Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown virus/malware


  • This topic is locked This topic is locked
21 replies to this topic

#1 tamuli

tamuli

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 21 February 2010 - 09:31 PM

Hello to everyone out there. Thanks for taking the time to look at my post. I found this site through TrendMicro, because I was having trouble with HijackThis - among other things - and I think it's so cool that a site like this exists! smile.gif

A few days ago my computer contracted some kind of virus (as indicated by Norton Security pop-ups). Iím not sure that my Norton Security fixed it - I got so frustrated with it that I uninstalled NS, and installed AVG Free instead. Sorry, I didnít note what the virus (or whatever it was) was called. It may even have been a couple of them.

The ostensible outcome of this virus is that I canít seem to use any search engines. I can visit websites if I enter their url*, but if I just write search terms into my toolbar, I get a window saying ďOops! This link appears to be brokenĒ - and it doesnít matter which search engine I use.

* the one exception to this seems to be search websites - i.e., if I type in the Google or Bing address, I get the same ďOops! This link appears to be brokenĒ message.

So I canít do any searches!

Here are the steps I have taken so far:

- did a System Restore to a couple days before the virus hit

- ran a complete Super AntiSpyware Scan (scanned OK)

- ran a complete AVG Scan (scanned OK)

- tried to run HijackThis, with a very strange result - Iíve never had this before - I get a window saying:

ďFor some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\WINDOWS\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as Ďhosts.í (with quotes), and reboot.Ē


Frankly, I donít understand what this message is asking me to do! sad.gif

And while HijackThis is scanning I get a 2nd pop-up:

ďYour hosts file has invalid linebreaks and HijackThis is unable to fix this. 01 items will not be displayed. Click OK to continue the rest of the scan.Ē

That doesnít sound good! But I donít know how to fix it.

I also get a 3rd HijackThis notepad window come up, with a list of items. But again, not sure what to do with it! Argh.

Iíve done the DDS scan, but couldnít do the GMER - I tried 4-5 times, and each time my computer would reboot during the scan. So I didnít get any results! Does this indicate a problem of some sort?

Iím not sure if this is one problem or several... Iím really at a loss here. Iím not a computer whiz at all, so I would really appreciate any advice, but especially advice in basic layman terms! smile.gif

Ok, here are the results of my DDS scan:

DDS (Ver_09-12-01.01) - NTFSx86
Run by tamara ulisko at 17:46:10.98 on Fri 02/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1014 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
svchost.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Utilities 14\nu.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\tamara ulisko\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1214535786&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: AutorunsDisabled - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.5.0.127\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.5.0.127\IPSBHO.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.5.0.127\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} - Zango Information Window
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [NortonUtilities] c:\program files\norton utilities 14\nu.exe /H
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [EPSON Stylus CX4600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
mRun: [EPSON Stylus C62 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_S0BIC1.EXE /P32 "EPSON Stylus C62 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C62"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [FixCamera] c:\windows\FixCamera.exe
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\tamara~1\startm~1\programs\startup\epsona~1.lnk - d:\ereg\EpsonReg.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bounce~1.lnk - c:\program files\cms peripherals\bounceback express\BBLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tamara~1\applic~1\mozilla\firefox\profiles\bt0ax724.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1105000.07f\symds.sys [2010-1-12 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1105000.07f\symefa.sys [2010-1-12 172592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-19 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-19 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-19 360584]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1105000.07f\cchpx86.sys [2010-1-12 501888]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 66632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1105000.07f\ironx86.sys [2010-1-12 116272]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-2-19 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-19 285392]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.5.0.127\ccsvchst.exe [2010-1-12 126392]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2009-11-9 14976]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\ipsdefs\20100128.002\IDSXpx86.sys [2010-1-30 329592]
R3 o200avs;Osprey-2X0 AVStream Video Device;c:\windows\system32\drivers\o200avs.sys [2008-9-16 117504]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 12872]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\bashdefs\20100130.002\BHDrvx86.sys [2010-2-3 529456]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 12872]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20100204.024\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20100204.024\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20100204.024\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20100204.024\NAVEX15.SYS [?]

=============== Created Last 30 ================

2010-02-19 22:42:47 0 ----a-w- c:\documents and settings\tamara ulisko\defogger_reenable
2010-02-19 18:45:48 0 d--h--w- C:\$AVG
2010-02-19 18:45:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-19 18:45:38 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-19 18:45:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-19 18:45:28 0 d-----w- c:\windows\system32\drivers\Avg
2010-02-19 18:45:27 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-02-19 18:45:13 0 d-----w- c:\program files\AVG
2010-02-19 18:45:12 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-02-19 17:48:00 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-19 17:47:50 0 d-----w- c:\program files\Symantec
2010-02-19 17:47:40 0 d-----w- c:\windows\system32\drivers\NIS
2010-02-19 17:47:38 0 d-----w- c:\program files\NortonInstaller
2010-02-19 17:47:37 0 d-----w- c:\program files\Norton Internet Security

==================== Find3M ====================

2010-01-21 04:00:41 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLea.DAT
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-15 17:51:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-07 04:12:38 42208 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2009-10-16 00:51:58 245760 --sh--w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-08-29 15:22:37 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082920080830\index.dat

============= FINISH: 17:46:43.48 ===============

Thank you!

