Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random popups, google links redirected, possible browser hijack?


  • This topic is locked This topic is locked
27 replies to this topic

#1 Hollyw00d

Hollyw00d

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 30 April 2010 - 10:57 PM

I had noticed some fake antivirus ad popup out of nowhere a day or so back. I went through the typical process of running Hijackthis, safemode Combofix, safemode Malwarebytes, SUPERAntispyware, and AVG scans. All of these were downloaded yesterday/today from this website as I browsed older threads for some direction. The fake antivirus shenanigans were taken care of and I thought, "cool, another one bites the dust"

Well....I reboot after all scans have come back clean and Firefox, IE8, and Chrome all give random popups. If I search in google clicking on any google link will lead to random redirects never to the same website but just random advertising stuff even sometimes to youtube and amazon. I also lost connection to AIM, not sure if it's related but an added annoyance. I uninstalled Firefox and Chrome and ran ATF-Cleaner. Rebooted back into safe and ran through Hijackthis, Combofix, MBAM, SASW, and another AVG scan. Rebooted into Safe with networking and ran a Panda scan and attempted to do the same for Kapersky but their online scanner is down (sad face). EVERYTHING comes back clean and this thing is still kicking. Still getting google links redirected in all browsers and random popups. If I copy the URL of a link and paste it, it'll go there but if I click the link I get redirected about 95% of the time. Host file is clean, and if there's registry issues with alternate IPs (in Windows>TCPIP blah blah) I didn't find any. It's driving me up the wall.

All virus and spyware definitions are up to date. All microsoft updates are up to date and installed. I'm using WinXP Pro SP3. Haven't come here for help before but hoping it's just something small I missed and an extra pair of eyes will help me out.

Edit: As of the last 2 days or so if I leave the system idle for longer then an hour I lose all functionality. Mouse is fine but no new applications can be started, none can be closed, any that are minimized cannot be brought back up and task manager can't be opened. System does not seem to be hard locked as everything else is smooth...I just can't do anything. I have to force a restart which, both times so far, has lead to a full restart and right before it gets to the login screen it'll freeze and reboot a second time. The 3rd time around it'll boot to the login screen and then into windows. Thing is getting worse by the day but I hate resorting to a reformat and throwing up the white flag.

For starters, here is my HJT Log. I forgot to include it in my original post and I know you guys frown upon bumps!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:05 AM, on 5/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:WINDOWSExplorer.EXE
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsHollyw00dDesktopHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG9avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [StartCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 - HKLM..Run: [BootSkin Startup Jobs] "C:PROGRA~1StardockWINCUS~1BootSkinBootSkin.exe" /StartupJobs
O4 - HKLM..Run: [EnvyHFCPL] C:Program FilesVIAVIAudioiEnvyADeckEnMixCPL.exe 1
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [amd_dc_opt] C:Program FilesAMDDual-Core Optimizeramd_dc_opt.exe
O4 - HKLM..Run: [RivaTunerStartupDaemon] "C:Program FilesRivaTuner v2.24 MSI Master Overclocking Arena 2009 editionRivaTuner.exe" /S
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadLibNMBgMonitor.exe"
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools LiteDTLite.exe" -autorun
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Aim] "C:Program FilesAIMaim.exe" /d locale=en-US
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKUSS-1-5-18..RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS.DEFAULT..RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: Logitech blank Product Registration.lnk = C:Program FilesLogitechG35eReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG9avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:WINDOWSSYSTEM32avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9Identity ProtectionAgentBinAVGIDSAgent.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exe

--
End of file - 5077 bytes

I've fallen victim to this google redirect garbage as well. The standard stuff has not cleared up the issue it seems. Standard being MBAM, SAS, Spybot, AVG, and a round of Combofix. Like a few other people it seems my computer has been going through periods of instability often hanging as scvhost.exe (one 7 running) likes to randomly take 100% cpu until I physically restart the machine. This doesn't always happen but every few reboots since I started getting these redirects. I've got WinXP Pro atm but given a few more days I'll be slapping Win7 on if this thing persists although I'm here because I'd rather not have to do that. The popups have stopped after updating ALL of the above programs listed above and running them this morning but the google search result redirects persist so the problem itself hasn't been dealt with I assume. Below is my DDS and I've attached the other 2 logs as well.

