random advertisement sounds and pop ups,web links get redirected - Page 2

Question

crunchie 990 Most Valuable Poster

13 Years Ago

Also use systemlook as per your previous instructions on that file please.

1. Please open Notepad

Click Start , then Run
Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\programdata\Jd0IwcEK.dat
c:\programdata\Hxo7P0qj.exe
c:\windows\system32\drivers\kgpcpy.cfg
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
C:\ProgramData\0jf5835bS5a

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

crunchie 990 Most Valuable Poster

13 Years Ago

Log looks ok. How is the pc?

crunchie 990 Most Valuable Poster

13 Years Ago

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 1 · 2010-05-02T07:33:16+00:00

1. Please open Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::



File::

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Fonts\05N2d.com



RENV::

c:\program files\Common Files\Java\Java Update\jusched .exe

c:\program files\Microsoft Office\Office12\GrooveMonitor .exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
A new HijackThis log.
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

==

Please post another OTL too after the reboot.

psuk0110 0 Light Poster · Answer 2 · 2010-05-02T11:57:29+00:00

ComboFix 10-05-01.04 - Dosah 05/01/2010 22:35:50.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2742 [GMT -7:00]
Running from: c:\users\Dosah\Desktop\ComboFix.exe
Command switches used :: c:\users\Dosah\Desktop\CFScript.txt

FILE ::
"c:\windows\Fonts\05N2d.com"
"c:\windows\Tasks\At1.job"
"c:\windows\Tasks\At10.job"
"c:\windows\Tasks\At11.job"
"c:\windows\Tasks\At12.job"
"c:\windows\Tasks\At13.job"
"c:\windows\Tasks\At14.job"
"c:\windows\Tasks\At15.job"
"c:\windows\Tasks\At16.job"
"c:\windows\Tasks\At17.job"
"c:\windows\Tasks\At18.job"
"c:\windows\Tasks\At19.job"
"c:\windows\Tasks\At2.job"
"c:\windows\Tasks\At20.job"
"c:\windows\Tasks\At21.job"
"c:\windows\Tasks\At22.job"
"c:\windows\Tasks\At23.job"
"c:\windows\Tasks\At24.job"
"c:\windows\Tasks\At3.job"
"c:\windows\Tasks\At4.job"
"c:\windows\Tasks\At5.job"
"c:\windows\Tasks\At6.job"
"c:\windows\Tasks\At7.job"
"c:\windows\Tasks\At8.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\05N2d.com
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job