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Malware Response Team
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:07 AM

Posted 22 February 2010 - 08:44 AM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 tamuli

tamuli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 22 February 2010 - 08:59 PM

Hi Sam!

Thanks very much for your help. And your very clear directions! smile.gif

I installed MBAM and it automatically updated itself.

I began the scan, but it only scanned for about 30 seconds and then stopped; both the "time elapsed" and "objects scanned" counters were frozen. When I tried hitting "pause scan", the header at the top of the window showed the note "(Not Responding)". The only way I could get out of it was to click the X at the top right. Then I got that window you get when a program is not responding, giving you the option to "end task", which I did.

I tried a couple more times with the same result, except the scan stopped sooner with each try.

I tried restarting my computer and ran the scan one more time, but again got the same results.

I had better luck with the OTL scan, here is the report:

OTL logfile created on: 2/22/2010 8:37:29 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\tamara ulisko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.66 Gb Total Space | 68.33 Gb Free Space | 46.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOLLFACE
Current User Name: tamara ulisko
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/22 20:36:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tamara ulisko\Desktop\OTL.exe
PRC - [2010/02/19 17:06:41 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/02/19 13:45:16 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/19 13:45:16 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/19 13:45:16 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/19 13:45:16 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/19 13:45:14 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/19 13:45:14 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/02/19 13:45:14 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/20 11:41:18 | 004,105,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 14\nu.exe
PRC - [2009/12/09 04:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe
PRC - [2009/11/09 16:38:59 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/09 16:38:59 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/28 20:21:26 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/09/28 20:00:24 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/17 16:59:08 | 007,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/09 12:28:38 | 001,783,128 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2008/06/26 22:00:35 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/10 13:19:32 | 000,270,336 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe
PRC - [2007/07/11 16:09:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
PRC - [2007/05/10 16:58:42 | 000,344,064 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2005/05/20 11:23:18 | 000,098,304 | ---- | M] () -- C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
PRC - [2005/01/24 17:52:36 | 000,118,784 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
PRC - [2004/10/14 14:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/10/12 17:54:30 | 000,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/09/15 02:01:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/08/25 14:26:56 | 000,389,120 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
PRC - [2004/08/13 02:05:00 | 000,122,939 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2004/06/29 11:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 11:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2004/05/27 21:05:42 | 000,323,584 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2004/03/11 10:50:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2004/03/04 03:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATI9AA.EXE
PRC - [2003/10/07 17:20:18 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/09/03 21:12:44 | 000,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/06/18 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
PRC - [1999/12/13 10:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/22 20:36:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tamara ulisko\Desktop\OTL.exe
MOD - [2003/11/13 19:19:06 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/02/19 13:45:14 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/19 13:45:14 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/28 23:45:59 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/09 04:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe -- (NIS)
SRV - [2009/11/09 16:38:59 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/23 20:22:34 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/11 18:04:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/09 19:21:06 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 10:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2004/08/25 14:26:56 | 000,389,120 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/07/15 02:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/06/29 11:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [1999/12/13 10:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-487048406-1677482555-40395126-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-487048406-1677482555-40395126-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-487048406-1677482555-40395126-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-487048406-1677482555-40395126-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-487048406-1677482555-40395126-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-487048406-1677482555-40395126-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...px&id=64855
IE - HKU\S-1-5-21-487048406-1677482555-40395126-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-487048406-1677482555-40395126-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-487048406-1677482555-40395126-1005\S-1-5-21-487048406-1677482555-40395126-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-487048406-1677482555-40395126-1005\S-1-5-21-487048406-1677482555-40395126-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-487048406-1677482555-40395126-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-487048406-1677482555-40395126-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-487048406-1677482555-40395126-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-21-487048406-1677482555-40395126-500\S-1-5-21-487048406-1677482555-40395126-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\ [2010/02/19 12:47:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/19 13:45:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/19 13:45:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/09 22:04:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/09 22:04:33 | 000,000,000 | ---D | M]

[2009/09/12 21:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tamara ulisko\Application Data\Mozilla\Firefox\Profiles\bt0ax724.default\extensions
[2010/02/18 22:34:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/12 21:38:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2008/12/17 16:59:30 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/17 16:59:31 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/17 16:59:32 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/12/17 16:59:33 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/17 16:59:35 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/02/18 15:57:22 | 000,001,207 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml

O1 HOSTS File: ([2010/02/18 15:58:12 | 000,002,737 | RHS- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 94.228.209.244 www.google.com
O1 - Hosts: 94.228.209.244 google.com
O1 - Hosts: 94.228.209.244 google.com.au
O1 - Hosts: 94.228.209.244 www.google.com.au
O1 - Hosts: 94.228.209.244 google.be
O1 - Hosts: 94.228.209.244 www.google.be
O1 - Hosts: 94.228.209.244 google.com.br
O1 - Hosts: 94.228.209.244 www.google.com.br
O1 - Hosts: 94.228.209.244 google.ca
O1 - Hosts: 38 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-487048406-1677482555-40395126-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-487048406-1677482555-40395126-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [EPSON Stylus C62 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-21-487048406-1677482555-40395126-1005..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-487048406-1677482555-40395126-1005..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-487048406-1677482555-40395126-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-487048406-1677482555-40395126-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\tamara ulisko\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = D:\EREG\EpsonReg.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-487048406-1677482555-40395126-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-487048406-1677482555-40395126-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\tamara ulisko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\tamara ulisko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2005/01/11 06:43:44 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/22 20:36:16 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tamara ulisko\Desktop\OTL.exe
[2010/02/22 19:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tamara ulisko\Application Data\Malwarebytes
[2010/02/22 19:55:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/22 19:55:10 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/22 19:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/22 19:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/19 21:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tamara ulisko\Desktop\gmer
[2010/02/19 18:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tamara ulisko\Local Settings\Application Data\AVG Security Toolbar
[2010/02/19 13:45:48 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/19 13:45:39 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/19 13:45:38 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/19 13:45:33 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/19 13:45:33 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/19 13:45:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/02/19 13:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/19 13:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/19 13:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/19 13:43:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/19 13:43:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/19 13:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/19 13:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/19 12:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/02/19 12:47:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1105000.07F
[2010/02/19 12:47:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2010/02/19 12:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/02/19 12:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/02/19 12:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/01/28 23:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/28 23:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/03 00:52:45 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2009/12/03 00:52:44 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2008/07/25 21:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/11/07 23:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2005/01/11 07:15:38 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1980/01/01 01:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/22 20:36:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tamara ulisko\Desktop\OTL.exe
[2010/02/22 20:30:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/02/22 20:30:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/02/22 20:19:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/22 20:19:17 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/22 20:19:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/22 20:18:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/22 20:18:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/22 20:18:45 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/22 20:18:07 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\ntuser.dat
[2010/02/22 20:18:07 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/22 20:18:07 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/22 20:18:07 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/22 20:18:07 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/22 20:18:07 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/02/22 20:18:07 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/02/22 20:18:07 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/02/22 20:18:07 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/02/22 20:18:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\tamara ulisko\NTUSER.INI
[2010/02/22 20:00:00 | 000,000,760 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - tamara ulisko.job
[2010/02/22 19:55:44 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{467AD2DA-4B08-452A-BA35-DF9D4572378A}.job
[2010/02/22 19:55:14 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/22 19:53:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/02/22 19:53:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/02/22 19:51:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/22 17:47:17 | 056,103,866 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/21 23:18:27 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\Desktop\BleeperPost.doc
[2010/02/21 23:16:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/02/21 23:16:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/02/21 23:16:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/02/21 23:16:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/02/21 22:35:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/02/21 22:35:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/02/20 14:56:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/02/20 14:56:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/02/19 23:09:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/02/19 23:09:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/02/19 21:59:14 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\Desktop\gmer.zip
[2010/02/19 19:31:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/02/19 19:31:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/02/19 18:43:30 | 000,004,683 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\Desktop\Attach_zipped.zip
[2010/02/19 17:45:24 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\Desktop\dds.scr
[2010/02/19 17:42:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\defogger_reenable
[2010/02/19 13:46:22 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/19 13:45:39 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/19 13:45:39 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/19 13:45:38 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/19 13:45:33 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/19 13:45:33 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/19 13:45:33 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/19 13:45:28 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/19 13:45:28 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/19 13:44:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/02/19 13:44:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/02/19 12:48:54 | 000,677,514 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\Cat.DB
[2010/02/18 21:45:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/02/18 21:45:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/02/18 21:38:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/02/18 21:38:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/02/18 21:26:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/02/18 21:26:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/02/18 18:15:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/02/18 18:15:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/02/18 18:04:19 | 000,075,776 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\My Documents\passwords.doc
[2010/02/18 17:46:06 | 000,113,654 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\My Documents\norton360licenseagreement.pdf
[2010/02/18 17:35:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/02/18 17:35:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/02/18 17:26:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/02/18 17:26:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/02/18 15:58:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/02/18 15:58:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/02/18 15:58:12 | 000,002,737 | RHS- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/02/17 23:42:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/02/17 23:42:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/02/17 23:40:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/02/17 23:40:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/02/17 20:41:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/02/17 20:41:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/02/17 20:32:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/02/17 20:32:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/02/15 22:15:11 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\My Documents\Baked Tofu with Creamy Miso SauceRecipe.doc
[2010/02/15 22:10:20 | 000,018,367 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\My Documents\02_15_menu.ods
[2010/02/15 20:11:07 | 000,013,365 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\Desktop\2DO.ods
[2010/02/10 00:48:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/22 19:55:14 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/21 23:18:27 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Desktop\BleeperPost.doc
[2010/02/19 21:59:13 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Desktop\gmer.zip
[2010/02/19 18:43:11 | 000,004,683 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Desktop\Attach_zipped.zip
[2010/02/19 17:45:24 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Desktop\dds.scr
[2010/02/19 17:42:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\defogger_reenable
[2010/02/19 13:45:39 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/19 13:45:33 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/19 13:45:28 | 056,103,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/19 13:45:28 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/19 13:45:28 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/19 13:45:28 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/19 12:48:48 | 000,677,514 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\Cat.DB
[2010/02/18 17:46:06 | 000,113,654 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\My Documents\norton360licenseagreement.pdf
[2010/02/17 16:39:51 | 005,242,880 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\ntuser.dat
[2010/02/15 22:06:54 | 000,018,367 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\My Documents\02_15_menu.ods
[2010/02/15 21:39:47 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\My Documents\Baked Tofu with Creamy Miso SauceRecipe.doc
[2009/12/03 00:52:46 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2009/12/03 00:52:46 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2009/12/03 00:52:45 | 012,212,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2009/03/01 21:31:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/11/10 22:14:27 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2008/10/24 18:45:41 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2008/10/24 18:10:58 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/10/24 18:09:09 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2008/10/24 18:09:09 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2008/10/24 18:04:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4600.ini
[2008/09/16 20:13:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\SimulKey2.dll
[2008/08/22 21:27:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\MultimediaTimer_IF.dll
[2008/07/05 15:39:19 | 000,013,502 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/28 00:59:10 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Local Settings\Application Data\fusioncache.dat
[2008/06/27 00:32:22 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/26 23:22:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/06/25 00:58:20 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLea.DAT
[2008/06/25 00:50:37 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Application Data\PFP120JPR.{PB
[2008/06/25 00:50:37 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Application Data\PFP120JCM.{PB
[2005/01/11 07:28:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/11 07:23:54 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/11 07:16:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/01/11 07:15:40 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/01/11 07:15:40 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/01/11 07:15:39 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/01/11 07:15:17 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/01/11 06:45:58 | 000,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[1980/01/01 01:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2010/02/19 13:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/19 13:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2005/01/11 07:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/09/22 14:13:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/10/09 19:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/06/25 00:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/10/23 16:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LJZsoft
[2009/12/15 02:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/02/22 20:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/25 00:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2005/01/11 07:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/09 22:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/22 16:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/22 14:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tamara ulisko\Application Data\Canon
[2009/03/01 21:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tamara ulisko\Application Data\EPSON
[2008/06/28 16:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tamara ulisko\Application Data\Leadertech
[2008/06/27 22:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tamara ulisko\Application Data\Nikon
[2009/03/01 21:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tamara ulisko\Application Data\Smart Panel
[2008/09/29 00:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tamara ulisko\Application Data\Viewpoint
[2010/02/22 19:55:44 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{467AD2DA-4B08-452A-BA35-DF9D4572378A}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/08/29 10:04:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/08/29 10:04:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/08/29 10:04:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/08/29 10:04:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004/06/29 11:17:16 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\Program Files\Intel\Intel Application Accelerator\Driver\iaStor.sys
[2004/06/29 11:17:16 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\WINDOWS\SYSTEM32\DRIVERS\iaStor.sys
[2004/03/23 13:13:58 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\DRIVERS\STORAGE\SATA\ONBOARD\IASTOR.SYS
[2004/03/23 13:13:58 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0018\DriverFiles\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\msvbvm60.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Does that help? This all means nothing to me, so I'm very curious as to what it tells you, and what we do next! smile.gif





