-14 00:12 153088 c:\windows\system32\dllcache\triedit.dll
- 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-09-24 06:55 . 2009-09-24 06:55 304640 c:\windows\Installer\2cb8c0f.msi
+ 2009-09-23 07:19 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-23 07:19 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-23 07:19 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-03-26 17:47 . 2009-09-24 06:54 364572 c:\windows\Downloaded Installations\Tweakui Powertoy for Windows XP.msi
- 2009-03-26 17:47 . 2009-03-26 17:47 364572 c:\windows\Downloaded Installations\Tweakui Powertoy for Windows XP.msi
+ 2004-08-04 12:00 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll
- 2004-08-04 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-04 12:00 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
- 2004-08-04 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-03-28 22:25 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe
+ 2009-09-23 07:20 . 2009-09-23 07:20 15709696 c:\windows\Installer\1337e9.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 16:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2003-06-19 548864]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^H3 The Shadow of Death™.lnk]
backup=c:\windows\pss\H3 The Shadow of Death™.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MostFun.lnk]
backup=c:\windows\pss\MostFun.lnkStartup
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MostFun.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"TomTomHOMEService"=2 (0x2)
"iWinTrusted"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 prohlp01;StarForce Protection Helper Driver v1;c:\windows\system32\drivers\prohlp01.sys [12/26/2002 10:20 AM 61728]
R1 prodrv05;StarForce Protection Environment Driver v5;c:\windows\system32\drivers\prodrv05.sys [12/26/2002 10:14 AM 53568]
R3 als4k;Avance Wave Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys [3/6/2000 09:59 AM 25658]
R3 ALS4KMF;ALS4KMF;c:\windows\system32\drivers\mf.sys [8/3/2004 07:07 PM 63744]
R3 alsgame;Gameport for ALS4000 (WDM);c:\windows\system32\drivers\alsgame.sys [2/24/2000 04:45 PM 10012]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 12:49 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 12:49 AM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 09:18 PM 23680]
S3 nenum13E;nenum13E;\??\c:\docume~1\Owner\LOCALS~1\Temp\nenum13E.sys --> c:\docume~1\Owner\LOCALS~1\Temp\nenum13E.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [4/18/2009 04:31 PM 34760]
S4 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [7/9/2009 04:21 PM 78104]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 11:05 AM 92008]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2009-09-26 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pupvatsk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={D89E47D3-B546-7880-3696-88E2B380E303}&q=
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pupvatsk.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-26 16:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-764733703-1343024091-1003\Software\SecuROM\License information*]
"datasecu"=hex:2c,a2,2d,68,1e,b2,83,4e,59,87,76,cc,7a,eb,e3,ed,df,4c,01,7f,5f,
1d,ab,dc,a3,89,a1,71,da,31,4c,86,b9,c9,0b,ff,5a,1d,62,7e,1e,08,4b,20,9f,84,\
"rkeysecu"=hex:4e,08,d7,a7,f2,8b,42,cc,8b,e5,07,42,1d,98,f2,b3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1436)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-26 16:45
ComboFix-quarantined-files.txt 2009-09-26 20:45
ComboFix2.txt 2009-09-22 17:00
ComboFix3.txt 2009-09-22 07:09

Pre-Run: 21,086,351,360 bytes free
Post-Run: 21,171,171,328 bytes free

319 --- E O F --- 2009-09-23 07:24

#65 Maurice Naggar

Maurice Naggar

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,598 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 26 September 2009 - 08:08 PM

It was not intended that your run a full Combofix run; just only get the Recovery Console installed. That is installed.

You really need to use Recovery Console to then run FIXMBR.
Tell me if you have a Windows XP operating system CD that came with pc (not an OEM recovery disc)

Otherwise, tell me if pc has an internal diskette drive

We must be able to somehow manage to run fixmbr. Failing that you will re-face the situation of having to wipe system clean and start from scratch by loading Windows as a fresh (new) install.

Let me suggest you backup your personal files, documents, etc to CD/DVD/ USB external drive now.
Maurice Naggar
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#66 ghettogirll

ghettogirll

    New Member

  • Members
  • Pip
  • 46 posts
  • Gender:Female

Posted 26 September 2009 - 09:09 PM

I do have the windows xp cd...i just need to locate it.

#67 Maurice Naggar

Maurice Naggar

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,598 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 27 September 2009 - 10:43 AM

You must locate your Windows XP operating system CD.
You will need to get to Recovery Console so that then you can run FIXMBR.
Fixmbr repairs the master boot record of the boot disk and is only available in the Recovery Console.

To get to the XP Recovery Console:
Set pc BIOS boot sequence to boot first from CDROM. Boot from XP CD. Get into Recovery Console. It is the second option line on the XP CD main menu:
it will say (on screen Welcome To Setup) :
"To repair a Windows XP installation using "Recovery Console" press R . Select that.

Select your Windows XP partition by number. The remainder of the steps are listed under Step 3 in my next to last reply.

Do that and the steps 4 thru 6 and the reports.
Maurice Naggar
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#68 ghettogirll

ghettogirll

    New Member

  • Members
  • Pip
  • 46 posts
  • Gender:Female

Posted 29 September 2009 - 12:10 AM

Alrighty, I was able to get into recovery console via my windows cd. I did all of the steps outlined and here is the rundown.

Mbam.log....


Malwarebytes' Anti-Malware 1.41
Database version: 2868
Windows 5.1.2600 Service Pack 3

9/28/2009 02:11:56 PM
mbam-log-2009-09-28 (14-11-56).txt

Scan type: Quick Scan
Objects scanned: 105828
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


gmer.log.....


GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-28 14:27:28
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfayypob.sys


---- System - GMER 1.0.15 ----

SSDT F8D9DAE6 ZwCreateKey
SSDT F8D9DADC ZwCreateThread
SSDT F8D9DAEB ZwDeleteKey
SSDT F8D9DAF5 ZwDeleteValueKey
SSDT spuy.sys ZwEnumerateKey [0xF8673CA4]
SSDT spuy.sys ZwEnumerateValueKey [0xF8674032]
SSDT F8D9DAFA ZwLoadKey
SSDT spuy.sys ZwOpenKey [0xF86550C0]
SSDT F8D9DAC8 ZwOpenProcess
SSDT F8D9DACD ZwOpenThread
SSDT spuy.sys ZwQueryKey [0xF867410A]
SSDT spuy.sys ZwQueryValueKey [0xF8673F8A]
SSDT F8D9DB04 ZwReplaceKey
SSDT F8D9DAFF ZwRestoreKey
SSDT F8D9DAF0 ZwSetValueKey
SSDT F8D9DAD7 ZwTerminateProcess

INT 0x39 ? 830E4BF8
INT 0x39 ? 830E4BF8
INT 0x3E ? 83370BF8
INT 0x3F ? 83370BF8

---- Kernel code sections - GMER 1.0.15 ----

? spuy.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F7DD98AC 5 Bytes JMP 830E41D8

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[384] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 833722D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8686C4C] spuy.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8686CA0] spuy.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8656042] spuy.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F865613E] spuy.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F86560C0] spuy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8656800] spuy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F86566D6] spuy.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8665E9C] spuy.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 830E42D8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8336F1F8
Device \FileSystem\Fastfat \FatCdrom 832211F8
Device \Driver\usbuhci \Device\USBPDO-0 830E31F8
Device \Driver\usbuhci \Device\USBPDO-1 830E31F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x80 0x43 0x1A ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x80 0x43 0x1A ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----


checkup.log....


Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Avira updated!
``````````````````````````````
Anti-malware/Other Utilities Check:
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 11
Java™ 6 Update 2
Java™ 6 Update 3
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.6
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

#69 Maurice Naggar

Maurice Naggar

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,598 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 30 September 2009 - 09:53 PM

ghettogirll:

Do you see the 63 lines in the Gmer look that look like these
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

The system has a very stubborn mbr infection and your system is still at risk. If it is not cured, I'll have to re-advise to wipe the system and start from scratch.
This infection is why I advise against doing anything online.

========================================================
Make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
========================================================

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


Use Start button, select RUN then type in 
cmd
in the command prompt window, Copy and Paste the following 
C:\Documents and Settings\Owner\Desktop\mbr.exe -f

After mbr has finished, close the command prompt window.
There should be a mbr.log on the desktop. Copy and paste its contents in next reply.


Download and save to your Dekstop: PrevX CSI: http://www.prevx.com/freescan.asp

Run Prevx CSI.
If it wants to reboot when finished, do so. Let me know what it finds.

Then do a new GMER run.


Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with mbr.log
Prevx CSI log if you can
the Gmer log
Maurice Naggar
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#70 ghettogirll

ghettogirll

    New Member

  • Members
  • Pip
  • 46 posts
  • Gender:Female

Posted 02 October 2009 - 12:12 AM

I did as u said with MBR and it did not give me a log. It said something along the lines of device: opened successfully user: MBR read successfully kernel: read successfully user & kernel MBR ok. But did not give a log.

PrevX also did not give me a log. However, it detected 2 threats, 1 malware and 1 adware. The latter I was able to remove but the malware I need a license to remove it. The malware it detected was Inherit.exe and the Adware it detected & removed was win32kdiag.exe.

Have not ran gmer yet, will do that right now then reply with log.

#71 ghettogirll

ghettogirll

    New Member

  • Members
  • Pip
  • 46 posts
  • Gender:Female

Posted 02 October 2009 - 12:34 AM

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-02 01:31:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfayypob.sys


---- System - GMER 1.0.15 ----

SSDT F8DE96AE ZwCreateKey
SSDT F8DE96A4 ZwCreateThread
SSDT F8DE96B3 ZwDeleteKey
SSDT F8DE96BD ZwDeleteValueKey
SSDT spgu.sys ZwEnumerateKey [0xF8673CA4]
SSDT spgu.sys ZwEnumerateValueKey [0xF8674032]
SSDT F8DE96C2 ZwLoadKey
SSDT spgu.sys ZwOpenKey [0xF86550C0]
SSDT F8DE9690 ZwOpenProcess
SSDT F8DE9695 ZwOpenThread
SSDT spgu.sys ZwQueryKey [0xF867410A]
SSDT spgu.sys ZwQueryValueKey [0xF8673F8A]
SSDT F8DE96CC ZwReplaceKey
SSDT F8DE96C7 ZwRestoreKey
SSDT F8DE96B8 ZwSetValueKey
SSDT \SystemRoot\System32\drivers\pxsec.sys (Prevx Realtime Analysis/Prevx) ZwTerminateProcess [0xB9BAB680]

INT 0x39 ? 830D0BF8
INT 0x39 ? 830D0BF8
INT 0x3E ? 83370BF8
INT 0x3F ? 83370BF8

---- Kernel code sections - GMER 1.0.15 ----

? spgu.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F7DEA8AC 5 Bytes JMP 830D01D8
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[304] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 833722D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8686C4C] spgu.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8686CA0] spgu.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8656042] spgu.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F865613E] spgu.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F86560C0] spgu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8656800] spgu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F86566D6] spgu.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8665E9C] spgu.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 830D02D8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8336F1F8
Device \FileSystem\Fastfat \FatCdrom 830F01F8
Device \Driver\usbuhci \Device\USBPDO-0 83179500
Device \Driver\usbuhci \Device\USBPDO-1 83179500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x80 0x43 0x1A ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x80 0x43 0x1A ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----


I do see all of the MBR's and if I must wipe the slate clean then I guess it is what it is and I gotta do what I gotta do lol.

#72 Maurice Naggar

Maurice Naggar

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,598 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 03 October 2009 - 05:22 AM

I'm going to suggest you download and SAVE, then run a driver removal tool.
Download and save Starforce driver removal tool from here http://onlinesecurit...s/sfcdrvrem.zip

Extract the contents of the zip file
Then run sfdrvrem.exe

Step #2:
Reboot your machine , watch carefully and be ready at keyboard and when you get to the Boot Menu, select "Microsoft Windows Recovery Console"
Use the UP or DOWN arrow to highlight and select Recovery Console and press ENTER

Posted Image

When you get to the above screen, take note the number that references your operating system. If it's '1' like the picture above, type 1 and press Enter

Posted Image

Next type FIXMBR and press ENTER key

Posted Image

If it ask if you're sure you want to write a new MBR, answer 'Y'
Then type EXIT to reboot the machine.

Keep detail notes on the fixmbr run and tell me how it went.

<Credit sUBs for the above directions and snapshot graphics>
=

Step #3:

In Windows normal mode, do a new run of DDS.
Disable any script blocker if your antivirus/antimalware has it.
Then double click dds.scr to run the tool.
DDS will run in a command prompt window and will take 3 to 4 minutes or so.
  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.
Re-enable what you disabled just earlier.
Reply with copy of just the DDS.txt
( I do not need Attach.txt )
Maurice Naggar
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#73 ghettogirll

ghettogirll

    New Member

  • Members
  • Pip
  • 46 posts
  • Gender:Female

Posted 03 October 2009 - 05:43 PM

I still cannot access my recovery console. Still saying NTLDR is compressed. Press Ctrl+Alt+Del to restart. And gives me no other options other than restarting.

#74 Maurice Naggar

Maurice Naggar

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,598 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 04 October 2009 - 07:22 AM

Do the steps to get a new DDS report. Just need DDS.txt
Also, refresh my now-non-existent recall, Did you find your Windows o.s. CD?
Maurice Naggar
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#75 ghettogirll

ghettogirll

    New Member

  • Members
  • Pip
  • 46 posts
  • Gender:Female

Posted 04 October 2009 - 04:04 PM

Yes, I found my windows cd. And here is the dds report.txt



DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 17:02:32.06 on Sun 10/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.157 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Prevx\prevx.exe
C:\Documents and Settings\Owner\Desktop\cleaning prog 2\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.1.3)_Gecko/20090824_Firefox/3.5.3_GTB5_(.NET_CLR_3.5.30729)_FBSMTWB" -"http://www.shegame.com/view/9625/Pebbles-Big-Barney-Chase"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [nwiz] nwiz.exe /install
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Sunshine%20Acres/Images/stg_drm.ocx
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184185348947
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Heartwild%20Solitaire/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\pupvatsk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pupvatsk.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-10-2 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-10-2 27656]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-26 11608]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-28 55656]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-10-2 4368952]
R3 als4k;Avance Wave Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys [2000-3-6 25658]
R3 ALS4KMF;ALS4KMF;c:\windows\system32\drivers\mf.sys [2004-8-3 63744]
R3 alsgame;Gameport for ALS4000 (WDM);c:\windows\system32\drivers\alsgame.sys [2000-2-24 10012]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 mbr;mbr;\??\c:\docume~1\owner\locals~1\temp\mbr.sys --> c:\docume~1\owner\locals~1\temp\mbr.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 nenum13E;nenum13E;\??\c:\docume~1\owner\locals~1\temp\nenum13e.sys --> c:\docume~1\owner\locals~1\temp\nenum13E.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-4-18 34760]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-26 108289]
S4 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-26 185089]
S4 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-7-9 78104]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-02 00:52 27,656 a------- c:\windows\system32\drivers\pxsec.sys
2009-10-02 00:52 22,024 a------- c:\windows\system32\drivers\pxscan.sys
2009-10-02 00:52 <DIR> --d----- c:\program files\Prevx
2009-10-02 00:52 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-09-26 17:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Avira
2009-09-26 17:31 <DIR> --d----- c:\program files\Avira
2009-09-26 16:30 <DIR> -cd----- C:\Combo-Fix24184C
2009-09-22 13:31 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 13:31 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-22 13:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 23:04 <DIR> --d----- c:\program files\Funkitron
2009-09-16 14:19 <DIR> --d----- c:\program files\ESET
2009-09-16 13:45 <DIR> --d----- c:\docume~1\owner\applic~1\Merscom
2009-09-15 13:19 <DIR> --d----- c:\docume~1\owner\applic~1\Once Upon a Time in Chicago
2009-09-15 13:19 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Once Upon a Time in Chicago
2009-09-13 18:20 <DIR> --d----- c:\program files\AskBarDis
2009-09-13 13:44 <DIR> --d----- c:\docume~1\owner\applic~1\Sanna
2009-09-13 13:38 <DIR> --d----- c:\windows\The Legend of Sanna - Rise of a Great Colony
2009-09-13 13:38 <DIR> --d----- c:\program files\The Legend of Sanna - Rise of a Great Colony
2009-09-12 01:00 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\FarmFrenzy3
2009-09-12 00:58 <DIR> --d----- c:\program files\Alawar
2009-09-10 12:43 <DIR> --d----- c:\program files\Farm Frenzy
2009-09-07 17:21 <DIR> --d----- c:\docume~1\owner\applic~1\DivoGames
2009-09-07 16:58 <DIR> --d----- c:\program files\Be Richer
2009-09-07 16:54 <DIR> --d----- c:\windows\Be Richer
2009-09-05 15:20 <DIR> --d----- c:\program files\Zylom Games
2009-09-05 14:01 <DIR> --d----- c:\program files\RealArcade

==================== Find3M ====================

2009-09-27 14:59 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-14 02:12 229,888 a------- c:\windows\PEV.exe