.
((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-02 05:42 . 2010-05-02 05:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-02 05:42 . 2010-05-02 05:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-02 05:42 . 2010-05-02 05:44 -------- d-----w- c:\users\Dosah\AppData\Local\temp
2010-04-29 06:37 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-29 06:37 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-29 06:37 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-24 18:52 . 2010-04-24 18:52 -------- d-----w- c:\program files\CCleaner
2010-04-22 21:04 . 2010-04-22 21:04 -------- d-----w- c:\program files\Trend Micro
2010-04-21 20:10 . 2010-04-21 20:11 -------- d-----w- c:\programdata\SITEguard
2010-04-21 20:09 . 2010-04-24 08:47 -------- d-----w- c:\programdata\STOPzilla!
2010-04-21 20:09 . 2010-04-21 20:09 -------- d-----w- c:\program files\Common Files\iS3
2010-04-21 07:39 . 2010-04-21 07:39 75264 ------w- c:\windows\system32\bbcd.sys
2010-04-21 06:24 . 2010-04-21 06:24 -------- d-----w- c:\windows\Sun
2010-04-15 01:36 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 01:36 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 01:36 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 01:36 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 01:36 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 01:36 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 18:25 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 18:25 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-12 21:15 . 2010-04-12 21:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-08 06:45 . 2010-04-08 06:45 -------- d-----w- c:\users\Dosah\AppData\Roaming\Publish Providers
2010-04-08 06:45 . 2010-04-08 06:45 -------- d-----w- c:\users\Dosah\AppData\Roaming\NetMedia Providers
2010-04-08 06:42 . 2010-04-08 06:42 -------- d-----w- c:\users\Dosah\AppData\Local\Sony
2010-04-08 06:20 . 2010-04-08 06:20 -------- d-----w- c:\program files\Sony Setup
2010-04-06 18:33 . 2010-04-13 03:31 -------- d-----w- c:\users\Dosah\AppData\Local\HuluDesktop
2010-04-03 21:19 . 2010-04-03 21:19 -------- d-----w- c:\program files\Common Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 04:54 . 2010-04-23 11:46 112 ----a-w- c:\programdata\Jd0IwcEK.dat
2010-04-30 22:11 . 2009-12-31 08:45 -------- d-----w- c:\program files\Warcraft III
2010-04-30 19:15 . 2010-03-02 07:49 -------- d-----w- c:\program files\iTunes
2010-04-29 22:15 . 2010-03-23 02:08 -------- d-----w- c:\program files\DellTPad
2010-04-29 22:15 . 2010-01-09 10:08 -------- d-----w- c:\program files\PowerISO
2010-04-29 22:15 . 2010-01-04 03:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-28 03:52 . 2010-04-28 03:52 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-24 18:53 . 2010-03-02 11:10 -------- d-----w- c:\program files\Cakewalk
2010-04-24 16:21 . 2009-12-28 09:37 -------- d-----w- c:\users\Dosah\AppData\Roaming\uTorrent
2010-04-23 23:33 . 2010-04-21 23:01 3848 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-04-21 22:36 . 2009-12-23 00:08 194115 ----a-w- c:\users\Dosah\AppData\Roaming\nvModes.dat
2010-04-21 20:22 . 2010-03-02 11:10 -------- d-----w- c:\programdata\Cakewalk
2010-04-15 10:03 . 2009-12-23 19:26 -------- d-----w- c:\programdata\Microsoft Help
2010-04-07 20:42 . 2010-04-01 05:11 -------- d-----w- c:\users\Dosah\AppData\Roaming\PrimoPDF
2010-04-03 09:31 . 2010-03-22 09:08 -------- d-----w- c:\program files\Java
2010-04-01 21:39 . 2009-12-23 00:37 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-01 05:04 . 2010-04-01 05:04 -------- d-----w- c:\program files\Nitro PDF
2010-03-31 10:17 . 2010-03-03 20:06 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-30 07:46 . 2010-01-04 03:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-01-04 03:44 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 18:14 . 2010-01-08 09:59 -------- d-----w- c:\programdata\Research In Motion
2010-03-23 19:33 . 2010-03-23 19:33 -------- d-----w- c:\programdata\Blizzard
2010-03-23 02:08 . 2010-03-23 02:08 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-03-23 02:06 . 2009-12-22 21:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-23 02:05 . 2010-03-23 02:02 -------- d-----w- c:\program files\Broadcom
2010-03-23 02:01 . 2010-03-23 02:01 -------- d-----w- c:\program files\CONEXANT
2010-03-23 02:00 . 2010-03-23 02:00 -------- d-----w- c:\program files\Digital Line Detect
2010-03-22 23:38 . 2010-03-22 23:38 -------- d-----w- c:\program files\Modem Diagnostic Tool
2010-03-22 23:35 . 2010-03-22 23:35 -------- d-----w- c:\users\Dosah\AppData\Roaming\InstallShield
2010-03-22 23:32 . 2010-03-22 23:32 -------- d-----w- c:\program files\WIDCOMM
2010-03-18 04:40 . 2010-03-18 03:45 -------- d-----w- c:\programdata\Webex
2010-03-18 03:45 . 2010-03-18 03:45 99208 ----a-w- c:\programdata\Webex\ieatgpc.dll
2010-03-18 03:45 . 2010-03-18 03:45 95312 ----a-w- c:\programdata\Webex\atgpcexe.dll
2010-03-18 03:45 . 2010-03-18 03:45 28472 ----a-w- c:\programdata\Webex\atgpcdec.dll
2010-03-18 03:45 . 2010-03-18 03:45 185224 ----a-w- c:\programdata\Webex\atgpcext.dll
2010-03-18 03:45 . 2010-03-18 03:45 151 ----a-w- c:\programdata\Webex\reggpc.bat
2010-03-18 03:45 . 2010-03-18 03:45 111928 ----a-w- c:\programdata\Webex\atstart.exe
2010-03-18 03:45 . 2010-03-18 03:45 103736 ----a-w- c:\programdata\Webex\atmgr.exe
2010-03-10 20:41 . 2010-03-10 20:41 -------- d-----w- c:\users\Dosah\AppData\Roaming\Foxit Software
2010-03-09 11:28 . 2010-03-22 09:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 12:11 . 2010-03-08 12:11 -------- d-----w- c:\users\Dosah\AppData\Roaming\Leadertech
2010-03-08 10:47 . 2010-03-08 10:47 -------- d-----w- c:\program files\EA Sports
2010-03-02 11:35 . 2009-12-22 20:33 109216 ----a-w- c:\users\Dosah\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-02 07:37 . 2010-03-02 07:37 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-24 17:16 . 2009-12-22 13:21 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 07:56 . 2010-03-31 00:00 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-02 07:45 . 2010-02-24 00:15 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