#4 tamuli

tamuli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 22 February 2010 - 09:41 PM

Oh! One more thing:

OTL also provided another log called Extras???

Here it is:

OTL Extras logfile created on: 2/22/2010 8:37:29 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\tamara ulisko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.66 Gb Total Space | 68.33 Gb Free Space | 46.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOLLFACE
Current User Name: tamara ulisko
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{21DDC579-834B-4C14-8122-853994FA2214}" = NikonCapture
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{43B468E0-CFF9-403C-9345-A4F37B2AE7B9}" = Osprey MultiMedia Capture Driver
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = KROSS
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95632566-071E-4A02-92C1-4BD907065736}" = BounceBack Express
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AE704636-ECD0-426C-952E-05B8DABD1949}" = EPSON PhotoStarter3.2
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeô 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"ATI Display Driver" = ATI Display Driver
"AudibleDownloadManager" = Audible Download Manager
"Audigy2 Audio UG" = Audio User's Guide
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"Intel® 537EP V9x DFV PCI Modem" = Intel® 537EP V9x DFV PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Utilities_is1" = Norton Utilities
"RealPlayer 12.0" = RealPlayer
"Silent Package Run-Time Sample" = EPSON CX4600 Reference Guide
"Stop Motion Pro v5 Standard Definition_is1" = Stop Motion Pro v5 Standard Definition
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XLCalendar_is1" = XLCalendar 1.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-487048406-1677482555-40395126-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/21/2010 8:11:36 PM | Computer Name = DOLLFACE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 2/22/2010 4:37:49 PM | Computer Name = DOLLFACE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 2/22/2010 9:09:46 PM | Computer Name = DOLLFACE | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.44.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/22/2010 9:09:49 PM | Computer Name = DOLLFACE | Source = Application Hang | ID = 1001
Description = Fault bucket 1647812708.

Error - 2/22/2010 9:12:03 PM | Computer Name = DOLLFACE | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.44.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/22/2010 9:12:05 PM | Computer Name = DOLLFACE | Source = Application Hang | ID = 1001
Description = Fault bucket 1647812708.

Error - 2/22/2010 9:13:31 PM | Computer Name = DOLLFACE | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.44.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/22/2010 9:19:07 PM | Computer Name = DOLLFACE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 2/22/2010 9:34:37 PM | Computer Name = DOLLFACE | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.44.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/22/2010 9:34:48 PM | Computer Name = DOLLFACE | Source = Application Hang | ID = 1001
Description = Fault bucket 1647812708.