2009-08-21 01:16 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2007-12-10 16:19 32 ac---r-- c:\documents and settings\all users\hash.dat
2007-10-30 18:38 110 ac------ c:\docume~1\alluse~1\applic~1\MostFunGameId.bin
2007-09-26 21:10 774,144 a------- c:\program files\RngInterstitial.dll
2009-04-18 16:31 2 a--shrot c:\windows\winstart.bat
2002-07-31 19:55 102 -c-sh--- c:\windows\WSYS049.SYS

============= FINISH: 17:03:21.39 ===============

#76 Maurice Naggar

Maurice Naggar

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,598 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 05 October 2009 - 08:38 PM

Please do the following things. They won't take a whole lot of time altogether.
Step1
Make sure first to close and save any open work documents/files you may have open.
  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
c:\Documents and settings\owner\Local Settings\temp\mbr.sys
c:\Documents and settings\owner\Local Settings\temp\nenum13e.sys
c:\Documents and settings\owner\Local Settings\temp\*.sys
c:\Documents and settings\owner\Local Settings\temp\*.exe
C:\recycler
D:\recycler
e:\recycler
f:\recycler
g:\recycler
h:\recycler

:Commands
[purity]
[emptytemp]
[reboot]

  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.

  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

=

Step 2
One quick scan with updated MBAM

Temporarily disable your Avira Antivirus (before & while MBAM runs)
Do NOT disable the firewall. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.
At this time of posting, the current definitions are # 2911.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

=

Step 3
Re-enable your Avira Antivirus.

De-install your Adobe Reader: Use Control Panel's Add-Remove programs, Remove Adobe Reader. Get the latest version from http://www.adobe.com.../readstep2.html

Step 4
Posted Image See this topic in the AumHa Security forum and get the latest Java run-time
http://aumha.net/vie...hp?f=26&t=41698

Step 5
Go to Control Panel, then select Add-or-Remove Programs. De-install PREVX
and also Eset Online scan.
Exit Control Panel.

Step 6
Next, a new run of OTL
Locate the OTL.exe on your Destop

Double-click OTL.exe Posted Image to start it.

Look at the upper left of window. Press the pink color Quick Scan button.
Have patience while it runs.
It will produce a new log. Save it.

Copy and paste back here a copy of the OTL MovedFiles log from 1st step
latest MBAM scan log
new OTL.txt (from last stesp)
and tell me, How is your system now ?
Maurice Naggar
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#77 ghettogirll

ghettogirll

    New Member

  • Members
  • Pip
  • 46 posts
  • Gender:Female

Posted 06 October 2009 - 03:33 AM

first otl scan log....


OTL logfile created on: 10/6/2009 04:24:45 AM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.46 Mb Total Physical Memory | 243.02 Mb Available Physical Memory | 47.51% Memory free
1.22 Gb Paging File | 0.99 Gb Available in Paging File | 80.90% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 18.71 Gb Free Space | 25.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-F7A85A315
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/06 03:42:32 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/10/06 03:42:29 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/10/06 04:13:53 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/10/06 04:13:54 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/06 02:54:01 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/06 03:42:32 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/10/06 03:42:29 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/08/22 18:50:47 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])
SRV - [2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/09/02 13:30:28 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted [Disabled | Stopped])
SRV - [2009/10/06 04:13:53 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Stopped])
SRV - [2009/08/27 11:05:04 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService [Disabled | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:3.0.31.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090122Wb2
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0848}:1.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.5
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090918
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={D89E47D3-B546-7880-3696-88E2B380E303}&q="
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.enabled: true
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={D89E47D3-B546-7880-3696-88E2B380E303}&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 14:28:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\Program Files\iWin Games\firefox\ [2009/10/05 00:35:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/17 15:31:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/13 18:20:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/06 03:45:39 | 00,000,000 | ---D | M]

[2009/06/24 22:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2009/02/13 20:49:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/24 22:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\home2@tomtom.com
[2009/10/06 04:18:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions
[2009/07/02 13:38:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/11 02:07:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/13 15:15:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/25 12:04:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{7254fdcb-083f-4626-956e-addd7989d7fe}
[2009/09/23 12:31:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/06/30 20:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/08/14 00:46:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/06 03:37:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/09/13 18:20:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/09/12 21:49:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\2020Player@2020Technologies.com
[2009/10/03 18:34:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pupvatsk.default\extensions\personas@christopher.beard
[2007/10/25 10:46:32 | 00,004,946 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\pupvatsk.default\searchplugins\comcast.xml
[2009/02/17 08:52:56 | 00,000,874 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\pupvatsk.default\searchplugins\conduit.xml
[2009/10/06 04:18:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/11 18:01:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/06 04:14:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/04 12:20:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\npmozax@real.com
[2009/09/11 18:01:39 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/11 18:01:40 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/10/06 04:13:55 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/11 18:01:42 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/03/30 17:13:54 | 00,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2009/07/02 11:19:28 | 00,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2009/09/23 16:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/07/30 03:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 03:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 03:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 03:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/30 02:03:27 | 00,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/08/30 02:03:27 | 00,001,962 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2009/07/30 03:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 03:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 03:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 530 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Sunshine%20Acres/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1184185348947 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Heartwild%20Solitaire/Images/armhelper.ocx (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/11 15:48:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/29 19:01:44 | 00,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/06 03:27:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/10/06 03:37:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/10/05 00:39:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2009/10/06 03:43:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/10/06 03:41:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/09/26 17:31:22 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/10/05 00:35:18 | 00,000,000 | ---D | C] -- C:\Program Files\iWin Games
[2009/09/22 13:31:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/06 03:27:58 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/10/06 03:27:58 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/10/06 03:27:58 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/10/06 03:27:57 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/10/06 02:55:14 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/02 00:51:56 | 00,787,000 | ---- | C] (Prevx) -- C:\Documents and Settings\Owner\Desktop\PREVXCSIFREE.EXE
[2009/10/01 14:10:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sent to phone
[2009/10/01 14:10:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tez's mp3 files
[2009/10/01 11:45:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\dee's mp3 files
[2009/09/26 16:45:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/09/26 16:30:04 | 00,000,000 | ---D | C] -- C:\Combo-Fix24184C
[2009/09/25 02:38:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Slingo Mystery Documents
[2009/09/24 03:00:39 | 17,566,488 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\drweb-cureit.exe
[2009/09/23 12:33:44 | 01,304,576 | ---- | C] (Norman ASA) -- C:\Documents and Settings\Owner\Desktop\Norman_Sinowal_Cleaner.exe
[2009/09/22 13:31:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/22 13:31:52 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/22 13:31:21 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mymcam-setup.exe
[2007/09/26 21:11:01 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 14 Days ==========

[2009/10/06 04:17:09 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/06 04:16:54 | 00,198,222 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/06 04:16:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/06 04:16:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/06 03:42:33 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/10/06 03:42:33 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/10/06 03:42:33 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/10/06 03:32:27 | 00,001,122 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/06 03:32:27 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/06 03:32:26 | 00,000,261 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/06 03:28:22 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/10/06 02:54:01 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/10/05 00:36:41 | 00,001,573 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play iWin Games.lnk