<pre>
c:\program files\iTunes\iTunesHelper .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-30 37380]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-07-02 20:29 159744 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-01-30 16:00 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.exe

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-28 691696]
S1 bbcd;bbcd;c:\windows\system32\bbcd.sys [2010-04-21 75264]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EC5738BF-72C3-416F-9D09-24A21222BE58}]
fycwdn11.dll [N/A]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Dosah\AppData\Roaming\Mozilla\Firefox\Profiles\uxl7anj7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\Dosah\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,fc,83,4e,0c,fe,89,45,8d,a7,48,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,fc,83,4e,0c,fe,89,45,8d,a7,48,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3124)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-05-01 22:48:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-02 05:48
ComboFix2.txt 2010-04-30 19:01
ComboFix3.txt 2010-04-29 22:29
ComboFix4.txt 2010-04-29 05:21

Pre-Run: 21,524,840,448 bytes free
Post-Run: 21,492,056,064 bytes free

- - End Of File - - 8D9E6A06106CF5AC0711A22AE97B3AE9

psuk0110 0 Light Poster · Answer 3 · 2010-05-02T11:57:53+00:00

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:57:35 PM, on 5/1/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Dosah\Desktop\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4265 bytes

psuk0110 0 Light Poster · Answer 4 · 2010-05-02T12:07:45+00:00

OTL logfile created on: 5/1/2010 10:58:42 PM - Run 2
OTL by OldTimer - Version 3.2.3.1 Folder = C:\Users\Dosah\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

Computer Name: DOSAH-PC
Current User Name: Dosah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/01 04:39:34 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Dosah\Desktop\OTL.exe
PRC - [2010/04/04 22:10:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/15 19:07:02 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper .exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe

========== Modules (SafeList) ==========

MOD - [2010/05/01 04:39:34 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Dosah\Desktop\OTL.exe
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/02/28 01:37:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - [2010/04/21 00:39:51 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\bbcd.sys -- (bbcd)
DRV - [2009/12/28 01:39:39 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/08 20:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 15:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 15:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 001,131,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/14 17:25:00 | 007,110,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/26 14:52:22 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/06 17:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 15:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 15:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 18:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 18:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 18:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C3 78 B4 D8 8D E1 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&source=iglk"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 22:10:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/16 10:17:00 | 000,000,000 | ---D | M]