Note: The GMER log is only partial. It gets about 20 mins into a scan before it causes the system to reboot, thats both in normal and in safe mode but I attached the partial saved log anyway.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Hollyw00d at 16:43:09.14 on Sun 05/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2217 [GMT -4:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAVGAVG9Identity ProtectionAgentBinAVGIDSAgent.exe
C:WINDOWSExplorer.EXE
C:Program FilesVIAVIAudioiEnvyADeckEnMixCPL.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAIMaim.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
svchost.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesAVGAVG9avgfws9.exe
C:Program FilesAVGAVG9avgam.exe
C:Program FilesAVGAVG9avgnsx.exe
C:Program FilesCommon FilesAheadLibNMIndexingService.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:WINDOWSSystem32svchost.exe -k HTTPFilter
C:WINDOWSsystem32wscntfy.exe
C:Program FilesVuzeAzureus.exe
C:Program FilesRivaTuner v2.24 MSI Master Overclocking Arena 2009 editionRivaTuner.exe
C:WINDOWSTEMPiVFu.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:Documents and SettingsHollyw00dDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
mWinlogon: UIHost=c:windowssystem32logonuix.exe
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg9avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:program filescommon filesaheadlibNMBgMonitor.exe"
uRun: [msnmsgr] "c:program fileswindows livemessengermsnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:program filesdaemon tools liteDTLite.exe" -autorun
uRun: [SUPERAntiSpyware] c:program filessuperantispywareSUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [Aim] "c:program filesaimaim.exe" /d locale=en-US
uRun: [SpybotSD TeaTimer] c:program filesspybot - search & destroyTeaTimer.exe
mRun: [IMJPMIG8.1] "c:windowsimeimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:windowssystem32imetintlgntTINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:windowssystem32imetintlgntTINTSETP.EXE /IMEName
mRun: [StartCCC] "c:program filesati technologiesati.acecore-staticCLIStart.exe" MSRun
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:program filescommon filesaheadlibNeroCheck.exe
mRun: [BootSkin Startup Jobs] "c:progra~1stardockwincus~1bootskinBootSkin.exe" /StartupJobs
mRun: [EnvyHFCPL] c:program filesviaviaudioienvyadeckEnMixCPL.exe 1
mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [amd_dc_opt] c:program filesamddual-core optimizeramd_dc_opt.exe
mRun: [RivaTunerStartupDaemon] "c:program filesrivatuner v2.24 msi master overclocking arena 2009 editionRivaTuner.exe" /S
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:docume~1hollyw~1startm~1programsstartuplogite~1.lnk - c:program fileslogitechg35eReg.exe
IE: E&xport to Microsoft Excel - c:progra~1mi1933~1office12EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:progra~1spybot~1SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg9avgpp.dll
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:docume~1hollyw~1applic~1mozillafirefoxprofilese7jqxz5d.default
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - component: c:program filesavgavg9firefoxcomponentsavgssff.dll
FF - plugin: c:documents and settingshollyw00dapplication datafacebooknpfbplugin_1_0_3.dll
FF - plugin: c:documents and settingshollyw00dlocal settingsapplication datagoogleupdate1.2.183.23npGoogleOneClick8.dll
FF - plugin: c:program filesdivxdivx plus web playernpdivx32.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpdnu.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpdnupdater2.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpwachk.dll
FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesmozilla firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesmozilla firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesmozilla firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("html5.enable", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:windowssystem32driversAVGIDSxx.sys [2010-4-30 25096]
R0 AvgRkx86;avgrkx86.sys;c:windowssystem32driversavgrkx86.sys [2010-4-30 52872]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:windowssystem32driversnvcchflt.sys [2005-2-11 16640]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2010-4-30 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2010-4-30 29512]
R1 AvgTdiX;AVG Network Redirector;c:windowssystem32driversavgtdix.sys [2010-4-30 242896]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2010-4-27 61440]
R2 avg9wd;AVG WatchDog;c:program filesavgavg9avgwdsvc.exe [2010-4-30 308064]
R2 avgfws9;AVG Firewall;c:program filesavgavg9avgfws9.exe [2010-4-30 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:program filesavgavg9identity protectionagentbinAVGIDSAgent.exe [2010-4-30 5888008]
R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [2010-1-24 54752]
R2 LBeepKE;LBeepKE;c:windowssystem32driversLBeepKE.sys [2010-3-3 10384]
R3 Avgfwdx;Avgfwdx;c:windowssystem32driversavgfwdx.sys [2010-4-30 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:program filesavgavg9identity protectionagentdriverplatform_xpAVGIDSDriver.sys [2010-4-30 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:program filesavgavg9identity protectionagentdriverplatform_xpAVGIDSFilter.sys [2010-4-30 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:program filesavgavg9identity protectionagentdriverplatform_xpAVGIDSShim.sys [2010-4-30 26120]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:windowssystem32driversEnvy24HF.sys [2010-1-21 651712]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:windowssystem32driversvcsvad.sys [2010-4-16 17792]
S3 Avgfwfd;AVG network filter service;c:windowssystem32driversavgfwdx.sys [2010-4-30 30104]
S3 fsssvc;Windows Live Family Safety Service;c:program fileswindows livefamily safetyfsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2010-05-02 01:13:32 552 ----a-w- c:windowssystem32d3d8caps.dat
2010-05-01 09:26:10 664 ----a-w- c:windowssystem32d3d9caps.dat
2010-05-01 04:03:25 0 d-----w- c:program filesSpybot - Search & Destroy
2010-05-01 04:03:25 0 d-----w- c:docume~1alluse~1applic~1Spybot - Search & Destroy
2010-05-01 03:18:56 0 d-----w- c:docume~1alluse~1applic~1AIM
2010-05-01 03:18:52 0 d-----w- c:program filesAIM
2010-05-01 03:18:51 0 d-----w- c:program filescommon filesSoftware Update Utility
2010-05-01 02:12:25 256512 ----a-w- c:windowsPEV.exe
2010-05-01 01:04:14 0 d-----w- C:$AVG
2010-05-01 01:00:28 16409960 ----a-w- C:spybotsd162.exe
2010-05-01 00:31:27 216200 ----a-w- c:windowssystem32driversavgldx86.sys
2010-05-01 00:31:27 12464 ----a-w- c:windowssystem32avgrsstx.dll
2010-05-01 00:31:22 0 d-----w- c:windowssystem32driversAvg
2010-05-01 00:30:28 25096 ----a-w- c:windowssystem32driversAVGIDSxx.sys
2010-05-01 00:30:27 52872 ----a-w- c:windowssystem32driversavgrkx86.sys
2010-05-01 00:30:26 242896 ----a-w- c:windowssystem32driversavgtdix.sys
2010-05-01 00:30:12 50968 ----a-w- c:windowssystem32avgfwdx.dll
2010-05-01 00:30:12 30104 ----a-w- c:windowssystem32driversavgfwdx.sys
2010-05-01 00:29:13 0 d-----w- c:program filesAVG
2010-05-01 00:28:55 0 d-----w- c:docume~1alluse~1applic~1avg9
2010-04-30 12:54:16 0 d-----w- c:program filesPanda Security
2010-04-30 10:21:22 0 d-----w- c:docume~1hollyw~1applic~1QuickScan
2010-04-30 10:16:57 2126 ----a-w- c:windowssystem32wpa.dbl
2010-04-30 10:15:15 0 d-----w- C:fixwareout
2010-04-30 09:15:46 0 d-----w- c:docume~1alluse~1applic~1SUPERAntiSpyware.com
2010-04-30 09:15:31 0 d-----w- c:program filesSUPERAntiSpyware
2010-04-30 09:15:31 0 d-----w- c:docume~1hollyw~1applic~1SUPERAntiSpyware.com
2010-04-30 08:49:33 0 d-----w- c:program filesCCleaner
2010-04-30 07:20:47 0 d-----w- c:program filesESET
2010-04-30 07:08:17 0 d-----w- c:program filesTrend Micro
2010-04-30 06:15:59 0 d-----w- c:docume~1hollyw~1applic~1Malwarebytes
2010-04-30 06:15:48 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-04-30 06:15:48 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-04-30 06:15:48 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2010-04-30 06:15:48 0 d-----w- c:docume~1alluse~1applic~1Malwarebytes
2010-04-30 05:53:46 0 d-----w- c:program filesscdata
2010-04-30 05:43:57 0 d-sha-r- C:cmdcons
2010-04-30 05:42:17 98816 ----a-w- c:windowssed.exe
2010-04-30 05:42:17 77312 ----a-w- c:windowsMBR.exe
2010-04-30 05:42:17 161792 ----a-w- c:windowsSWREG.exe
2010-04-30 05:37:55 0 d-----w- c:program filesAKM Antivirus 2010 Pro
2010-04-29 02:48:53 54156 ---ha-w- c:windowsQTFont.qfn
2010-04-29 02:48:53 1409 ----a-w- c:windowsQTFont.for
2010-04-20 10:14:18 0 d-----w- c:docume~1hollyw~1applic~1Facebook
2010-04-16 21:32:46 0 d-----w- C:AV_LOGS
2010-04-16 21:31:12 0 d-----w- c:docume~1hollyw~1applic~1Avnex
2010-04-16 21:31:00 17792 ----a-w- c:windowssystem32driversvcsvad.sys
2010-04-16 20:26:30 41872 ----a-w- c:windowssystem32xfcodec.dll
2010-04-15 02:52:30 100864 -c----w- c:windowssystem32dllcache6to4svc.dll
2010-04-14 18:26:02 86016 -c----w- c:windowssystem32dllcachecabview.dll
2010-04-14 18:25:55 177664 -c----w- c:windowssystem32dllcachewintrust.dll
2010-04-13 23:45:30 0 d-----w- c:program filescommon filesSymantec Shared
2010-04-13 23:19:39 0 d-----w- c:docume~1alluse~1applic~1Symantec
2010-04-13 23:19:39 0 d-----w- c:docume~1alluse~1applic~1Norton
2010-04-13 23:19:38 0 d-----w- c:docume~1alluse~1applic~1NortonInstaller
2010-04-12 19:01:52 0 d-----w- c:program filesLame for Audacity
2010-04-10 15:06:21 34304 ----a-w- c:windowssystem32driversAmdLLD.sys
2010-04-10 15:06:20 0 d-----w- c:program filesAMD
2010-04-10 05:41:48 0 d-----w- c:docume~1hollyw~1applic~1Xfire
2010-04-10 05:41:46 0 d-----w- c:program filesXfire
2010-04-09 17:02:41 0 d-----w- c:program filesAudacity
2010-04-03 12:48:48 33616 ----a-w- c:windowssystem32atiapfxx.blb
2010-04-03 12:48:48 143360 ----a-w- c:windowssystem32atiapfxx.exe