[2009/10/05 00:03:00 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2009/10/03 19:30:35 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/03 18:36:43 | 00,150,181 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sfcdrvrem.zip
[2009/10/02 00:52:10 | 00,000,680 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/02 00:51:57 | 00,787,000 | ---- | M] (Prevx) -- C:\Documents and Settings\Owner\Desktop\PREVXCSIFREE.EXE
[2009/10/01 11:50:13 | 04,321,272 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/09/26 16:29:27 | 03,321,356 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2009/09/25 13:16:57 | 00,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play My Games.lnk
[2009/09/24 03:48:09 | 01,296,288 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Owner\Desktop\DMSetup-Serial.exe
[2009/09/24 03:01:21 | 17,566,488 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\drweb-cureit.exe
[2009/09/23 13:49:05 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/23 12:33:45 | 01,304,576 | ---- | M] (Norman ASA) -- C:\Documents and Settings\Owner\Desktop\Norman_Sinowal_Cleaner.exe
[2009/09/22 13:31:57 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/22 13:31:22 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mymcam-setup.exe

========== Files - No Company Name ==========
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\jasusuje
[2009/10/06 03:28:22 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/10/03 18:36:42 | 00,150,181 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sfcdrvrem.zip
[2009/09/25 13:16:57 | 00,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play My Games.lnk
[2009/09/22 13:31:57 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/22 12:46:28 | 03,321,356 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2009/07/04 12:30:35 | 00,007,907 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/24 22:16:30 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\.mpid
[2007/10/30 18:38:28 | 00,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
[2007/10/30 15:58:05 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/09/18 20:19:42 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/26 20:59:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AVSDVDPlayer.m3u
[2007/08/24 10:51:05 | 00,002,948 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/24 10:50:58 | 00,013,888 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/07/11 16:16:59 | 04,321,272 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2007/07/11 15:58:06 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2007/07/11 11:36:53 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== LOP Check ==========

[2009/10/06 04:24:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/23 16:09:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
[2009/03/11 03:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3rd Eye Solutions
[2009/02/07 19:36:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2009/09/13 00:00:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2009/02/09 13:29:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ApeZone
[2007/08/27 20:15:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2008/12/29 15:45:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/02/20 22:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games Vancouver
[2009/04/01 00:47:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Black Blob Studios
[2009/01/03 13:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2007/07/11 17:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/08/08 19:07:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Candy Factory
[2009/07/29 13:00:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge
[2009/07/24 17:35:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames
[2009/07/30 00:58:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DreamFarm
[2009/01/20 23:14:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2008/02/02 13:32:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2009/01/03 00:47:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2007/09/15 23:38:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2008/12/29 16:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2009/06/14 14:40:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2009/01/17 06:07:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2009/09/12 01:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2009/02/19 21:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2008/11/24 00:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
[2009/08/27 02:04:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fillup
[2007/11/22 12:23:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FireGlow
[2008/11/15 16:05:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2009/09/27 15:18:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/08/27 12:46:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\game_fillup_v2_usa
[2008/11/17 00:24:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/01/31 21:41:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2009/08/01 00:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2009/03/02 19:49:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2007/12/07 19:19:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2007/12/27 19:36:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2009/09/05 14:05:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/02/15 00:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
[2009/04/13 14:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/08/14 01:56:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iwin
[2009/01/20 23:29:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2007/09/16 14:01:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008/01/21 21:54:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kayo Games
[2007/10/03 20:11:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive
[2008/11/17 01:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/09/18 03:05:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/02/16 02:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/11/28 19:02:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mushroom Age
[2008/11/18 04:15:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2007/10/27 12:40:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2007/12/31 16:55:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NannyMania
[2008/12/14 18:46:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2008/12/06 19:34:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2008/01/18 18:39:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2009/08/08 20:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/09/15 13:19:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Once Upon a Time in Chicago
[2008/12/27 23:53:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
[2008/11/15 06:10:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/09/25 13:19:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/12/22 21:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playfirst Ashtons Family Resort
[2008/12/20 14:55:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2007/12/19 17:19:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playtonium Games
[2009/08/02 15:49:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pony-World-Deluxe
[2009/07/24 19:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/01/23 16:21:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rumbic Studio
[2009/07/14 14:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/01/13 23:34:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shockwave
[2009/05/16 01:35:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games
[2009/03/15 21:23:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sortasoft
[2007/09/09 19:26:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/09/05 17:28:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure
[2009/01/24 12:51:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2009/10/05 00:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2009/10/05 01:41:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/11/03 20:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThwartPoker Software
[2009/04/19 16:04:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
[2009/06/24 22:35:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2007/08/22 22:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/06/23 18:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2009/10/01 01:09:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/11/18 13:30:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm
[2009/08/22 18:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/09/05 19:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/02/09 19:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2007/12/01 11:32:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/12/20 12:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/09/22 03:01:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data
[2009/06/23 22:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3Stars
[2007/10/12 20:55:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Abra Academy2
[2008/12/13 23:58:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AlterLab
[2008/11/14 03:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ArcadeTown_Janes_Realty
[2007/08/28 21:00:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Avernum 4 Saved Games
[2009/07/31 12:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond 3
[2007/12/23 01:54:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond II
[2008/05/28 19:07:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVSMedia
[2009/10/05 01:43:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2009/08/12 01:23:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Babylonia
[2009/08/16 01:35:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Batovi
[2009/03/25 13:07:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish
[2009/06/29 15:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitZipper
[2009/06/20 01:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BlamGames
[2009/01/03 13:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\blg
[2008/01/03 19:02:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bloom
[2009/03/12 03:29:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boolat Games
[2009/04/13 13:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap
[2009/07/03 15:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Camel101
[2009/08/08 20:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CaribbeanHideaway
[2009/07/29 13:00:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CasualForge
[2008/12/14 19:58:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CatmoonGames
[2008/12/22 15:35:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cat's Eye Games
[2007/10/04 18:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ColorTrail
[2009/09/07 17:21:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivoGames
[2009/02/15 22:21:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dreamsdwell Stories
[2007/08/25 22:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EA
[2009/01/03 00:46:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eGames