[2009/12/22 06:41:37 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Mozilla\Extensions
[2010/05/01 01:02:51 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Mozilla\Firefox\Profiles\uxl7anj7.default\extensions
[2010/04/13 02:59:30 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Dosah\AppData\Roaming\Mozilla\Firefox\Profiles\uxl7anj7.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/04/13 02:59:28 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Dosah\AppData\Roaming\Mozilla\Firefox\Profiles\uxl7anj7.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/05/01 22:56:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/12 02:48:46 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/05/01 22:43:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 19:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/01 22:48:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/01 22:48:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/01 22:42:53 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Local\temp
[2010/05/01 22:26:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/30 15:13:57 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Dosah\Desktop\OTL.exe
[2010/04/28 21:49:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/28 21:49:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/28 21:49:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/28 21:48:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/28 21:47:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/28 11:24:59 | 000,291,840 | ---- | C] (OldTimer Tools) -- C:\Users\Dosah\Desktop\OTMoveIt2.exe
[2010/04/28 11:21:19 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Dosah\Desktop\HiJackThis.exe
[2010/04/24 11:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/22 14:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/21 13:19:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/04/21 13:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/04/21 13:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/04/21 13:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/04/21 10:35:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/04/20 23:24:02 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/12 14:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/12 00:37:19 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Documents\Fax
[2010/04/07 23:45:33 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\Publish Providers
[2010/04/07 23:45:33 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\NetMedia Providers
[2010/04/07 23:42:18 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Local\Sony
[2010/04/07 23:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2010/04/06 11:33:56 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Local\HuluDesktop
[2010/04/03 14:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/03 14:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/31 22:11:51 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\PrimoPDF
[2010/03/31 22:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2010/03/31 03:18:35 | 000,102,400 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2010/03/31 03:18:34 | 004,947,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacgui.cpl
[2010/03/23 12:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/03/22 19:09:29 | 000,328,704 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2010/03/22 19:09:28 | 000,595,456 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2010/03/22 19:09:28 | 000,299,520 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010/03/22 19:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2010/03/22 19:06:59 | 000,042,496 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2010/03/22 19:06:59 | 000,039,936 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2010/03/22 19:06:59 | 000,037,376 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
[2010/03/22 19:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2010/03/22 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/03/22 19:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2010/03/22 16:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Diagnostic Tool
[2010/03/22 16:35:47 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\InstallShield
[2010/03/22 16:34:51 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Bluetooth Software
[2010/03/22 16:34:51 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Documents\Bluetooth Exchange Folder
[2010/03/22 16:32:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-MX
[2010/03/22 16:32:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-AR
[2010/03/22 16:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2010/03/22 02:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/17 23:24:25 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Desktop\2009 Tax Return
[2010/03/17 20:47:07 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\webex
[2010/03/17 20:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Webex
[2010/03/10 13:41:22 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\Foxit Software