[ System Events ]
Error - 2/19/2010 10:51:15 PM | Computer Name = DOLLFACE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86

Error - 2/19/2010 11:13:30 PM | Computer Name = DOLLFACE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86

Error - 2/19/2010 11:28:35 PM | Computer Name = DOLLFACE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86

Error - 2/19/2010 11:40:59 PM | Computer Name = DOLLFACE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86

Error - 2/20/2010 12:04:09 AM | Computer Name = DOLLFACE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86

Error - 2/20/2010 12:16:54 AM | Computer Name = DOLLFACE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86

Error - 2/20/2010 3:52:49 PM | Computer Name = DOLLFACE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86

Error - 2/21/2010 8:12:40 PM | Computer Name = DOLLFACE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86

Error - 2/22/2010 4:38:52 PM | Computer Name = DOLLFACE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86

Error - 2/22/2010 9:20:23 PM | Computer Name = DOLLFACE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86


< End of report >


#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Malware Response Team
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:07 AM

Posted 23 February 2010 - 07:27 AM


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



=======================


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.


====================


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 tamuli

tamuli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 24 February 2010 - 12:28 AM

Hi Sam!

Good news, I think ESET found something! But here's what I did, in sequence, as per your instructions:

At first I had trouble downloading Java Runtime Environment using the Sun Download Manager, but managed to install it using Windows Installer.

Here are the results of the first OTL scan, using your fix:


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 13271810 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 81599685 bytes

User: tamara ulisko
->Temp folder emptied: 245350065 bytes
->Temporary Internet Files folder emptied: 225213724 bytes
->Java cache emptied: 41720164 bytes
->FireFox cache emptied: 17420944 bytes
->Apple Safari cache emptied: 1007034 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 900549 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4291019992 bytes

Total Files Cleaned = 4,690.00 mb


OTL by OldTimer - Version 3.1.30.1 log created on 02232010_210752

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\tamara ulisko\Local Settings\Temporary Internet Files\Content.IE5\Q1WX0815\posthjtlog[1].htm not found!

Registry entries deleted on Reboot...

And here is the log from the 2nd OTL scan:

OTL logfile created on: 2/23/2010 9:19:09 PM - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\tamara ulisko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.66 Gb Total Space | 72.45 Gb Free Space | 49.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOLLFACE
Current User Name: tamara ulisko
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/23 19:39:44 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/02/22 20:36:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tamara ulisko\Desktop\OTL.exe
PRC - [2010/02/19 17:06:41 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/02/19 13:45:16 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/19 13:45:16 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/19 13:45:16 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/19 13:45:16 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/19 13:45:14 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/19 13:45:14 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/02/19 13:45:14 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/20 11:41:18 | 004,105,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 14\nu.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/12/09 04:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe
PRC - [2009/10/28 20:21:26 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/09/28 20:00:24 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/09 12:28:38 | 001,783,128 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2008/06/26 22:00:35 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/10 13:19:32 | 000,270,336 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe
PRC - [2007/07/11 16:09:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
PRC - [2007/05/10 16:58:42 | 000,344,064 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2005/05/20 11:23:18 | 000,098,304 | ---- | M] () -- C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
PRC - [2005/01/24 17:52:36 | 000,118,784 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
PRC - [2004/10/14 14:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/10/12 17:54:30 | 000,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/09/15 02:01:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/08/25 14:26:56 | 000,389,120 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
PRC - [2004/08/13 02:05:00 | 000,122,939 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2004/06/29 11:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 11:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2004/05/27 21:05:42 | 000,323,584 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2004/03/11 10:50:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2003/10/07 17:20:18 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/09/03 21:12:44 | 000,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/06/18 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
PRC - [1999/12/13 10:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/22 20:36:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tamara ulisko\Desktop\OTL.exe
MOD - [2003/11/13 19:19:06 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/02/23 19:39:44 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/02/19 13:45:14 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/19 13:45:14 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/28 23:45:59 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/09 04:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe -- (NIS)
SRV - [2009/10/28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/23 20:22:34 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/11 18:04:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/09 19:21:06 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 10:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2004/08/25 14:26:56 | 000,389,120 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/07/15 02:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/06/29 11:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [1999/12/13 10:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2010/02/19 17:06:41 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 17:06:41 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/19 17:06:40 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 13:45:38 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/19 13:45:33 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/19 13:45:33 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/15 12:51:37 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/09 04:06:51 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\ccHPx86.sys -- (ccHP)
DRV - [2009/12/04 23:54:05 | 000,529,456 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100130.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/12/03 01:08:32 | 000,325,168 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1105000.07F\SRTSP.SYS -- (SRTSP)
DRV - [2009/12/03 01:08:32 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/11/26 01:41:48 | 000,172,592 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\SYMEFA.SYS -- (SymEFA)
DRV - [2009/11/26 01:41:22 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1105000.07F\Ironx86.SYS -- (SymIRON)
DRV - [2009/11/21 19:43:48 | 000,362,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1105000.07F\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/11/05 17:06:13 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\SYMDS.SYS -- (SymDS)
DRV - [2009/10/28 17:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100128.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/10/20 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/10 22:14:28 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\giveio.sys -- (giveio)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\adfs.sys -- (adfs)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/09/05 13:48:24 | 012,212,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2006/03/01 20:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2005/05/06 14:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 14:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 14:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2005/02/09 10:55:55 | 000,117,504 | R--- | M] (ViewCast Corporation, Osprey Video Division) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\o200avs.sys -- (o200avs)
DRV - [2005/01/27 15:31:06 | 000,260,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 14:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/13 03:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 02:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 02:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 02:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/12 16:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/08/06 11:43:26 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/08/04 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 04:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/08/02 03:03:00 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/07/13 11:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys -- (hap16v2k)
DRV - [2004/07/13 11:13:14 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2004/07/13 11:12:36 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/13 11:11:58 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/07/13 11:11:28 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2004/07/13 11:09:32 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2004/06/29 11:17:16 | 000,477,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/05/29 18:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/02/23 08:40:38 | 000,014,976 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\portd2k.sys -- (portD)
DRV - [2003/11/12 21:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B) Intel®
DRV - [2001/01/22 13:23:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\zntport.sys -- (zntport)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...px&id=64855
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\ [2010/02/19 12:47:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/19 13:45:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/19 13:45:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/23 12:36:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/23 12:36:33 | 000,000,000 | ---D | M]