==================== Find3M ====================

2010-03-23 04:57:18 411368 ----a-w- c:windowssystem32deploytk.dll
2010-03-10 06:15:52 420352 ----a-w- c:windowssystem32vbscript.dll
2010-03-04 00:38:30 0 ---ha-w- c:windowssystem32driversMsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-03-04 00:38:30 0 ---ha-w- c:windowssystem32driversMsft_Kernel_LMouFilt_01005.Wdf
2010-03-04 00:38:30 0 ---ha-w- c:windowssystem32driversMsft_Kernel_LHidFilt_01005.Wdf
2010-03-03 04:07:54 311296 ----a-w- c:windowssystem32atiiiexx.dll
2010-03-03 04:02:54 45056 ----a-w- c:windowssystem32aticalrt.dll
2010-03-03 04:02:40 45056 ----a-w- c:windowssystem32aticalcl.dll
2010-03-03 04:01:00 3641344 ----a-w- c:windowssystem32aticaldd.dll
2010-03-03 03:44:42 14262272 ----a-w- c:windowssystem32atioglxx.dll
2010-03-03 03:40:42 446464 ----a-w- c:windowssystem32ATIDEMGX.dll
2010-03-03 03:40:36 3616096 ----a-w- c:windowssystem32ati3duag.dll
2010-03-03 03:39:44 301056 ----a-w- c:windowssystem32ati2dvag.dll
2010-03-03 03:24:40 208896 ----a-w- c:windowssystem32atipdlxx.dll
2010-03-03 03:24:38 2232320 ----a-w- c:windowssystem32ativvaxx.dll
2010-03-03 03:24:22 155648 ----a-w- c:windowssystem32Oemdspif.dll
2010-03-03 03:24:12 887724 ----a-w- c:windowssystem32ativva6x.dat
2010-03-03 03:24:12 26112 ----a-w- c:windowssystem32Ati2mdxx.exe
2010-03-03 03:24:02 43520 ----a-w- c:windowssystem32ati2edxx.dll
2010-03-03 03:23:50 159744 ----a-w- c:windowssystem32ati2evxx.dll
2010-03-03 03:22:34 602112 ----a-w- c:windowssystem32ati2evxx.exe
2010-03-03 03:21:10 53248 ----a-w- c:windowssystem32ATIDDC.DLL
2010-03-03 03:16:58 565248 ----a-w- c:windowssystem32atikvmag.dll
2010-03-03 03:15:10 184320 ----a-w- c:windowssystem32atiadlxx.dll
2010-03-03 03:14:40 17408 ----a-w- c:windowssystem32atitvo32.dll
2010-03-03 03:14:12 393216 ----a-w- c:windowssystem32atiok3x2.dll
2010-03-03 03:09:06 638976 ----a-w- c:windowssystem32ati2cqag.dll
2010-03-03 03:07:04 65024 ----a-w- c:windowssystem32atimpc32.dll
2010-03-03 03:07:04 65024 ----a-w- c:windowssystem32amdpcom32.dll
2010-02-25 19:55:46 201875 ----a-w- c:windowssystem32atiicdxx.dat
2010-02-25 06:24:37 916480 ----a-w- c:windowssystem32wininet.dll
2010-02-16 14:08:49 2146304 ----a-w- c:windowssystem32ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:windowssystem32ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:windowssystem326to4svc.dll
2010-01-21 09:48:14 32768 --sha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012010012120100122index.dat
2010-01-24 17:44:24 32768 --sha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012010012420100125index.dat

============= FINISH: 16:44:30.03 ===============

Attached Files


Edited by Budapest, 03 May 2010 - 06:26 PM.
Posts merged ~BP


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 52,946 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:38 PM

Posted 04 May 2010 - 11:56 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Hollyw00d

Hollyw00d
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 05 May 2010 - 07:21 AM

OTL did not popup an extra.txt nor was it on the desktop. I tried running it a 2nd time but still no extra.txt.

