Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Found viruses on a file I ran, what to do next?

(New)
(!)

deejayjmc's Avatar
deejayjmc deejayjmc is offline
Junior Member with 16 posts.
THREAD STARTER
 
Join Date: Jul 2010
13-Sep-2010, 12:22 PM #1
Found viruses on a file I ran, what to do next?
Hi,

I tried to install a program using its exe file, the program - Daemon Tools 4.10, would install up to a certain bit then ask to restart repeatedly. I found that my computer wouldn't restart properly, and on times it does it takes a very long time to boot up.

I ran a virus scan on virustotal.com - below is the pasted results:

Antivirus Version Last Update Result
AhnLab-V3 2010.09.13.00 2010.09.13 -
AntiVir 8.2.4.50 2010.09.13 -
Antiy-AVL 2.0.3.7 2010.09.13 -
Authentium 5.2.0.5 2010.09.13 -
Avast 4.8.1351.0 2010.09.13 -
Avast5 5.0.594.0 2010.09.13 Win32:Adware-HT
AVG 9.0.0.851 2010.09.13 -
BitDefender 7.2 2010.09.13 -
CAT-QuickHeal 11.00 2010.09.13 -
ClamAV 0.96.2.0-git 2010.09.13 -
Comodo 6065 2010.09.13 -
DrWeb 5.0.2.03300 2010.09.13 -
Emsisoft 5.0.0.37 2010.09.13 Riskware.AdTool.Win32.WhenU.u!A2
eSafe 7.0.17.0 2010.09.12 -
eTrust-Vet 36.1.7852 2010.09.13 -
F-Prot 4.6.1.107 2010.09.13 -
F-Secure 9.0.15370.0 2010.09.13 -
Fortinet 4.1.143.0 2010.09.13 Misc/WhenU
GData 21 2010.09.13 -
Ikarus T3.1.1.88.0 2010.09.13 -
Jiangmin 13.0.900 2010.09.13 -
K7AntiVirus 9.63.2496 2010.09.11 -
Kaspersky 7.0.0.125 2010.09.13 not-a-virus:WebToolbar.Win32.WhenU.u
McAfee 5.400.0.1158 2010.09.13 -
McAfee-GW-Edition 2010.1B 2010.09.13 -
Microsoft 1.6103 2010.09.12 -
NOD32 5446 2010.09.13 -
Norman 6.06.06 2010.09.13 -
nProtect 2010-09-13.02 2010.09.13 -
Panda 10.0.2.7 2010.09.12 Suspicious file
PCTools 7.0.3.5 2010.09.13 -
Prevx 3.0 2010.09.13 High Risk Worm
Rising 22.65.00.03 2010.09.13 -
Sophos 4.57.0 2010.09.13 Mal/Generic-A
Sunbelt 6868 2010.09.13 Trojan.Win32.Generic!BT
SUPERAntiSpyware 4.40.0.1006 2010.09.13 -
Symantec 20101.1.1.7 2010.09.13 -
TheHacker 6.7.0.0.016 2010.09.12 -
TrendMicro 9.120.0.1004 2010.09.12 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.13 -
VBA32 3.12.14.0 2010.09.13 -
ViRobot 2010.8.25.4006 2010.09.13 Adware.WhenU.7271368
VirusBuster 12.65.2.0 2010.09.12 -

Now that I know I have infected my computer (!) please let me know what to do next to remove these viruses.

Thank you
deejayjmc's Avatar
deejayjmc deejayjmc is offline
Junior Member with 16 posts.
THREAD STARTER
 
Join Date: Jul 2010
13-Sep-2010, 01:18 PM #2
HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:55:56, on 13/09/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Admin\Downloads\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: todo.txt
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - AppInit_DLLs: C:\Windows\System32\acaptuser32.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\NServiceEntry.exe
O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 9297 bytes

______________________________________


DDS.txt:


DDS (Ver_09-09-29.01) - NTFSx86
Run by Admin at 18:56:12.80 on 13/09/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\users\admin\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BigDogPath] c:\windows\VM_STI.EXE VIMICRO USB PC Camera 301x
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "d:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "d:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\tiruyanl.default\
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\tiruyanl.default\ex tensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\winnt_x86-msvc\components\libchm.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\tiruyanl.default\ex tensions\firefogg@firefogg.org\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\tiruyanl.default\ex tensions\firefogg@firefogg.org\platform\winnt_x86-msvc\components\libfirefoggencoder.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\admin\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-09-12 20:39 <DIR> --d----- c:\program files\common files\Microsoft Games
2010-09-12 16:38 <DIR> --d----- c:\programdata\Media Center Programs
2010-09-12 16:38 <DIR> --d----- c:\progra~2\Media Center Programs
2010-09-12 00:59 <DIR> --d----- c:\program files\common files\PX Storage Engine
2010-09-11 15:52 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2010-09-11 15:52 <DIR> --d----- c:\program files\MagicDisc
2010-09-11 15:36 <DIR> --d-h--- c:\windows\PIF
2010-09-02 12:09 <DIR> --d----- c:\program files\Core Services
2010-08-31 02:44 219 a------- c:\windows\iepreview.ini
2010-08-31 00:47 <DIR> --d----- c:\program files\Internet Explorer Platform Preview
2010-08-31 00:47 279,552 a------- c:\windows\system32\XpsGdiConverter.dll
2010-08-31 00:47 135,168 a------- c:\windows\system32\XpsRasterService.dll
2010-08-31 00:46 1,172,480 a------- c:\windows\system32\d3d10warp.dll
2010-08-31 00:46 1,076,224 a------- c:\windows\system32\DWrite.dll
2010-08-31 00:46 804,864 a------- c:\windows\system32\FntCache.dll
2010-08-31 00:46 737,280 a------- c:\windows\system32\d2d1.dll
2010-08-31 00:46 218,624 a------- c:\windows\system32\d3d10_1core.dll
2010-08-31 00:46 3,181,568 a------- c:\windows\system32\mf.dll
2010-08-31 00:46 1,619,456 a------- c:\windows\system32\WMVDECOD.DLL
2010-08-31 00:46 196,608 a------- c:\windows\system32\mfreadwrite.dll
2010-08-28 12:27 <DIR> --d----- c:\program files\VisualLightBox
2010-08-24 00:15 <DIR> --d----- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-24 00:15 <DIR> --d----- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

==================== Find3M ====================

2010-09-11 17:01 685,816 a------- c:\windows\system32\drivers\sptd.sys
2010-09-11 15:36 2,853 a------- c:\windows\pif\setup.PIF
2010-07-28 16:56 423,656 a------- c:\windows\system32\deployJava1.dll
2010-07-12 21:44 215,128 a------- c:\windows\system32\PnkBstrB.exe
2010-07-09 23:37 14,092,904 a------- c:\windows\system32\nvoglv32.dll
2010-07-09 23:37 10,267,240 a------- c:\windows\system32\nvcompiler.dll
2010-07-09 23:37 9,818,728 a------- c:\windows\system32\nvd3dum.dll
2010-07-09 23:37 4,553,832 a------- c:\windows\system32\nvcuda.dll
2010-07-09 23:37 2,892,904 a------- c:\windows\system32\nvcuvid.dll
2010-07-09 23:37 2,506,344 a------- c:\windows\system32\nvcuvenc.dll
2010-07-09 23:37 1,625,192 a------- c:\windows\system32\nvapi.dll
2010-07-09 23:37 236,136 a------- c:\windows\system32\nvcod1922.dll
2010-07-09 23:37 236,136 a------- c:\windows\system32\nvcod.dll
2010-07-09 23:37 56,936 a------- c:\windows\system32\OpenCL.dll
2010-07-09 16:37 13,939,816 a------- c:\windows\system32\nvcpl.dll
2010-07-09 16:37 1,469,544 a------- c:\windows\system32\nvsvc.dll
2010-07-09 16:37 129,640 a------- c:\windows\system32\nvvsvc.exe
2010-07-09 16:37 110,696 a------- c:\windows\system32\nvmctray.dll
2010-05-09 16:59 138,056 a------- c:\users\admin\appdata\roaming\PnkBstrK.sys
2009-07-14 05:56 291,294 a------- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:56 291,294 a------- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 05:56 31,548 a------- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:56 31,548 a------- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:41 174 a--sh--- c:\program files\desktop.ini
2009-07-14 01:34 291,294 a------- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:34 291,294 a------- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:34 31,548 a------- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:34 31,548 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 22:26 9,633,792 a--shr-- c:\windows\fonts\StaticCache.dat
2009-09-14 11:35 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\h istory\history.ie5\index.dat
2009-09-14 11:35 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\t emporary internet files\content.ie5\index.dat
2009-09-14 11:35 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows \cookies\index.dat
2009-09-14 11:35 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows \ietldcache\index.dat