[2009/07/24 17:26:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EleFun Games
[2009/05/10 17:15:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enchanted Katya
[2009/07/16 11:10:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS G-Studio
[2009/05/11 01:56:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EternalEden
[2007/10/27 12:41:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Eyeblaster
[2009/01/08 20:49:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fabulous Finds
[2009/06/14 00:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Faerie Solitaire
[2008/12/18 01:53:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FarmerJane
[2008/11/19 02:09:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FirstColony
[2007/09/14 22:45:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles
[2009/01/19 16:43:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrimaStudio
[2009/09/25 02:38:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2007/10/09 20:43:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gaijin Ent
[2007/12/31 16:52:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameHouse
[2009/09/20 02:47:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameInvest
[2009/01/19 16:05:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamelab
[2008/12/10 14:25:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Games
[2009/08/03 13:29:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Genimo
[2009/06/30 01:18:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/02/18 19:42:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GOL_byHasbro
[2009/08/10 10:54:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GraveyardShift
[2009/03/18 23:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HamsterWarrior
[2009/06/09 00:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Hidden Island Data
[2008/08/13 01:31:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Home Sweet Home
[2009/06/24 18:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Home Sweet Home 2
[2008/12/13 18:39:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Home Sweet Home Christmas
[2009/05/27 20:14:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HuruBeachParty
[2007/09/28 21:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICQ
[2009/01/22 13:55:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IGN_DLM
[2007/09/22 19:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Incredible Ink
[2009/04/15 02:57:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iolo
[2008/12/28 16:37:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IOMediaSupport6SZZ001s
[2009/08/14 01:56:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2007/12/07 20:22:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWinArcade
[2007/09/23 20:49:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Hotel
[2008/12/19 01:34:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Hotel Family Hero
[2008/12/17 18:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LaxiusForce
[2007/10/06 14:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Legends of pirates
[2009/04/13 14:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2009/01/17 13:46:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lionhead Studios
[2008/11/17 01:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2007/09/03 14:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Academy
[2008/01/12 23:41:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Seeds
[2008/12/21 22:30:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Stones
[2007/11/11 20:35:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicStonesY
[2009/07/21 01:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MegaplexMadnessSummerBlockbuster
[2009/07/15 23:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Meridian93
[2009/09/18 03:05:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Merscom
[2007/08/21 23:32:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mind Control Software
[2009/01/27 18:12:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mousechief
[2008/12/31 17:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Move Networks
[2009/02/10 13:57:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2008/01/18 18:39:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oberon Games
[2009/08/08 19:06:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oberon Media
[2007/08/23 21:07:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ohana Games
[2009/09/15 13:20:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Once Upon a Time in Chicago
[2009/08/28 19:13:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\panoramik
[2009/07/19 16:14:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Peace Craft
[2008/11/24 22:39:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PetShowCraze
[2009/09/25 13:19:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2008/12/22 21:47:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Playfirst Ashtons Family Resort
[2009/07/17 20:40:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Playrix Entertainment
[2009/01/27 03:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2009/08/03 00:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Reflexive
[2009/06/29 18:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RenPy
[2009/01/24 11:37:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RobinsonCrusoe
[2009/05/08 00:46:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RobinsonCrusoeOM
[2007/10/20 16:05:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sandlot Games
[2009/09/13 13:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sanna
[2009/03/16 18:28:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data\SecuROM
[2009/04/04 00:39:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shape games
[2009/04/04 22:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ShinyTales
[2008/12/17 20:12:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skip-Bo
[2009/04/26 00:32:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softplicity
[2009/03/15 21:23:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sortasoft
[2008/12/28 16:37:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spinapse
[2007/09/15 23:31:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop
[2007/12/19 18:56:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Super-Cow
[2008/12/28 16:37:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Suspects and Clues Players
[2008/12/28 16:37:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Suspects and Clues Prefs
[2009/02/13 16:46:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2007/12/04 21:47:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Teggo
[2009/05/26 13:52:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\The Flying Trapeezees
[2007/11/03 20:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ThwartPoker Software
[2009/04/19 16:04:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TikGames
[2009/06/24 22:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TomTom
[2009/02/24 23:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tropical Dream Underwater Odyssey
[2009/06/23 18:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\UClick
[2009/01/20 23:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/01/06 01:06:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2009/02/24 17:56:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\UNOUndercover
[2009/04/13 14:44:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/10/01 01:09:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Valusoft
[2009/01/30 14:18:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ViquaSoft
[2008/11/15 05:37:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2008/12/06 03:37:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2008/12/17 00:35:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\World-LooM
[2009/05/20 01:03:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YoudaGames
[2007/09/16 11:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Zen Puzzle Garden
[2007/10/20 17:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Zylom
[2009/08/20 07:27:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/05 00:03:00 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2009/10/06 04:16:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C012695
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AEA68EE
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB69CC19
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E945C214
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6FA1F20
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F800E5
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DAC1F7
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:407B2355
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:399441CC
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FA003F9
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DAD2FFA0
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:777A075D
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A37385A
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B812EE0
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1316EAD4
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C67CB31A
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A9AF3C7
@Alternate Data Stream - 772 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:627215B7
@Alternate Data Stream - 372 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A085469
@Alternate Data Stream - 349 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE13DA72
@Alternate Data Stream - 337 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AC3629F
@Alternate Data Stream - 334 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07557E0B
@Alternate Data Stream - 326 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7524F6CC
@Alternate Data Stream - 305 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C209D0BD
@Alternate Data Stream - 303 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B0B3D25
@Alternate Data Stream - 295 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09A9B355
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74A6F815
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFC41B39
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16B49C20
@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D9FEA32
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58D2A680
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F5F4781
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D532A897
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF510ADC
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:167A825D
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAC3589E
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3D0CDFE
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE187F5B
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CC8A9E4
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C0F3393
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27EEEB5C
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF39FA77
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDE7FCF4
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77423EAD