Here are the OTL and GMER logs. I'll copy them here and attach them.

OTL logfile created on: 5/5/2010 8:13:54 AM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Hollyw00d\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
9.00 Gb Paging File | 7.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 6000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 39.46 Gb Free Space | 67.35% Space Free | Partition Type: NTFS
Drive D: | 407.16 Gb Total Space | 16.57 Gb Free Space | 4.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 149.04 Gb Total Space | 21.41 Gb Free Space | 14.36% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 44.25 Gb Free Space | 9.50% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZAHSH
Current User Name: Hollyw00d
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/05 07:58:25 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hollyw00d\Desktop\OTL.exe
PRC - [2010/04/30 20:31:00 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/30 20:31:00 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/30 20:30:59 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/04/30 20:30:57 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/30 20:30:42 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/04/30 20:30:25 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/04/30 20:30:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/30 20:30:17 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/04/28 22:35:34 | 003,829,080 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/04/27 17:27:04 | 002,020,592 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/26 18:03:24 | 007,393,944 | ---- | M] (Blizzard Entertainment) -- G:\Games\Real WoW\Wow.exe
PRC - [2009/08/22 14:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
PRC - [2009/04/22 22:11:32 | 001,675,776 | ---- | M] (Flagship Industries, Inc.) -- C:\Program Files\Ventrilo\Ventrilo.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/15 17:14:54 | 000,147,456 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/01/15 17:13:50 | 001,208,320 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/10/27 15:59:02 | 000,483,328 | ---- | M] (VIA TECH) -- C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe


========== Modules (SafeList) ==========

MOD - [2010/05/05 07:58:25 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hollyw00d\Desktop\OTL.exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 20:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2009/03/06 05:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009/02/12 16:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008/10/25 12:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 13:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/30 20:30:42 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/04/30 20:30:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/30 20:30:17 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)


========== Driver Services (SafeList) ==========

DRV - [2010/05/04 08:59:29 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2010/04/30 20:31:27 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/30 20:31:27 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/30 20:30:28 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/04/30 20:30:28 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/04/30 20:30:27 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/30 20:30:18 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/04/30 20:30:18 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/04/30 20:30:18 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/04/30 20:30:12 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/04/30 20:30:12 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/04/27 17:30:10 | 000,061,440 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/03 00:21:08 | 004,630,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/21 19:19:55 | 000,163,712 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2010/01/21 19:09:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/21 19:04:27 | 000,015,440 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/22 14:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/17 10:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 10:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/12/26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/30 23:18:42 | 000,651,712 | ---- | M] (VIA - IC Ensemble, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Envy24HF.sys -- (Envy24HFS)
DRV - [2007/07/20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/05 15:51:10 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/31 07:45:00 | 001,050,784 | ---- | M] (D-Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5416.sys -- (AR5416)
DRV - [2005/02/11 19:11:32 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/30 23:17:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/03 08:54:37 | 000,000,000 | ---D | M]