[2010/02/23 12:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tamara ulisko\Application Data\Mozilla\Extensions
[2009/09/12 21:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tamara ulisko\Application Data\Mozilla\Firefox\Profiles\bt0ax724.default\extensions
[2010/02/23 19:39:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2010/02/18 15:57:22 | 000,001,207 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml

O1 HOSTS File: ([2010/02/23 21:07:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ipsbho.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [EPSON Stylus C62 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe (Symantec Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\tamara ulisko\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = D:\EREG\EpsonReg.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\tamara ulisko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\tamara ulisko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/23 21:07:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/23 19:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/23 19:39:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/23 19:39:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/23 19:39:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/23 19:39:53 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/23 19:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tamara ulisko\Desktop\JavaRa
[2010/02/23 19:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\JavaRuntimeEnvironment
[2010/02/23 19:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tamara ulisko\.SunDownloadManager
[2010/02/22 23:33:15 | 001,923,768 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\tamara ulisko\Desktop\install_flash_player.exe
[2010/02/22 20:36:16 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tamara ulisko\Desktop\OTL.exe
[2010/02/22 19:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tamara ulisko\Application Data\Malwarebytes
[2010/02/22 19:55:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/22 19:55:10 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/22 19:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/22 19:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/19 21:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tamara ulisko\Desktop\gmer
[2010/02/19 18:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tamara ulisko\Local Settings\Application Data\AVG Security Toolbar
[2010/02/19 13:45:48 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/19 13:45:39 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/19 13:45:38 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/19 13:45:33 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/19 13:45:33 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/19 13:45:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/02/19 13:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/19 13:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/19 13:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/19 13:43:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/19 13:43:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/19 13:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/19 13:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/19 12:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/02/19 12:47:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1105000.07F
[2010/02/19 12:47:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2010/02/19 12:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/02/19 12:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/02/19 12:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/01/28 23:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/28 23:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/03 00:52:45 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2009/12/03 00:52:44 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2008/07/25 21:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/11/07 23:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2005/01/11 07:15:38 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1980/01/01 01:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2010/02/23 21:18:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/02/23 21:18:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/02/23 21:14:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/23 21:12:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/23 21:11:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/23 21:11:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/23 21:11:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/23 21:11:18 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/23 21:10:41 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\ntuser.dat
[2010/02/23 21:10:41 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/23 21:10:41 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/23 21:10:41 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/23 21:10:41 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/23 21:10:41 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/02/23 21:10:41 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/02/23 21:10:41 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/02/23 21:10:41 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/02/23 21:10:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\tamara ulisko\NTUSER.INI
[2010/02/23 21:07:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2010/02/23 21:07:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/02/23 21:07:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/02/23 20:51:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/23 20:36:20 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{467AD2DA-4B08-452A-BA35-DF9D4572378A}.job
[2010/02/23 19:39:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/23 19:39:42 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/23 19:39:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/23 19:39:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/23 19:39:42 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/23 19:22:53 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\Desktop\JavaRa.zip
[2010/02/23 19:21:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/02/23 19:21:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/02/23 19:06:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/02/23 19:06:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/02/23 18:47:14 | 056,148,788 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/23 18:27:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/02/23 18:27:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/02/22 23:33:15 | 001,923,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\tamara ulisko\Desktop\install_flash_player.exe
[2010/02/22 23:21:03 | 000,022,594 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\My Documents\02_23_menu.ods
[2010/02/22 20:36:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tamara ulisko\Desktop\OTL.exe
[2010/02/22 20:30:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/02/22 20:30:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/02/22 20:00:00 | 000,000,760 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - tamara ulisko.job
[2010/02/22 19:55:14 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/22 19:53:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/02/22 19:53:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/02/21 23:18:27 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\Desktop\BleeperPost.doc
[2010/02/21 23:16:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/02/21 23:16:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/02/21 23:16:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/02/21 23:16:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/02/21 22:35:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/02/21 22:35:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/02/20 14:56:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/02/20 14:56:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/02/19 23:09:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/02/19 23:09:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/02/19 21:59:14 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\Desktop\gmer.zip
[2010/02/19 19:31:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/02/19 19:31:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/02/19 18:43:30 | 000,004,683 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\Desktop\Attach_zipped.zip
[2010/02/19 17:45:24 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\Desktop\dds.scr
[2010/02/19 17:42:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\defogger_reenable
[2010/02/19 13:46:22 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/19 13:45:39 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/19 13:45:39 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/19 13:45:38 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/19 13:45:33 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/19 13:45:33 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/19 13:45:33 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/19 13:45:28 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/19 13:45:28 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/19 13:44:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/02/19 13:44:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/02/19 12:48:54 | 000,677,514 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\Cat.DB
[2010/02/18 21:45:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/02/18 21:45:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/02/18 21:38:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/02/18 21:38:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/02/18 21:26:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/02/18 21:26:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/02/18 18:15:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/02/18 18:15:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/02/18 18:04:19 | 000,075,776 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\My Documents\passwords.doc
[2010/02/18 17:46:06 | 000,113,654 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\My Documents\norton360licenseagreement.pdf
[2010/02/18 17:35:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/02/18 17:35:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/02/18 17:26:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/02/18 17:26:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/02/15 22:15:11 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\My Documents\Baked Tofu with Creamy Miso SauceRecipe.doc
[2010/02/15 22:10:20 | 000,018,367 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\My Documents\02_15_menu.ods
[2010/02/15 20:11:07 | 000,013,365 | ---- | M] () -- C:\Documents and Settings\tamara ulisko\Desktop\2DO.ods
[2010/02/10 00:48:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/07 21:54:32 | 000,013,502 | ---- | M] () -- C:\WINDOWS\cdplayer.ini