[2010/03/08 05:13:39 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Documents\FIFA 10
[2010/03/08 05:11:38 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\Leadertech
[2010/03/08 03:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2010/03/06 21:18:02 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Desktop\Hawaii
[2010/03/03 13:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/03/02 04:30:36 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\Cakewalk
[2010/03/02 04:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Identities
[2010/03/02 04:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Cakewalk
[2010/03/02 04:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2010/03/02 00:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/02 00:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/28 01:37:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/02/25 16:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/02/25 16:45:52 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Office Genuine Advantage
[2010/02/21 15:05:57 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Desktop\Mass Slides
[2010/02/16 04:07:37 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Desktop\Music
[2010/02/12 02:48:53 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\Foxit
[2010/02/12 02:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/01 23:00:27 | 002,359,296 | -HS- | M] () -- C:\Users\Dosah\NTUSER.DAT
[2010/05/01 22:51:45 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/01 22:51:45 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/01 22:48:43 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/01 22:48:43 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/01 22:48:43 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/01 22:44:06 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/01 22:43:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/01 22:43:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/01 22:43:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/01 22:43:29 | 2817,032,192 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/01 22:25:51 | 003,925,519 | R--- | M] () -- C:\Users\Dosah\Desktop\ComboFix.exe
[2010/05/01 21:54:42 | 000,000,112 | ---- | M] () -- C:\ProgramData\Jd0IwcEK.dat
[2010/05/01 08:39:22 | 000,100,908 | ---- | M] () -- C:\Users\Dosah\Desktop\SystemLook.exe
[2010/05/01 04:39:34 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Dosah\Desktop\OTL.exe
[2010/04/29 03:15:54 | 000,962,876 | -H-- | M] () -- C:\Users\Dosah\AppData\Local\IconCache.db
[2010/04/28 11:25:08 | 000,291,840 | ---- | M] (OldTimer Tools) -- C:\Users\Dosah\Desktop\OTMoveIt2.exe
[2010/04/28 11:21:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dosah\Desktop\HiJackThis.exe
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/26 10:38:50 | 000,011,538 | -HS- | M] () -- C:\ProgramData\0jf5835bS5a
[2010/04/24 11:58:19 | 000,194,115 | ---- | M] () -- C:\Users\Dosah\AppData\Roaming\nvModes.001
[2010/04/24 11:52:38 | 000,022,162 | ---- | M] () -- C:\Users\Dosah\Documents\cc_20100424_115231.reg
[2010/04/23 16:33:58 | 000,003,848 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/04/21 15:36:32 | 000,194,115 | ---- | M] () -- C:\Users\Dosah\AppData\Roaming\nvModes.dat
[2010/04/21 00:39:51 | 000,075,264 | ---- | M] () -- C:\Windows\System32\bbcd.sys
[2010/04/20 16:43:51 | 000,003,519 | ---- | M] () -- C:\Windows\System32\gzdjl
[2010/04/19 11:41:18 | 000,003,584 | ---- | M] () -- C:\Users\Dosah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/17 21:58:28 | 000,028,672 | ---- | M] () -- C:\Users\Dosah\Documents\Sacred Silence Meditation.doc
[2010/04/17 10:01:17 | 000,001,878 | ---- | M] () -- C:\Users\Dosah\Documents\Music Team Stuff - Shortcut.lnk
[2010/04/11 02:59:07 | 000,023,552 | ---- | M] () -- C:\Users\Dosah\Documents\Silent Activities.doc
[2010/04/08 15:44:19 | 000,051,712 | ---- | M] () -- C:\Users\Dosah\Documents\Chat with Victoria.doc
[2010/04/07 15:40:11 | 000,028,160 | ---- | M] () -- C:\Users\Dosah\Documents\Petition.doc
[2010/04/07 14:49:47 | 000,031,744 | ---- | M] () -- C:\Users\Dosah\Desktop\Philip s. Suk Resume.doc
[2010/04/06 16:29:37 | 000,030,208 | ---- | M] () -- C:\Users\Dosah\Documents\Petition Sheet.xls
[2010/04/05 14:20:25 | 000,055,724 | ---- | M] () -- C:\Users\Dosah\Desktop\Philip Suk Resume.pdf
[2010/04/05 11:55:53 | 000,030,720 | ---- | M] () -- C:\Users\Dosah\Desktop\Philip Suk Resume.doc
[2010/03/31 22:52:24 | 000,019,968 | ---- | M] () -- C:\Users\Dosah\Desktop\Workout Progress.xls
[2010/03/31 22:04:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/03/31 22:04:28 | 000,000,314 | ---- | M] () -- C:\Windows\primopdf.ini
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/22 19:08:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/03/22 16:36:57 | 000,001,913 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/03/07 12:11:51 | 000,409,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/02 14:37:49 | 000,028,672 | ---- | M] () -- C:\Users\Dosah\Documents\Permission Agreement ETL.doc