[2010/05/03 23:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Extensions
[2010/05/03 08:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\e7jqxz5d.default\extensions
[2010/04/29 05:10:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\e7jqxz5d.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/30 06:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\e7jqxz5d.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/01/21 18:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\j8fvt9k5.Tor\extensions
[2010/01/21 18:51:50 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\j8fvt9k5.Tor\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/01/21 18:51:50 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\j8fvt9k5.Tor\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/02/18 01:09:46 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\e7jqxz5d.default\searchplugins\daemon-search.xml
[2010/05/03 21:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/05/01 00:07:55 | 000,392,351 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13576 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [EnvyHFCPL] C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe (VIA TECH)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - Startup: C:\Documents and Settings\Hollyw00d\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk = C:\Program Files\Logitech\G35\eReg.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuix.exe) - C:\WINDOWS\system32\logonuix.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\WINDOWS\system32\config\systemprofile\Application Data\ACommander\ccmain.exe) - C:\WINDOWS\System32\config\systemprofile\Application Data\ACommander\ccmain.exe File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\WINDOWS\system32\config\systemprofile\Application Data\ACommander\ccmain.exe) - C:\WINDOWS\System32\config\systemprofile\Application Data\ACommander\ccmain.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Hollyw00d\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hollyw00d\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/21 05:42:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/21 04:41:53 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/04 08:42:00 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Hollyw00d\Desktop\TDSSKiller.exe
[2010/05/03 22:25:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/03 21:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/05/03 21:33:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/03 13:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\AVG9
[2010/05/03 11:40:28 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hollyw00d\Desktop\OTL.exe
[2010/05/03 08:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/03 08:54:37 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/03 08:54:37 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/03 08:54:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/03 08:54:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/02 20:24:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/02 16:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/02 16:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/01 07:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\My Documents\AIMLogger
[2010/05/01 05:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/01 05:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/01 00:28:12 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Hollyw00d\Desktop\HijackThis.exe
[2010/05/01 00:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/01 00:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/30 23:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Local Settings\Application Data\AIM
[2010/04/30 23:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/04/30 23:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/04/30 22:05:29 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/04/30 21:04:14 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/04/30 21:00:28 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\spybotsd162.exe
[2010/04/30 20:31:27 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/30 20:31:27 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/30 20:31:26 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/30 20:31:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/04/30 20:30:28 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/04/30 20:30:27 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/04/30 20:30:26 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/30 20:30:12 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/04/30 20:30:12 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/04/30 20:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/04/30 20:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/30 08:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/04/30 06:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\QuickScan
[2010/04/30 06:15:15 | 000,000,000 | ---D | C] -- C:\fixwareout
[2010/04/30 05:15:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/30 05:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\SUPERAntiSpyware.com
[2010/04/30 05:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/30 04:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Local Settings\Application Data\WinZip
[2010/04/30 04:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/30 03:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/30 03:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/30 02:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\Malwarebytes
[2010/04/30 02:15:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/30 02:15:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/30 02:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/30 02:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/30 01:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\scdata
[2010/04/30 01:43:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/30 01:42:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/30 01:42:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/30 01:42:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/30 01:42:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/30 01:40:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/30 01:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/30 01:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/24 00:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\Media Player Classic
[2010/04/20 06:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\Facebook
[2010/04/16 18:50:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/16 17:32:46 | 000,000,000 | ---D | C] -- C:\AV_LOGS
[2010/04/16 17:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\Avnex
[2010/04/16 17:31:00 | 000,017,792 | ---- | C] (Avnex) -- C:\WINDOWS\System32\drivers\vcsvad.sys
[2010/04/14 22:52:30 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/04/14 14:26:02 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2010/04/14 14:25:55 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2010/04/13 19:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/04/13 19:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/04/13 19:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/04/13 19:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/04/12 15:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2010/04/10 11:06:21 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\WINDOWS\System32\drivers\AmdLLD.sys
[2010/04/10 11:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2010/04/10 01:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\Xfire
[2010/04/10 01:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010/04/09 13:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/01/21 19:25:06 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2010/01/21 19:25:06 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/05 08:04:32 | 059,590,935 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/05 08:02:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1580436667-682003330-1004UA.job
[2010/05/05 07:58:25 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hollyw00d\Desktop\OTL.exe
[2010/05/04 17:02:37 | 050,881,218 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Desktop\AB2286F-F529DA1674F112C6E96D633F722B5BE2C55D0E1D.flv
[2010/05/04 15:16:48 | 017,016,097 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Desktop\11.flv
[2010/05/04 15:03:47 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Hollyw00d\NTUSER.DAT
[2010/05/04 15:03:34 | 000,162,816 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/04 15:00:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/04 10:09:08 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/05/04 10:08:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/04 09:16:43 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2010/05/04 09:04:47 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/04 09:04:47 | 000,444,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/04 09:04:47 | 000,072,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/04 09:02:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1580436667-682003330-1004Core.job
[2010/05/04 08:59:29 | 000,089,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvatabus.sys
[2010/05/04 08:58:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Hollyw00d\ntuser.ini
[2010/05/03 21:40:33 | 000,001,581 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/05/03 21:40:33 | 000,001,365 | -H-- | M] () -- C:\IPH.PH
[2010/05/03 21:30:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/03 21:21:52 | 003,945,276 | R--- | M] () -- C:\Documents and Settings\Hollyw00d\Desktop\CF.exe
[2010/05/03 09:42:57 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Desktop\fix2.inf
[2010/05/03 09:42:10 | 000,000,354 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Desktop\fix1.reg
[2010/05/03 09:40:16 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Desktop\trojan_fakerean_exe_fix.reg
[2010/05/02 18:30:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/02 16:41:36 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Desktop\dds.scr
[2010/05/01 00:27:59 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Hollyw00d\Desktop\HijackThis.exe
[2010/05/01 00:07:55 | 000,392,351 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/30 23:17:37 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/30 21:01:33 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd162.exe
[2010/04/30 20:31:28 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/30 20:31:27 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/30 20:31:27 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/30 20:31:26 | 000,583,987 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/04/30 20:31:26 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/30 20:30:28 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/04/30 20:30:28 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/04/30 20:30:27 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/30 20:30:12 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/04/30 20:30:12 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/04/30 06:17:52 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100501-000755.backup
[2010/04/30 04:50:48 | 000,122,478 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\My Documents\cc_20100430_045036.reg
[2010/04/30 01:47:07 | 006,399,862 | -H-- | M] () -- C:\Documents and Settings\Hollyw00d\Local Settings\Application Data\IconCache.db
[2010/04/30 01:44:01 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 19:04:18 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Desktop\Google Chrome.lnk
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/26 06:50:02 | 047,523,331 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Desktop\2h Enhancement Shaman pvp.mp4
[2010/04/16 16:43:49 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
[2010/04/16 16:26:30 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/10 11:06:32 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/04 16:11:02 | 050,881,218 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\Desktop\AB2286F-F529DA1674F112C6E96D633F722B5BE2C55D0E1D.flv
[2010/05/04 15:06:13 | 017,016,097 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\Desktop\11.flv
[2010/05/04 09:17:15 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\mbr.log
[2010/05/04 09:16:43 | 000,077,312 | ---- | C] () -- C:\mbr.exe
[2010/05/03 09:42:48 | 000,000,370 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\Desktop\fix2.inf
[2010/05/03 09:42:10 | 000,000,354 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\Desktop\fix1.reg
[2010/05/03 09:40:15 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\Desktop\trojan_fakerean_exe_fix.reg
[2010/05/03 09:34:05 | 000,002,994 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\log.txt
[2010/05/02 16:48:27 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\Desktop\gmer.exe
[2010/05/02 16:41:38 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\Desktop\dds.scr
[2010/04/30 23:18:56 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/04/30 23:17:37 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/30 22:12:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/30 22:03:52 | 003,945,276 | R--- | C] () -- C:\Documents and Settings\Hollyw00d\Desktop\CF.exe
[2010/04/30 20:31:26 | 000,583,987 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/04/30 20:31:26 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/30 20:31:22 | 059,590,935 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/30 06:16:57 | 000,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/30 04:50:41 | 000,122,478 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\My Documents\cc_20100430_045036.reg
[2010/04/30 01:44:00 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/04/30 01:43:58 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/30 01:42:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/30 01:42:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/30 01:42:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/30 01:42:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/26 06:41:20 | 047,523,331 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\Desktop\2h Enhancement Shaman pvp.mp4
[2010/04/16 16:43:49 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
[2010/04/16 16:26:30 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/01/21 19:19:28 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2010/01/21 19:08:01 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/21 19:08:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/01/21 19:06:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/21 18:49:34 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2005/03/18 08:52:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
< End of report >




