GooredFix v1.9 by jpshortstuff
Log created at 15:07 on 11/02/2009 running Option #2 (Tom)
Firefox version 3.0.5 (en-US)
(Subsequent Run)
=====Goored Deletions=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{21222C22-ABB2-4504-AF39-6A7DB9A9E4DA}"="C:\Documents and Settings\Tom\Local Settings\Application Data\{21222C22-ABB2-4504-AF39-6A7DB9A9E4DA}\"
->Backing up value... Done.
->Deleting value... Done.
C:\Documents and Settings\Tom\Local Settings\Application Data\{21222C22-ABB2-4504-AF39-6A7DB9A9E4DA}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"
========== FILES ==========
c:\windows\system32\rah3b8ffdnd.dll NOT unregistered.
c:\windows\system32\rah3b8ffdnd.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\Ynebupise.dll
c:\windows\Ynebupise.dll NOT unregistered.
c:\windows\Ynebupise.dll moved successfully.
c:\program files\LimeWire\root\magnet10 moved successfully.
c:\program files\LimeWire\root moved successfully.
c:\program files\LimeWire\lib moved successfully.
c:\program files\LimeWire\.NetworkShare moved successfully.
Folder move failed. c:\program files\LimeWire scheduled to be moved on reboot.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02112009_150922
Files moved on Reboot...
Folder move failed. c:\program files\LimeWire scheduled to be moved on reboot.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Tom at 15:15:42.78 on Wed 02/11/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.301 [GMT -5:00]
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Documents and Settings\Tom\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.myspace.com/uWindow Title = Windows Internet Explorer provided by MySpace
uDefault_Page_URL =
hxxp://www.myspace.com/mDefault_Page_URL =
hxxp://www.myspace.com/mStart Page =
hxxp://www.myspace.com/uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} -
file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocxDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cabDPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} -
file:///C:/Program%20Files/Diner%20Dash%20-%20Hometown%20Hero/Images/armhelper.ocxNotify: AtiExtEvent - Ati2evxx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\l7szotge.default\
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-2-10 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-2-10 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-2-10 151297]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-2-10 52032]
=============== Created Last 30 ================
2009-02-11 15:09
--d----- C:\_OTMoveIt
2009-02-10 21:51 --d----- c:\docume~1\tom\applic~1\Malwarebytes
2009-02-10 21:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-10 21:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 21:51 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-10 21:51 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-10 19:47 --d----- c:\program files\Avira
2009-02-10 19:47 --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-02-08 10:57 --d----- c:\documents and settings\Tom
2009-02-01 16:39 --d----- c:\program files\ValuSoft
2009-01-30 12:44 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-30 12:44 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-30 12:43 --d----- c:\program files\iPod
2009-01-30 12:43 --d----- c:\program files\iTunes
2009-01-30 12:43 --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-30 12:43 --d----- c:\program files\Bonjour
2009-01-30 12:40 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2009-01-19 11:51 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-19 11:51 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-19 11:48 --d----- c:\windows\system32\CatRoot_bak
2009-01-19 11:48 --d----- c:\program files\LimeWire
2009-01-19 11:47 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-19 11:47 272,128 -------- c:\windows\system32\drivers\bthport.sys
==================== Find3M ====================
============= FINISH: 15:16:14.90 ===============