[2010/03/02 04:35:01 | 000,109,216 | ---- | M] () -- C:\Users\Dosah\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/13 11:57:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/01 08:39:23 | 000,100,908 | ---- | C] () -- C:\Users\Dosah\Desktop\SystemLook.exe
[2010/04/28 21:49:07 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/28 21:49:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/28 21:49:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/28 21:49:07 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/28 21:49:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/28 21:44:12 | 003,925,519 | R--- | C] () -- C:\Users\Dosah\Desktop\ComboFix.exe
[2010/04/26 10:36:53 | 000,011,538 | -HS- | C] () -- C:\ProgramData\0jf5835bS5a
[2010/04/24 11:52:35 | 000,022,162 | ---- | C] () -- C:\Users\Dosah\Documents\cc_20100424_115231.reg
[2010/04/23 04:46:29 | 000,000,112 | ---- | C] () -- C:\ProgramData\Jd0IwcEK.dat
[2010/04/21 16:01:31 | 000,003,848 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/04/21 00:39:51 | 000,075,264 | ---- | C] () -- C:\Windows\System32\bbcd.sys
[2010/04/20 16:43:51 | 000,003,519 | ---- | C] () -- C:\Windows\System32\gzdjl
[2010/04/19 11:41:18 | 000,003,584 | ---- | C] () -- C:\Users\Dosah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/17 10:01:17 | 000,001,878 | ---- | C] () -- C:\Users\Dosah\Documents\Music Team Stuff - Shortcut.lnk
[2010/04/14 19:31:32 | 000,028,672 | ---- | C] () -- C:\Users\Dosah\Documents\Sacred Silence Meditation.doc
[2010/04/11 02:59:06 | 000,023,552 | ---- | C] () -- C:\Users\Dosah\Documents\Silent Activities.doc
[2010/04/08 14:44:32 | 000,051,712 | ---- | C] () -- C:\Users\Dosah\Documents\Chat with Victoria.doc
[2010/04/07 13:42:33 | 000,031,744 | ---- | C] () -- C:\Users\Dosah\Desktop\Philip s. Suk Resume.doc
[2010/04/05 14:20:25 | 000,055,724 | ---- | C] () -- C:\Users\Dosah\Desktop\Philip Suk Resume.pdf
[2010/04/03 17:41:29 | 000,030,208 | ---- | C] () -- C:\Users\Dosah\Documents\Petition Sheet.xls
[2010/04/03 17:40:23 | 000,028,160 | ---- | C] () -- C:\Users\Dosah\Documents\Petition.doc
[2010/03/31 22:04:29 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/03/31 22:04:28 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/03/22 19:08:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/03/22 19:01:22 | 000,144,360 | ---- | C] () -- C:\Windows\System32\drivers\del1028.cty
[2010/03/22 16:36:57 | 000,001,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/03/02 14:37:48 | 000,028,672 | ---- | C] () -- C:\Users\Dosah\Documents\Permission Agreement ETL.doc
[2010/02/22 13:25:12 | 000,019,968 | ---- | C] () -- C:\Users\Dosah\Desktop\Workout Progress.xls
[2010/02/22 13:08:11 | 000,030,720 | ---- | C] () -- C:\Users\Dosah\Desktop\Philip Suk Resume.doc
[2010/02/13 11:57:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/12/23 13:07:24 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1018.dll
[2009/12/22 15:22:56 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/12/22 15:22:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/22 15:22:54 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/22 15:22:54 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/12/22 15:22:52 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/22 15:22:52 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/30 18:58:42 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/01/20 23:32:42 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Ableton
[2010/03/02 04:30:43 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Cakewalk
[2010/01/12 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/30 06:44:14 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\DAEMON Tools Pro
[2010/02/12 02:48:53 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Foxit
[2010/03/10 13:41:22 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Foxit Software
[2010/01/22 04:16:02 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\ImgBurn
[2010/03/08 05:11:38 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Leadertech
[2010/04/07 23:45:33 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\NetMedia Providers
[2010/04/07 13:42:53 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\PrimoPDF
[2010/04/07 23:45:33 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Publish Providers
[2010/01/08 03:01:08 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Research In Motion
[2010/04/24 09:21:47 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\uTorrent
[2010/03/17 20:47:10 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\webex
[2010/04/27 15:54:29 | 000,018,916 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/04/28 23:43:22 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\storage\R154200\iastor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Files - Unicode (All) ==========
[2010/04/07 12:46:41 | 000,013,393 | ---- | M] ()(C:\Users\Dosah\Desktop\?? ???.docx) -- C:\Users\Dosah\Desktop\상민 서명서.docx
[2010/04/07 11:48:08 | 000,013,393 | ---- | C] ()(C:\Users\Dosah\Desktop\?? ???.docx) -- C:\Users\Dosah\Desktop\상민 서명서.docx