============= FINISH: 18:56:38.52 ===============



_______________________________________________


Attach.txt:


==== Installed Programs ======================


2007 Microsoft Office Suite Service Pack 2 (SP2)
AccessData Forensic Toolkit 1.71
AccessData LicenseManager
ACID Pro 7.0
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Anchor Service CS4
Adobe Default Language CS4
Adobe Flash Player 10 Plugin
Adobe Output Module
Adobe Photoshop CS4
Adobe Reader 9.2
Adobe Reader 9.3.4
Adobe Search for Help
Adobe Setup
AngstroLooper 0.9 beta
Antares Autotune VST v5.09
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudioShell 1.3.5
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Battlefield: Bad Company™ 2
Beatscape 1.0
Bonjour
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CamStudio
CDBurnerXP
Crystal Reports Basic for Visual Studio 2008
Dell Photo Printer 720
DivX Setup
DreamStation DXi2
Emagic Logic Audio Platinum 5.5
Eudora
Express Gate
FEAR
FileZilla Client 3.3.2.1
Free Download Manager 3.0
FreeRIP v3.30
Full Tilt Poker
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GIMP 2.6.7
Google Chrome
Grand Theft Auto IV
Har-Bal Equalization System v2.3
HiJackThis
Hitman Blood Money
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
IETester v0.4.4 (remove only)
ImTOO iPhone Video Converter
iTunes
iZotope Ozone 4
Java Auto Updater
Java(TM) 6 Update 17
Java(TM) 6 Update 21
Java(TM) SE Development Kit 6 Update 17
Live 8.0.3
M-Audio Series II MIDI
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Media Jukebox 12
Melodyne 3.1
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Flight Simulator X
Microsoft Flight Simulator X SDK
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 7.0
Microsoft Office Access 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
Microsoft Web Publishing Wizard 1.53
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
MIDI TO MP3 MAKER version 3.12
MIKSOFT Mobile Media Converter
Motorola Driver Installation 4.5.0
MOTOROLA MEDIA LINK
Mozilla Firefox (3.6.9)
Mozilla Thunderbird (3.0.1)
MSVC80_x86
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Musicnotes Software Suite 1.2
Native Instruments Guitar Rig 3
Native Instruments Service Center
NetBeans IDE 6.7.1
Nitro PDF Professional
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Display Control Panel
NVIDIA Drivers
OF Dragon Rising
Opera 10.61
PC Connectivity Solution
PC Tools Firewall Plus 6.0
PFPortChecker 1.0.32
Portal
Pro Evolution Soccer 2008
PunkBuster Services
Quantum of Solace(TM)
Quantum of Solace(TM) 1.1 Patch
QuickTime
Realtek High Definition Audio Driver
REAPER
Reason 4.0.1
ReCycle 2.0
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Rockstar Games Social Club
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Skype™ 4.1
SONAR 8.0 Producer Edition
Sound Forge Pro 10.0
Spybot - Search & Destroy
SpywareBlaster 4.3
SQL Server System CLR Types
Steam
Steinberg Cubase 5
Steinberg Cubase SX v3.1.1.944
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg Nuendo 4
Steinberg Nuendo Expansion Kit
Steinberg REVerence Content 01
Suite Shared Configuration CS4
Super Winspy v3.5
SyncroSoft Emu (Remove only)
Syncrosoft License Control
System Requirements Lab
T-RackS 3 Deluxe
TeamViewer 5
The Godfather™ II
Tom Clancy's H.A.W.X
Total Video Converter 3.50
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Outlook 2007 Junk Email Filter (kb2202131)
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.4053
Vegas Pro 9.0
Videora iPhone Converter 5.03
Virtual DJ - Atomix Productions
Visual Mind 10
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VisualLightBox
VLC media player 1.0.1
Waves Diamond Bundle v5.2
Waves SSL Collection v1.2
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer Platform Preview
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows Resource Kit Tools - SubInAcl.exe
WinRAR archiver
WinX Free iPhone Video Converter 3.1.1