========== Files Created - No Company Name ==========

[2010/02/23 19:22:53 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Desktop\JavaRa.zip
[2010/02/22 23:21:03 | 000,022,594 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\My Documents\02_23_menu.ods
[2010/02/22 19:55:14 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/21 23:18:27 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Desktop\BleeperPost.doc
[2010/02/19 21:59:13 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Desktop\gmer.zip
[2010/02/19 18:43:11 | 000,004,683 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Desktop\Attach_zipped.zip
[2010/02/19 17:45:24 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Desktop\dds.scr
[2010/02/19 17:42:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\defogger_reenable
[2010/02/19 13:45:39 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/19 13:45:33 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/19 13:45:28 | 056,148,788 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/19 13:45:28 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/19 13:45:28 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/19 13:45:28 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/19 12:48:48 | 000,677,514 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\Cat.DB
[2010/02/18 17:46:06 | 000,113,654 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\My Documents\norton360licenseagreement.pdf
[2010/02/17 16:39:51 | 005,242,880 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\ntuser.dat
[2010/02/15 22:06:54 | 000,018,367 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\My Documents\02_15_menu.ods
[2010/02/15 21:39:47 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\My Documents\Baked Tofu with Creamy Miso SauceRecipe.doc
[2010/01/28 23:46:05 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/28 23:46:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/03 00:52:46 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2009/12/03 00:52:46 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2009/12/03 00:52:45 | 012,212,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2009/03/01 21:31:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/11/10 22:14:27 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2008/10/24 18:45:41 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2008/10/24 18:10:58 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/10/24 18:09:09 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2008/10/24 18:09:09 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2008/10/24 18:04:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4600.ini
[2008/09/16 20:13:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\SimulKey2.dll
[2008/08/22 21:27:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\MultimediaTimer_IF.dll
[2008/07/05 15:39:19 | 000,013,502 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/28 00:59:10 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Local Settings\Application Data\fusioncache.dat
[2008/06/27 00:32:22 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/26 23:22:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/06/25 00:58:20 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLea.DAT
[2008/06/25 00:50:37 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Application Data\PFP120JPR.{PB
[2008/06/25 00:50:37 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\tamara ulisko\Application Data\PFP120JCM.{PB
[2005/01/11 07:28:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/11 07:23:54 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/11 07:16:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/01/11 07:15:40 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/01/11 07:15:40 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/01/11 07:15:39 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/01/11 07:15:17 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/01/11 06:45:58 | 000,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[1980/01/01 01:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Finally, here is the ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c70306c475d2bf4b9eda217f9f2d370d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-02-24 04:18:12
# local_time=2010-02-23 11:18:12 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 50338072 50338072 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=115213
# found=1
# cleaned=1
# scan_time=6275
C:\_OTL\MovedFiles\02232010_210752\C_WINDOWS\System32\drivers\etc\hosts Win32/Qhost trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C








#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Malware Response Team
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:07 AM

Posted 24 February 2010 - 08:23 AM

Please download RKill from one of these links. Save it to your desktop and run it.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif


Immediately after running RKill, try running Malwarebytes again.
Please post the resulting log if you're able to run it.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 tamuli

tamuli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 24 February 2010 - 10:58 AM

Hi Sam!

Ran Rkill, no problem.

Tried MBAM a couple times but it's still freezing up on me, showing as "not responding" and i end up having to "end task".

Bummer!

But after ESET got rid of that Qhost Trojan, my search engines seem to be working properly again. And HijackThis no longer gives me the hosts file error message. So things are looking up!