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55C54F7C
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:040E11E4
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC6614A4
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:322EAACD
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EDD6DE2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D05E7A8B
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:447AD91E
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B3D15A
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44B6B0E0
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF1334B0
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF1DFF11
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:622C7979
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A2ACE4B
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDEBC850
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38FFC456
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE524528
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC44AEB
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7CB87BE
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE67221
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FC5F43A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29058F8B
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AE67195
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAFB99F9
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B19CC382
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6347BFF4
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AC0C8F5
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18BFD8F8
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7843388
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CF56DF4
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FEFEAEF
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:554C6431
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A63A46
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19F08842
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB0256E7
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7920E530
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F12D5ED
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F41F8101
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB5BDBB0
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E71141D2
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8134D8F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B2EDA15
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CEDF9F3
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6CEC50B4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A908367
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294A5F28
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F44D3C53
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E84CA8F2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4F0E644
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78D5846B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E1F359F
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B86037F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB603FE4
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDD1277F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2D4B33E
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8AF0F0F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A696643D
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90453BDB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88C60511
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D50F3CE
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4363DE71
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FBE81670
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A988B257
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77CF9481
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A4BF204
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D890DD02
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B742A47D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D3A7233
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B403ABD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34FC1C45
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA408F93
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF0B4A17
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBDABFA2
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0C40A99
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75EC4D20
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71F96743
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD26134
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E3AF64
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E95997
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41289DF0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ADB6F65
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AB8D21A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:311F233A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01C1407E
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00E4A1FE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB601DB3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B517A2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AED4FFF5
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A71D3858
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:971DCCE2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70B3C619
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6331D24C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A463A25
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CCFEFB
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:247D483C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F344FCD5
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF794BCD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D885A57E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2865730
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95C6C67C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B51CAAE
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:880F0FEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:701AFF06
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6926830F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F51822D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54362937
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F50E80F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:425759C6
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24641E0D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EECBA6F
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A761C913
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2E5D510
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BA09728
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E8472D2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A4D7243
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDC41D2C
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAFE3041
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD874E14
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC483E8C
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95775248
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9485E512
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FB7A2BD
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E0EC8A
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E851D78
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3991CD7D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14750D76
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10F6E97E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:097FF903
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE0E5BC2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2B69A18
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCE0D31
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:936CD24D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5782349A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55FBB3E8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B4630A5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41C283B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39F1E9F9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:162E02F7
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C70C5141
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C84299
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CF19C1B
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:741FB6E5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1740DC47
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEC895D8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B43B7AD
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F99F761
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:269C0B5C
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9283DA1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2793A03
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9EEB760
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBA7E1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95970EA3
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618849E3
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:462F5905
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4249A835
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39D0446E
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE0D46D
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:128A6DC9
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F76D01BB
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F52A6209
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4D3884D
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF5A3B21
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3B7A337
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:867718D2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69DA000E
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5433DBEF
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52D76DB8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40512067
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F141B68
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:150E156A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2762B9
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2032EBB
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23BAE6D2
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A6D6CB4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA457ABC
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5135BA4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:945FE29C
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81653DC8
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D7536E0
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AB76595
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5886DCB8
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45858237
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315D06CB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4980368