==== End Of File ===========================



_________________________________________

Ark.txt:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-13 19:18:15
Windows 6.1.7600
Running: puq00c9v.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglcrpod.sys


---- System - GMER 1.0.15 ----

SSDT 96244704 ZwCreateThread
SSDT 962446F0 ZwOpenProcess
SSDT 962446F5 ZwOpenThread
SSDT 962446FF ZwTerminateProcess

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A3FAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A3F104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A3F3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A27634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A27898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A3F1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A3F958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A3F6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A3FF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A401A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83658599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8367CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 8368485C 4 Bytes [04, 47, 24, 96] {ADD AL, 0x47; AND AL, 0x96}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 836849F8 4 Bytes [F0, 46, 24, 96]
.text ntkrnlpa.exe!RtlSidHashLookup + 508 83684A18 4 Bytes [F5, 46, 24, 96] {CMC ; INC ESI; AND AL, 0x96}
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 83684CC8 4 Bytes [FF, 46, 24, 96] {INC DWORD [ESI+0x24]; XCHG ESI, EAX}
? \Device\Harddisk0\Partition1\Windows\system32\drivers\PctWfpFilter.sys The system cannot find the path specified. !
.text peauth.sys 9FE1AC9D 28 Bytes [1E, 1B, 44, 96, 6C, DA, 11, ...]
.text peauth.sys 9FE1ACC1 28 Bytes [1E, 1B, 44, 96, 6C, DA, 11, ...]
PAGE peauth.sys 9FE20B9B 72 Bytes CALL 8F71B21D
PAGE peauth.sys 9FE20BEC 111 Bytes [50, FB, B1, 92, D2, 83, F4, ...]
PAGE peauth.sys 9FE20E20 101 Bytes [26, 78, DA, 42, 24, AF, 77, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[4588] ntdll.dll!LdrLoadDll 76E6F585 5 Bytes JMP 00DC13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@hdf12 0x02 0xEB 0xCF 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001@hdf12 0x08 0x2B 0x57 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001\gdq0@hdf12 0xE3 0x9A 0x6E 0xC7 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@h0 0
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@hdf12 0x02 0xEB 0xCF 0xF0 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@hdf12 0x08 0x2B 0x57 0x82 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0@hdf12 0xE3 0x9A 0x6E 0xC7 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 09: copy of MBR

---- EOF - GMER 1.0.15 ----
deejayjmc's Avatar
deejayjmc deejayjmc is offline
Junior Member with 16 posts.
THREAD STARTER
 
Join Date: Jul 2010
15-Sep-2010, 11:38 AM #3
Bump!

And my specs:

Windows 7 Professional 32 Bit
Intel E8400 CPU
GeForce 7900GS
4GB RAM
deejayjmc's Avatar
deejayjmc deejayjmc is offline
Junior Member with 16 posts.
THREAD STARTER
 
Join Date: Jul 2010
18-Sep-2010, 10:03 AM #4
Please help, it's been 5 days!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
webactutil found - need advice on what to do next plz Woodlouse Virus & Other Malware Removal 7 31-Oct-2008 09:30 AM
smitfraud fix ran ? on what to do next, HJT enclosed love2readking Virus & Other Malware Removal 5 16-Apr-2008 10:11 AM
AVG Anit-Virus, what to do next 325isbimmer Virus & Other Malware Removal 6 05-Jan-2007 07:52 AM
Need advice/opinion on what to do next with graphics card ... MikeTTF Hardware 7 21-Nov-2006 10:35 AM
need advice on what to do next with failed download of ffxi please Astiaza Games 2 02-Sep-2005 06:46 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2