I'd feel better if I could get the MBAM working, though...

OK, awaiting your next instructions! Running these scans is fun! smile.gif

#9 tamuli

tamuli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 24 February 2010 - 07:32 PM

New development!

After running Rkill and MBAM (or trying to - see previous post), I got an AVG pop-up.

The AVG Resident Shield Alert reported a detected threat - Trojan horse Generic16.BUUX.

If you want the actual filename, I think I still have it in the AVG vault. I haven't tried to delete it yet.

The weird thing is, I ran the AVG scan before I posted to this site, and it didn't find anything. So is this a new virus? Or is it a virus that only became detectable once we'd gotten rid of the other one, the Qhost Trojan? Is that even possible?

I tried to run MBAM again just to test my luck, but it froze again.

Thanks for taking in all this info! smile.gif





#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Malware Response Team
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:07 AM

Posted 25 February 2010 - 09:28 AM

It could be that AVG is detecting Rkill or another program, or something that we've already quarantined.

Besides the issue with Malwarebytes, how is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 tamuli

tamuli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 25 February 2010 - 01:18 PM

Ah yes! I think you're right about AVG detecting Rkill, because after deleting Trojan Generic16, I checked my desktop for the Rkill download file and it's no longer there. So that's no biggie.

My search engines are working properly again - thanks to you! - I looked up the Qhost Trojan and that's what it does, mess up your searches. So that's been taken care of.

My only concern is that my computer has refused to shut down a few times over the past couple days. It freezes up, and I end up having to power off. Even the ctrl+alt+delete combo fails to bring up the task manager window. I'm not sure if this is a real problem, or if it's just being sucky because I've been overloading it with scans lately. But it usually doesn't do that.

I have a stopmotion project I'm supposed to be working on, but I'm afraid to go back to it until I know my computer's ok - I can't risk losing any animation, since it takes so $%^&# long to do in the first place! smile.gif

I tried running GMER again today, in case it worked now (I couldn't get it to work when you first asked) - but my computer ended up rebooting in the middle of scanning (like it did before). So that's 2 scans that won't work on my computer, GMER and MBAM. Is that a concern at all?

Please advise... and thanks again for your attention to all this.



#12 tamuli

tamuli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 25 February 2010 - 06:57 PM

Ok, continuing on from today's earlier post...

I had problems shutting down again. I tried to shut down, and 2 messages came up:

A CtHelper window, giving me the option to "end now".

A DSLog.exe window - saying DLL initialization failed because the window station is shutting down.

I closed these windows and walked away, assuming my computer would proceed with shut-down... all the icons had disappeared from my desktop... but then it just stayed like that for 2 hours, with just my desktop background on!

So I looked up what a CtHelper is, and found a link that offered a Free Scan for cthelper.exe related registry errors... it's called the Uniblue RegistryBooster... and it reported 283 registry errors!!!! But of course to fix them I have to pay. And I'm kind of afraid to do any scans or fixes unless I run them by you first, because I don't want to accidentally undo any of the work we've done! So please let me know what I should do next.

Thank you.

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Malware Response Team
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:07 AM

Posted 26 February 2010 - 09:05 AM

I don't normally recommend registry cleaners. Often they end up causing more trouble than what you had initially. I wouldn't be concerned about Gmer not running to completion. That's not that uncommon right now. I'm only just a little more concerned about Malwarebytes not running. RKill should have created a log when it ran. It should be at C:\rkill.log Can you post it for me?

Also I see signs of Symantec as well as AVG running. That's ok if you're just using Symantec's firewall, but not the antivirus. Can you clarify that for me?

Cthelper is related to your Creative Technology audio driver. Take a look at the discs that should have come with your computer when you bought it and you should have one with device drivers. If so, you can reinstall the Creative Tech driver and that may resolve your issue at shutdown.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 tamuli

tamuli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 26 February 2010 - 02:02 PM

Ok! Here is the Rkill log:

-------------------------------------------------------------------------

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as tamara ulisko on 02/24/2010 at 10:34:41.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\tamara ulisko\Local Settings\Temporary Internet Files\Content.IE5\QI8ZJB6E\rkill[1].exe


Rkill completed on 02/24/2010 at 10:34:47.

-------------------------------------------------------------------------

As for Symantec running:

I have Norton Utilities still active, which I'd like to keep.

I thought I'd already gotten rid of Norton Security (the antivirus stuff), but it still shows up in my list of progams. It won't open or do anything, but I can't seem to uninstall it, either. But I don't think it's active.

The only firewall that I have running that I know of is the Windows firewall.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Malware Response Team
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:07 AM

Posted 27 February 2010 - 10:02 AM

I see where Norton utilities is running but I also see this.

PRC - [2009/12/09 04:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ipsbho.dll (Symantec Corporation)

and a few others. So it doesn't appear that Norton uninstalled completely. This is not that uncommon and Symantec does have a removal tool that should help.

http://service1.symantec.com/support/tsgen...005033108162039

You may need to reinstall just Norton Utilities after running the tool.


The log from RKill comes up clean. That means it's not detecting malware processes that would be preventing Malwarebytes from running. As far as malware goes, it appears that you're clean. I'd like to get the remnants of Norton cleaned up and then see what issues remain. Then we can address them.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users