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9726EA15
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:567D3254
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:450ABF8D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385E2CFD
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37C86456
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FCFED09
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F3B0E00
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B0F52E5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E62B642
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EF94CF3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F851032E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF1813D7
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73BF05FF
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C4C57F9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A6AFE3D
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:161AA30B
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A096EB2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02B823FE
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2C51E3D
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D251621C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0A7408F
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5550B299
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C49306C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48081133
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CAE65A6
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30B9B55F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEA1F887
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AA6FC81
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6AF67671
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42CD97AD
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15DE523E
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3B557D
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E96D894A
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B95CF7DA
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A97118EB
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18431D9
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93877B62
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:576FFBED
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AFE7797
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:279FF250
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E5EC928
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F827F9E
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B520784
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60705540
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BAD65EA
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36E20A37
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2836460B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1828723E
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F951183D
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B648F38E
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA004D25
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA99C0C
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88B61AC3
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49EB0FDC
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:461BD06D
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:347E9D66
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2AF86D9
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED873558
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4076A3B
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:667565EE
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64A36325
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F11C1BE
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5E90ED3
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DEAA30
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A468A21E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98AE08EA
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A14966B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34B7238D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:145EE4E0
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D17155
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFBB419A
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDC42529
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A56D6987
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E656ECE
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B85C37B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AFC2166
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDEB08FD
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0308CC3
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:725A0758
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C13E971
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3313A48D
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23430C4C
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10769EA7
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C5AF2AA
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05BF1B63
< End of report >


mbam.log results....

Malwarebytes' Anti-Malware 1.41
Database version: 2914
Windows 5.1.2600 Service Pack 3

10/6/2009 03:19:05 AM
mbam-log-2009-10-06 (03-19-05).txt

Scan type: Quick Scan
Objects scanned: 106844
Time elapsed: 17 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#78 Maurice Naggar

Maurice Naggar

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,598 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 06 October 2009 - 06:01 AM

Step 1
  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Commands
[purity]
[emptytemp]
[reboot]

  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.

  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote

ADS::
C:\Documents and Settings\All Users\Application Data\

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Reply with copy of OTL MovedFiles log from above and
C:\Combofix.txt
Maurice Naggar
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#79 ghettogirll

ghettogirll

    New Member

  • Members
  • Pip
  • 46 posts
  • Gender:Female

Posted 06 October 2009 - 11:53 AM

OTL moved files log.......


All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 121 bytes
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5764960 bytes
->Google Chrome cache emptied: 0 bytes

User: thetezter
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_650.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 17048 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.61 mb


OTL by OldTimer - Version 3.0.18.4 log created on 10062009_122709

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_650.dat not found!

Registry entries deleted on Reboot...


combo-fix log.....


ComboFix 09-10-05.01 - Owner 10/06/2009 12:38.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.238 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\iWin Games\iWinGamesHookIE.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))
.

2009-10-06 07:51 . 2009-10-06 07:56 -------- d-----w- c:\documents and settings\Owner\.SunDownloadManager
2009-10-06 07:43 . 2009-10-06 07:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-06 07:41 . 2009-10-06 07:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-06 07:37 . 2009-10-06 08:06 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-06 07:27 . 2009-10-06 07:42 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-06 07:27 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-06 07:27 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-06 07:27 . 2009-10-06 07:27 -------- dc----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-05 04:39 . 2009-10-05 04:41 -------- dc----w- c:\documents and settings\All Users\Application Data\SuperRanch
2009-10-05 04:35 . 2009-10-06 16:46 -------- d-----w- c:\program files\iWin Games
2009-09-26 21:31 . 2009-09-26 21:31 -------- d-----w- c:\program files\Avira
2009-09-26 20:30 . 2009-09-26 20:32 -------- dc----w- C:\Combo-Fix24184C
2009-09-22 17:31 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 17:31 . 2009-09-22 17:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 17:31 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-22 07:37 . 2009-09-22 07:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Astar Games
2009-09-21 03:04 . 2009-09-21 04:15 -------- d-----w- c:\program files\Funkitron
2009-09-19 21:21 . 2009-09-19 21:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-16 17:45 . 2009-09-18 07:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Merscom
2009-09-15 17:19 . 2009-09-15 17:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Once Upon a Time in Chicago
2009-09-15 17:19 . 2009-09-15 17:19 -------- dc----w- c:\documents and settings\All Users\Application Data\Once Upon a Time in Chicago
2009-09-13 22:20 . 2009-09-13 22:20 -------- d-----w- c:\program files\AskBarDis
2009-09-13 17:44 . 2009-09-13 17:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Sanna
2009-09-13 17:38 . 2009-09-13 17:38 -------- d-----w- c:\program files\The Legend of Sanna - Rise of a Great Colony
2009-09-13 17:38 . 2009-09-13 17:38 -------- d-----w- c:\windows\The Legend of Sanna - Rise of a Great Colony
2009-09-12 05:00 . 2009-09-12 05:04 -------- dc----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3
2009-09-12 04:58 . 2009-09-13 04:00 -------- d-----w- c:\program files\Alawar
2009-09-10 16:43 . 2009-09-12 04:47 -------- d-----w- c:\program files\Farm Frenzy
2009-09-07 21:21 . 2009-09-07 21:21 -------- d-----w- c:\documents and settings\Owner\Application Data\DivoGames
2009-09-07 20:58 . 2009-09-07 20:58 -------- d-----w- c:\program files\Be Richer
2009-09-07 20:54 . 2009-09-07 20:54 -------- d-----w- c:\windows\Be Richer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 08:23 . 2007-09-01 17:38 -------- d-----w- c:\program files\Java
2009-10-06 08:13 . 2008-11-17 19:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-06 07:42 . 2009-03-28 18:40 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-05 05:43 . 2008-12-29 19:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2009-10-05 05:42 . 2009-08-29 04:57 -------- d-----w- c:\program files\iWin.com
2009-10-05 05:41 . 2007-08-22 02:54 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-03 22:49 . 2007-08-23 23:39 -------- dc----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-10-01 05:09 . 2008-01-12 19:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Valusoft
2009-10-01 05:09 . 2008-01-12 19:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Valusoft
2009-09-27 19:18 . 2007-11-10 01:18 -------- dc----w- c:\documents and settings\All Users\Application Data\Fugazo
2009-09-26 20:24 . 2008-11-14 17:35 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-25 17:19 . 2007-08-23 04:09 -------- dc----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-09-25 17:19 . 2007-08-22 03:32 -------- d-----w- c:\documents and settings\Owner\Application Data\PlayFirst
2009-09-25 17:16 . 2007-08-23 23:39 -------- d-----w- c:\program files\bfgclient
2009-09-25 06:38 . 2007-10-18 22:52 -------- d-----w- c:\documents and settings\Owner\Application Data\funkitron