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-05 08:03:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\HOLLYW~1\LOCALS~1\Temp\fgtdypoc.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006D000A
.text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006E000A
.text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006C000C
.text C:\WINDOWS\Explorer.EXE[1028] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1028] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[1028] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xDC 0x48 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x5B 0xFD 0xF5 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x27 0xD4 0xA5 0xCD ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x09 0x86 0x67 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xA7 0x2B 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0xE9 0x71 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x27 0xD4 0xA5 0xCD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0E 0x17 0x05 0x32 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xDC 0x48 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0x49 0x91 0xC2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x27 0xD4 0xA5 0xCD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x09 0x86 0x67 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xDC 0x48 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0x49 0x91 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x27 0xD4 0xA5 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x09 0x86 0x67 0xD9 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xDC 0x48 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0x49 0x91 0xC2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x27 0xD4 0xA5 0xCD ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x09 0x86 0x67 0xD9 ...

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  OTL.Txt   84.85KB   4 downloads
  • Attached File  gmer.log   8.05KB   3 downloads


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 52,946 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:38 PM

Posted 05 May 2010 - 08:09 AM

Hi, please rerun OTL, make sure under "extra registry" use safelist is checked and run the scan again. This should produce extra.txt as well (no need to post otl.txt again).
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Hollyw00d

Hollyw00d
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 05 May 2010 - 08:44 AM

That did it, here is the extras.txt


OTL Extras logfile created on: 5/5/2010 9:42:31 AM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Hollyw00d\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
9.00 Gb Paging File | 7.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 6000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 39.46 Gb Free Space | 67.35% Space Free | Partition Type: NTFS
Drive D: | 407.16 Gb Total Space | 16.57 Gb Free Space | 4.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 149.04 Gb Total Space | 21.41 Gb Free Space | 14.36% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 44.25 Gb Free Space | 9.50% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZAHSH
Current User Name: Hollyw00d
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1645522239-1580436667-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher
"8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher
"8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
"8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"D:\Steam\steamapps\common\trackmania nations forever\TmForever.exe" = D:\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever -- ()
"D:\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe" = D:\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever -- ()
"D:\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe" = D:\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)
"D:\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe" = D:\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme -- ()
"D:\Steam\steamapps\common\company of heroes\RelicCOH.exe" = D:\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes -- (THQ Canada Inc.)
"D:\Steam\steamapps\common\company of heroes\help.htm" = D:\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"G:\Games\RON Gold\thrones.exe" = G:\Games\RON Gold\thrones.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Games2\BFME2\game.dat" = D:\Games2\BFME2\game.dat:*:Enabled:The Battle for Middle-earth™ II -- (Electronic Arts Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01840D1A-3B62-1E2A-9997-C9B9007F1E5F}" = Catalyst Control Center Core Implementation
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DAFF305-A88A-40AC-A882-EB2C6F53AF94}" = League of Legends
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{32BAA79B-CBB2-3693-A0E3-71EA4A1E9761}" = ccc-core-static
"{33BA828D-CF19-0B52-8483-61FCFD83F75D}" = Catalyst Control Center HydraVision Full
"{362CCC45-63D1-9688-C74D-F32F1B0CD919}" = CCC Help English
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4183E4E3-F943-416C-D4E1-0673F1CBA6E1}" = ccc-utility
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69FAC221-570C-A7A2-10FF-30F3BDDED603}" = Catalyst Control Center Graphics Light
"{6C89B82E-AD76-7715-43EA-C37E563E83BB}" = ATI Catalyst Install Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77C4F53F-8618-B4AC-A54D-694CA504BC2E}" = Catalyst Control Center Graphics Full Existing
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A52C4BAB-E8E7-906E-EF34-91EA765505BE}" = ccc-core-preinstall
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB2E2ED5-DE74-F09D-3B23-0C4BA51D8C60}" = Catalyst Control Center Graphics Previews Common
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7 Ultra Edition
"{FDE0EEEA-B1CD-BFED-22BB-AD87B886CC47}" = Catalyst Control Center Graphics Full New
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Audacity_is1" = Audacity 1.2.6
"AudioShell_is1" = AudioShell 1.3.5
"AVG9Uninstall" = AVG 9.0
"BootSkin" = BootSkin
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3207] [2010-01-18]
"Final Fantasy VII_is1" = Final Fantasy VII - Ultima Edition
"FLV Player" = FLV Player 2.0 (build 25)
"Fraps" = Fraps (remove only)
"Hamachi" = Hamachi 1.0.0.62
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"RiseOfNationsExpansion 1.0" = Rise of Nations
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"ROCKIT PRO DJ" = ROCKIT PRO DJ 4.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II Beta" = StarCraft II Beta
"Steam" = Steam
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Vidalia" = Vidalia 0.1.15
"VLC media player" = VLC media player 1.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1645522239-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2010 1:58:18 PM | Computer Name = ZAHSH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module nvappfilter.dll, version 2.2.0.475, fault address 0x00005587.

Error - 1/27/2010 3:01:51 PM | Computer Name = ZAHSH | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 1.0.3.0, faulting module libavcodec_plugin.dll,
version 0.0.0.0, fault address 0x002f9320.

Error - 2/6/2010 8:53:18 AM | Computer Name = ZAHSH | Source = Application Hang | ID = 1002
Description = Hanging application StepMania.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2010 9:00:50 AM | Computer Name = ZAHSH | Source = Application Error | ID = 1000
Description = Faulting application stepmania.exe, version 1.0.0.1, faulting module
stepmania.exe, version 1.0.0.1, fault address 0x001bb189.