< End of report >

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 5 · 2010-05-03T07:26:54+00:00

1. Please open Notepad

Click Start , then Run
Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

RENV::
c:\program files\iTunes\iTunesHelper .exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

Combofix.txt
A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

==========

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
```
:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
```
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

=============

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\ProgramData\0jf5835bS5a
C:\ProgramData\Jd0IwcEK.dat
C:\Windows\System32\gzdjl

psuk0110 0 Light Poster · Answer 6 · 2010-05-04T07:25:00+00:00

ComboFix 10-05-01.04 - Dosah 05/03/2010 17:58:53.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2175 [GMT -7:00]
Running from: c:\users\Dosah\Desktop\ComboFix.exe
Command switches used :: c:\users\Dosah\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-04 01:05 . 2010-05-04 01:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-04 01:05 . 2010-05-04 01:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-02 05:42 . 2010-05-04 01:07 -------- d-----w- c:\users\Dosah\AppData\Local\temp
2010-04-29 06:37 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-29 06:37 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-29 06:37 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-24 18:52 . 2010-04-24 18:52 -------- d-----w- c:\program files\CCleaner
2010-04-22 21:04 . 2010-04-22 21:04 -------- d-----w- c:\program files\Trend Micro
2010-04-21 20:10 . 2010-04-21 20:11 -------- d-----w- c:\programdata\SITEguard
2010-04-21 20:09 . 2010-04-24 08:47 -------- d-----w- c:\programdata\STOPzilla!
2010-04-21 20:09 . 2010-04-21 20:09 -------- d-----w- c:\program files\Common Files\iS3
2010-04-21 07:39 . 2010-04-21 07:39 75264 ------w- c:\windows\system32\bbcd.sys
2010-04-21 06:24 . 2010-04-21 06:24 -------- d-----w- c:\windows\Sun
2010-04-15 01:36 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 01:36 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 01:36 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 01:36 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 01:36 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 01:36 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 18:25 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 18:25 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-12 21:15 . 2010-04-12 21:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-08 06:45 . 2010-04-08 06:45 -------- d-----w- c:\users\Dosah\AppData\Roaming\Publish Providers
2010-04-08 06:45 . 2010-04-08 06:45 -------- d-----w- c:\users\Dosah\AppData\Roaming\NetMedia Providers
2010-04-08 06:42 . 2010-04-08 06:42 -------- d-----w- c:\users\Dosah\AppData\Local\Sony
2010-04-08 06:20 . 2010-04-08 06:20 -------- d-----w- c:\program files\Sony Setup
2010-04-06 18:33 . 2010-04-13 03:31 -------- d-----w- c:\users\Dosah\AppData\Local\HuluDesktop