2009-09-23 07:57 . 2008-02-03 13:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-20 06:47 . 2008-11-28 21:52 -------- d-----w- c:\documents and settings\Owner\Application Data\GameInvest
2009-09-19 21:26 . 2008-12-16 19:27 -------- d-----w- c:\documents and settings\Owner\Application Data\McAfee
2009-09-19 20:31 . 2009-08-31 01:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-18 07:05 . 2009-06-30 01:47 -------- dc----w- c:\documents and settings\All Users\Application Data\Merscom
2009-09-13 22:21 . 2008-12-29 19:44 -------- d-----w- c:\program files\Vuze
2009-09-13 04:00 . 2009-02-18 19:30 -------- dc----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-09-06 01:59 . 2009-09-05 18:01 -------- d-----w- c:\program files\RealArcade
2009-09-06 01:58 . 2009-02-09 15:09 -------- d-----w- c:\program files\CCleaner
2009-09-05 21:28 . 2009-06-30 00:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Sprouts Adventure
2009-09-05 19:20 . 2009-09-05 19:20 -------- d-----w- c:\program files\Zylom Games
2009-09-05 18:05 . 2007-09-13 00:55 -------- dc----w- c:\documents and settings\All Users\Application Data\HipSoft
2009-09-04 06:29 . 2009-04-18 20:30 -------- d-----w- c:\program files\UnHackMe
2009-09-03 16:45 . 2009-08-31 16:46 -------- d-----w- c:\program files\Iceblast
2009-09-02 05:57 . 2009-09-02 05:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-02 05:56 . 2009-08-29 23:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-02 05:55 . 2008-11-22 06:03 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-30 22:46 . 2009-08-30 22:46 -------- d-----w- c:\program files\Lavalys
2009-08-29 23:27 . 2009-03-11 06:36 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-08-29 23:03 . 2009-03-28 21:19 -------- d-----w- c:\program files\Mcam
2009-08-28 23:13 . 2009-08-28 23:13 -------- d-----w- c:\documents and settings\Owner\Application Data\panoramik
2009-08-27 16:46 . 2009-08-27 15:50 -------- dc----w- c:\documents and settings\All Users\Application Data\game_fillup_v2_usa
2009-08-27 06:04 . 2009-08-27 06:04 -------- dc----w- c:\documents and settings\All Users\Application Data\fillup
2009-08-22 22:54 . 2009-02-21 02:09 -------- d-----w- c:\program files\7-Zip
2009-08-22 22:26 . 2008-01-01 19:26 -------- dc----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-08-22 22:25 . 2007-10-22 21:48 -------- d-----w- c:\program files\Yahoo! Games
2009-08-22 05:28 . 2007-08-19 18:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-21 05:16 . 2009-08-21 05:16 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-20 17:52 . 2007-08-19 18:27 -------- d-----w- c:\program files\EA GAMES
2009-08-16 05:35 . 2009-08-16 05:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Batovi
2009-08-15 19:29 . 2007-08-22 01:48 -------- d-----w- c:\program files\Google
2009-08-14 05:56 . 2008-02-02 01:59 -------- dc----w- c:\documents and settings\All Users\Application Data\iwin
2009-08-14 05:56 . 2007-12-05 01:55 -------- d-----w- c:\documents and settings\Owner\Application Data\iWin
2009-08-12 05:23 . 2009-08-11 15:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Babylonia
2009-08-10 14:54 . 2009-08-10 14:54 -------- d-----w- c:\documents and settings\Owner\Application Data\GraveyardShift
2009-08-09 00:37 . 2009-08-09 00:36 -------- dc----w- c:\documents and settings\All Users\Application Data\Protexis
2009-08-09 00:27 . 2007-11-10 01:01 -------- d-----w- c:\program files\GamesBar
2009-08-09 00:25 . 2008-12-14 07:51 -------- d-----w- c:\documents and settings\Owner\Application Data\CaribbeanHideaway
2009-08-09 00:13 . 2009-08-09 00:13 -------- dc----w- c:\documents and settings\All Users\Application Data\Oberon Media
2009-08-08 23:07 . 2009-08-08 23:07 -------- dc----w- c:\documents and settings\All Users\Application Data\Candy Factory
2009-08-08 23:06 . 2009-08-08 23:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Oberon Media
2009-08-08 23:04 . 2009-08-08 23:04 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-08-06 05:24 . 2009-07-25 02:47 49 ----a-w- c:\windows\popcinfot.dat
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 01:08 . 2007-08-24 14:50 13888 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-09-27 01:10 . 2007-09-27 01:11 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-04-18 20:31 . 2009-04-18 20:31 2 --shatr- c:\windows\winstart.bat
2002-07-31 23:55 . 2007-10-11 02:23 102 -csh--w- c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((( SnapShot@2009-09-22_07.04.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-06 07:27 . 2009-10-06 07:42 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2007-07-11 19:52 . 2009-09-25 06:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-11 19:52 . 2009-09-20 20:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-11 19:52 . 2009-09-20 20:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-07-11 19:52 . 2009-09-25 06:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-19 21:21 . 2009-09-25 06:23 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-09-19 21:21 . 2009-09-20 20:02 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-06 07:46 . 2009-10-06 07:46 21504 c:\windows\Installer\2f78b.msi
+ 2009-10-06 07:41 . 2009-10-06 07:41 27648 c:\windows\Installer\2f781.msi
+ 2002-03-19 21:30 . 2002-03-19 21:30 177152 c:\windows\system32\tweakui.exe
- 2004-08-04 12:00 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-04 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2009-10-06 08:14 . 2009-10-06 08:13 149280 c:\windows\system32\javaws.exe
+ 2009-10-06 08:14 . 2009-10-06 08:13 145184 c:\windows\system32\javaw.exe
+ 2009-10-06 08:14 . 2009-10-06 08:13 145184 c:\windows\system32\java.exe
- 2007-07-11 19:45 . 2008-04-14 00:12 153088 c:\windows\system32\dllcache\triedit.dll
+ 2007-07-11 19:45 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
- 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-09-24 06:55 . 2009-09-24 06:55 304640 c:\windows\Installer\2cb8c0f.msi
+ 2009-09-23 07:19 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-23 07:19 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-23 07:19 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-03-26 17:47 . 2009-09-24 06:54 364572 c:\windows\Downloaded Installations\Tweakui Powertoy for Windows XP.msi
- 2009-03-26 17:47 . 2009-03-26 17:47 364572 c:\windows\Downloaded Installations\Tweakui Powertoy for Windows XP.msi
- 2004-08-04 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-04 12:00 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll
- 2004-08-04 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 12:00 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-10-06 08:13 . 2009-10-06 08:13 1757696 c:\windows\Installer\7ea8d.msi
+ 2009-10-06 07:46 . 2009-10-06 07:46 3938816 c:\windows\Installer\2f786.msi
+ 2009-03-28 22:25 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe
+ 2009-09-23 07:20 . 2009-09-23 07:20 15709696 c:\windows\Installer\1337e9.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 16:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-06 149280]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2003-06-19 548864]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^H3 The Shadow of Death™.lnk]
backup=c:\windows\pss\H3 The Shadow of Death™.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MostFun.lnk]
backup=c:\windows\pss\MostFun.lnkStartup
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MostFun.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"TomTomHOMEService"=2 (0x2)
"iWinTrusted"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/6/2009 03:27 AM 108289]
R3 als4k;Avance Wave Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys [3/6/2000 09:59 AM 25658]
R3 ALS4KMF;ALS4KMF;c:\windows\system32\drivers\mf.sys [8/3/2004 07:07 PM 63744]
R3 alsgame;Gameport for ALS4000 (WDM);c:\windows\system32\drivers\alsgame.sys [2/24/2000 04:45 PM 10012]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 08:00 AM 14336]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 12:49 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 12:49 AM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 09:18 PM 23680]
S3 nenum13E;nenum13E;\??\c:\docume~1\Owner\LOCALS~1\Temp\nenum13E.sys --> c:\docume~1\Owner\LOCALS~1\Temp\nenum13E.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [4/18/2009 04:31 PM 34760]
S4 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/2/2009 01:30 PM 78104]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 11:05 AM 92008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2009-10-05 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pupvatsk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={D89E47D3-B546-7880-3696-88E2B380E303}&q=
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pupvatsk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pupvatsk.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-06 12:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-764733703-1343024091-1003\Software\SecuROM\License information*]
"datasecu"=hex:2c,a2,2d,68,1e,b2,83,4e,59,87,76,cc,7a,eb,e3,ed,df,4c,01,7f,5f,
1d,ab,dc,a3,89,a1,71,da,31,4c,86,b9,c9,0b,ff,5a,1d,62,7e,1e,08,4b,20,9f,84,\
"rkeysecu"=hex:4e,08,d7,a7,f2,8b,42,cc,8b,e5,07,42,1d,98,f2,b3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-10-06 12:50
ComboFix-quarantined-files.txt 2009-10-06 16:50
ComboFix2.txt 2009-09-26 20:45
ComboFix3.txt 2009-09-22 17:00
ComboFix4.txt 2009-09-22 07:09

Pre-Run: 20,159,062,016 bytes free
Post-Run: 20,134,469,632 bytes free

310 --- E O F --- 2009-09-23 07:24

#80 Maurice Naggar

Maurice Naggar

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,598 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 06 October 2009 - 08:30 PM

The last Combofix log is good, as was the last MBAM scan. We have gone about as far as we can go with this.
Seeing that you do a lot of online games and internet usage, I'm going to strongly recommend that you purchase an MBAM license to get the benefit of the real-time protection module. It is a low one-time purchase good forever.
Having the MBAM protection module will give added layer of defense.

Go to Control Panel and Add-or-Remove programs.
Look for ESET Online scan and click the line for it. Select Change/Remove to de-install it.
OK & Exit out of Control Panel

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used; followed by advice on staying safer.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it combo-fix Posted Image), put that name in the RUN box stated just below.
The "/u" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space after exe and before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.
  • Click Start, then click Run.

    In the command box that opens, type or copy/paste
    Combo-Fix.exe /u
    and then click OK.

  • Please double-click OTL.exe Posted Image to run it.
  • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.
We are finished here. Best regards.
Maurice Naggar
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.
Back to Resolved HijackThis Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malware Removal Support
  3. Malware Removal Help
  4. Resolved HijackThis Logs
  5. Privacy Policy
  6. Terms of Use ·