[ System Events ]
Error - 5/4/2010 9:22:29 AM | Computer Name = ZAHSH | Source = Service Control Manager | ID = 7001
Description = The fssfltr service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 5/4/2010 9:22:29 AM | Computer Name = ZAHSH | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 5/4/2010 9:22:29 AM | Computer Name = ZAHSH | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 5/4/2010 9:22:29 AM | Computer Name = ZAHSH | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 5/4/2010 9:22:29 AM | Computer Name = ZAHSH | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 5/4/2010 9:22:29 AM | Computer Name = ZAHSH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdPPM atapi AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT ohci1394 PCIIde RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip

Error - 5/4/2010 10:09:01 AM | Computer Name = ZAHSH | Source = NIC1394 | ID = 5002
Description = 1394 Net Adapter : Has determined that the adapter is not functioning
properly.

Error - 5/4/2010 10:09:01 AM | Computer Name = ZAHSH | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/4/2010 10:09:01 AM | Computer Name = ZAHSH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/4/2010 10:09:49 AM | Computer Name = ZAHSH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde


< End of report >


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 52,946 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:38 PM

Posted 05 May 2010 - 11:27 AM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Hollyw00d

Hollyw00d
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 05 May 2010 - 11:51 AM

I have AVG running and it's a gigantic pain to get it to shut off its scanners (which I suppose is a good thing?) Anyway, I had to leave AVG running while I ran Combofix but I can always uninstall AVG and rerun Combofix if need be. Below is my Combofix log. I just checked and my google results are still being redirected, both IE and Chrome are just dead in the water. They have 0 connectivity, no proxy settings, they just dont load a single page.