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 00:58 . 2010-03-02 07:49 -------- d-----w- c:\program files\iTunes
2010-05-03 08:02 . 2009-12-31 08:45 -------- d-----w- c:\program files\Warcraft III
2010-05-03 04:58 . 2010-04-23 11:46 112 ----a-w- c:\programdata\Jd0IwcEK.dat
2010-05-03 04:58 . 2010-05-02 07:45 68612 ----a-w- c:\programdata\Hxo7P0qj.exe
2010-05-03 04:58 . 2010-05-02 07:45 68612 ----a-w- c:\programdata\Hxo7P0qj.exe
2010-04-29 22:15 . 2010-03-23 02:08 -------- d-----w- c:\program files\DellTPad
2010-04-29 22:15 . 2010-01-09 10:08 -------- d-----w- c:\program files\PowerISO
2010-04-29 22:15 . 2010-01-04 03:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-28 03:52 . 2010-04-28 03:52 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-24 18:53 . 2010-03-02 11:10 -------- d-----w- c:\program files\Cakewalk
2010-04-24 16:21 . 2009-12-28 09:37 -------- d-----w- c:\users\Dosah\AppData\Roaming\uTorrent
2010-04-23 23:33 . 2010-04-21 23:01 3848 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-04-21 22:36 . 2009-12-23 00:08 194115 ----a-w- c:\users\Dosah\AppData\Roaming\nvModes.dat
2010-04-21 20:22 . 2010-03-02 11:10 -------- d-----w- c:\programdata\Cakewalk
2010-04-15 10:03 . 2009-12-23 19:26 -------- d-----w- c:\programdata\Microsoft Help
2010-04-07 20:42 . 2010-04-01 05:11 -------- d-----w- c:\users\Dosah\AppData\Roaming\PrimoPDF
2010-04-03 21:19 . 2010-04-03 21:19 -------- d-----w- c:\program files\Common Files\Java
2010-04-03 09:31 . 2010-03-22 09:08 -------- d-----w- c:\program files\Java
2010-04-01 21:39 . 2009-12-23 00:37 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-01 05:04 . 2010-04-01 05:04 -------- d-----w- c:\program files\Nitro PDF
2010-03-31 10:17 . 2010-03-03 20:06 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-30 07:46 . 2010-01-04 03:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-01-04 03:44 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 18:14 . 2010-01-08 09:59 -------- d-----w- c:\programdata\Research In Motion
2010-03-23 19:33 . 2010-03-23 19:33 -------- d-----w- c:\programdata\Blizzard
2010-03-23 02:08 . 2010-03-23 02:08 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-03-23 02:06 . 2009-12-22 21:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-23 02:05 . 2010-03-23 02:02 -------- d-----w- c:\program files\Broadcom
2010-03-23 02:01 . 2010-03-23 02:01 -------- d-----w- c:\program files\CONEXANT
2010-03-23 02:00 . 2010-03-23 02:00 -------- d-----w- c:\program files\Digital Line Detect
2010-03-22 23:38 . 2010-03-22 23:38 -------- d-----w- c:\program files\Modem Diagnostic Tool
2010-03-22 23:35 . 2010-03-22 23:35 -------- d-----w- c:\users\Dosah\AppData\Roaming\InstallShield
2010-03-22 23:32 . 2010-03-22 23:32 -------- d-----w- c:\program files\WIDCOMM
2010-03-18 04:40 . 2010-03-18 03:45 -------- d-----w- c:\programdata\Webex
2010-03-18 03:45 . 2010-03-18 03:45 99208 ----a-w- c:\programdata\Webex\ieatgpc.dll
2010-03-18 03:45 . 2010-03-18 03:45 95312 ----a-w- c:\programdata\Webex\atgpcexe.dll
2010-03-18 03:45 . 2010-03-18 03:45 28472 ----a-w- c:\programdata\Webex\atgpcdec.dll
2010-03-18 03:45 . 2010-03-18 03:45 185224 ----a-w- c:\programdata\Webex\atgpcext.dll
2010-03-18 03:45 . 2010-03-18 03:45 151 ----a-w- c:\programdata\Webex\reggpc.bat
2010-03-18 03:45 . 2010-03-18 03:45 111928 ----a-w- c:\programdata\Webex\atstart.exe
2010-03-18 03:45 . 2010-03-18 03:45 103736 ----a-w- c:\programdata\Webex\atmgr.exe
2010-03-10 20:41 . 2010-03-10 20:41 -------- d-----w- c:\users\Dosah\AppData\Roaming\Foxit Software
2010-03-09 11:28 . 2010-03-22 09:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 12:11 . 2010-03-08 12:11 -------- d-----w- c:\users\Dosah\AppData\Roaming\Leadertech
2010-03-08 10:47 . 2010-03-08 10:47 -------- d-----w- c:\program files\EA Sports
2010-03-02 11:35 . 2009-12-22 20:33 109216 ----a-w- c:\users\Dosah\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-02 07:37 . 2010-03-02 07:37 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-24 17:16 . 2009-12-22 13:21 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 07:56 . 2010-03-31 00:00 977920 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]