ComboFix 10-05-04.06 - Hollyw00d 05/05/2010 12:37:26.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1955 [GMT -4:00]
Running from: c:\documents and settings\Hollyw00d\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-04 13:16 . 2010-05-04 13:16 77312 ----a-w- C:\mbr.exe
2010-05-04 01:40 . 2010-05-04 01:40 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-05-03 17:37 . 2010-05-03 17:37 -------- d-----w- c:\documents and settings\Hollyw00d\Application Data\AVG9
2010-05-03 12:54 . 2010-05-03 12:54 503808 ----a-w- c:\documents and settings\Hollyw00d\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3458e940-n\msvcp71.dll
2010-05-03 12:54 . 2010-05-03 12:54 499712 ----a-w- c:\documents and settings\Hollyw00d\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3458e940-n\jmc.dll
2010-05-03 12:54 . 2010-05-03 12:54 348160 ----a-w- c:\documents and settings\Hollyw00d\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3458e940-n\msvcr71.dll
2010-05-03 12:54 . 2010-05-03 12:54 61440 ----a-w- c:\documents and settings\Hollyw00d\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-24745873-n\decora-sse.dll
2010-05-03 12:54 . 2010-05-03 12:54 12800 ----a-w- c:\documents and settings\Hollyw00d\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-24745873-n\decora-d3d.dll
2010-05-03 12:54 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 09:26 . 2010-05-02 01:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-01 04:03 . 2010-05-01 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-01 04:03 . 2010-05-01 04:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-01 03:18 . 2010-05-04 01:40 -------- d-----w- c:\documents and settings\Hollyw00d\Local Settings\Application Data\AIM
2010-05-01 03:18 . 2010-05-01 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-05-01 03:18 . 2010-05-04 01:40 -------- d-----w- c:\program files\AIM
2010-05-01 01:04 . 2010-05-01 01:04 -------- d-----w- C:\$AVG
2010-05-01 01:00 . 2010-05-01 01:01 16409960 ----a-w- C:\spybotsd162.exe
2010-05-01 00:31 . 2010-05-01 00:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-01 00:31 . 2010-05-01 00:31 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-01 00:31 . 2010-05-01 00:31 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-01 00:31 . 2010-05-05 12:04 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-01 00:30 . 2010-05-01 00:30 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-05-01 00:30 . 2010-05-01 00:30 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-01 00:30 . 2010-05-01 00:30 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-01 00:30 . 2010-05-01 00:30 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-05-01 00:30 . 2010-05-01 00:30 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-01 00:29 . 2010-05-01 00:29 -------- d-----w- c:\program files\AVG
2010-05-01 00:28 . 2010-05-01 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-30 12:54 . 2010-05-01 02:46 -------- d-----w- c:\program files\Panda Security
2010-04-30 10:21 . 2010-04-30 10:26 -------- d-----w- c:\documents and settings\Hollyw00d\Application Data\QuickScan
2010-04-30 10:21 . 2010-04-29 21:56 699512 ----a-w- c:\documents and settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\e7jqxz5d.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-04-30 10:21 . 2010-04-29 21:56 863312 ----a-w- c:\documents and settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\e7jqxz5d.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-04-30 10:15 . 2010-04-30 10:18 -------- d-----w- C:\fixwareout
2010-04-30 09:17 . 2010-05-04 13:01 63488 ----a-w- c:\documents and settings\Hollyw00d\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-04-30 09:17 . 2010-04-30 09:17 52224 ----a-w- c:\documents and settings\Hollyw00d\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-30 09:17 . 2010-05-04 13:01 117760 ----a-w- c:\documents and settings\Hollyw00d\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-30 09:15 . 2010-04-30 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-30 09:15 . 2010-04-30 09:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-30 09:15 . 2010-04-30 09:15 -------- d-----w- c:\documents and settings\Hollyw00d\Application Data\SUPERAntiSpyware.com
2010-04-30 08:50 . 2010-04-30 08:50 -------- d-----w- c:\documents and settings\Hollyw00d\Local Settings\Application Data\WinZip
2010-04-30 08:49 . 2010-04-30 08:49 -------- d-----w- c:\program files\CCleaner
2010-04-30 07:20 . 2010-04-30 07:20 -------- d-----w- c:\program files\ESET
2010-04-30 07:08 . 2010-04-30 07:08 388096 ----a-r- c:\documents and settings\Hollyw00d\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-30 07:08 . 2010-04-30 07:08 -------- d-----w- c:\program files\Trend Micro
2010-04-30 06:15 . 2010-04-30 06:15 -------- d-----w- c:\documents and settings\Hollyw00d\Application Data\Malwarebytes
2010-04-30 06:15 . 2010-04-30 06:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 06:15 . 2010-04-30 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-30 06:15 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-30 06:15 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-30 05:53 . 2010-04-30 07:56 -------- d-----w- c:\program files\scdata
2010-04-30 05:37 . 2010-04-30 05:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-30 05:35 . 2010-04-30 05:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-24 04:51 . 2010-04-24 04:51 -------- d-----w- c:\documents and settings\Hollyw00d\Application Data\Media Player Classic
2010-04-20 10:14 . 2010-04-20 10:14 50354 ----a-w- c:\documents and settings\Hollyw00d\Application Data\Facebook\uninstall.exe
2010-04-20 10:14 . 2010-04-20 10:14 -------- d-----w- c:\documents and settings\Hollyw00d\Application Data\Facebook
2010-04-16 22:50 . 2010-04-16 22:50 -------- d-----w- c:\windows\Sun
2010-04-16 21:32 . 2010-04-16 21:33 -------- d-----w- C:\AV_LOGS
2010-04-16 21:31 . 2010-04-16 21:31 -------- d-----w- c:\documents and settings\Hollyw00d\Application Data\Avnex
2010-04-16 21:31 . 2008-12-26 16:56 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys
2010-04-16 20:26 . 2010-04-16 20:26 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-04-15 02:52 . 2010-02-12 04:33 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2010-04-14 18:26 . 2010-01-13 14:01 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2010-04-14 18:25 . 2009-12-24 06:59 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-04-13 23:45 . 2010-04-13 23:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-13 23:19 . 2010-04-13 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-13 23:19 . 2010-04-13 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-13 23:19 . 2010-04-13 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-04-12 19:01 . 2010-04-12 19:01 -------- d-----w- c:\program files\Lame for Audacity
2010-04-10 15:06 . 2007-06-29 18:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2010-04-10 15:06 . 2010-04-10 15:06 -------- d-----w- c:\program files\AMD
2010-04-10 05:41 . 2010-04-27 04:46 -------- d-----w- c:\documents and settings\Hollyw00d\Application Data\Xfire
2010-04-10 05:41 . 2010-04-30 05:36 -------- d-----w- c:\program files\Xfire
2010-04-09 17:02 . 2010-04-09 17:02 -------- d-----w- c:\program files\Audacity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 19:06 . 2010-01-22 15:03 -------- d-----w- c:\documents and settings\Hollyw00d\Application Data\vlc
2010-05-04 12:59 . 2005-02-11 23:11 89856 ----a-w- c:\windows\system32\drivers\nvatabus.sys
2010-05-03 19:09 . 2010-01-21 22:58 -------- d-----w- c:\program files\VideoLAN
2010-05-03 12:54 . 2010-01-21 09:44 -------- d-----w- c:\program files\Common Files\Java
2010-05-03 12:54 . 2010-01-21 09:44 -------- d-----w- c:\program files\Java
2010-05-03 00:16 . 2010-01-21 22:22 -------- d-----w- c:\documents and settings\Hollyw00d\Application Data\Azureus
2010-05-01 03:18 . 2010-01-21 22:15 -------- d-----w- c:\program files\Common Files\AOL
2010-04-30 08:57 . 2010-01-21 22:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-29 04:26 . 2010-01-21 23:04 -------- d-----w- c:\documents and settings\Hollyw00d\Application Data\Hamachi
2010-04-16 21:37 . 2010-03-04 00:38 -------- d-----w- c:\program files\Logitech
2010-04-16 21:36 . 2010-02-02 05:50 -------- d-----w- c:\program files\Celebrity Toolbar
2010-04-15 19:43 . 2010-02-04 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-14 22:17 . 2010-01-21 22:21 -------- d-----w- c:\program files\Vuze
2010-04-08 18:01 . 2010-02-07 12:34 -------- d-----w- c:\documents and settings\Hollyw00d\Application Data\dvdcss
2010-03-23 04:57 . 2010-03-23 04:57 152576 ----a-w- c:\documents and settings\Hollyw00d\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-10 06:15 . 2007-07-05 20:07 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 19:48 . 2010-03-07 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-03-07 19:48 . 2010-02-02 20:41 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Hollyw00d\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Hollyw00d\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-03-03 04:21 . 2010-01-21 22:04 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2010-01-21 22:04 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 04:02 . 2010-01-21 22:04 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-03 04:02 . 2010-01-21 22:04 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-03 04:01 . 2010-01-21 22:04 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-03 03:44 . 2010-01-21 22:04 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2010-01-21 22:04 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2010-01-21 22:04 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2010-01-21 22:04 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2010-01-21 22:04 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2010-01-21 22:04 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2010-01-21 22:04 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2010-01-21 22:04 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2010-01-21 22:04 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2010-01-21 22:04 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2010-01-21 22:04 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2010-01-21 22:04 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2010-01-21 22:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2010-01-21 22:04 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:20 . 2010-04-03 12:48 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-03 03:16 . 2010-01-21 22:04 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2010-01-21 22:04 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2010-01-21 22:04 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2010-01-21 22:04 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2010-01-21 22:04 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2010-01-21 22:04 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2010-01-21 22:04 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-03 03:07 . 2010-01-21 22:04 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-25 19:55 . 2010-01-21 22:04 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-25 06:24 . 2007-07-05 20:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2007-07-05 19:51 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 00:59 . 2010-01-25 01:03 38784 ----a-w- c:\documents and settings\Hollyw00d\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-20 00:59 . 2010-01-25 01:03 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-17 07:05 . 2010-02-17 07:04 1955472 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-02-16 14:08 . 2007-07-05 19:52 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2007-02-28 10:16 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2007-07-05 19:50 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2007-07-05 19:53 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-09 01:00 . 2010-01-21 22:09 76192 ----a-w- c:\documents and settings\Hollyw00d\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-09 00:59 . 2010-02-09 00:59 168968 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-05-03_00.34.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-04 14:09 . 2010-05-04 14:09 16384 c:\windows\temp\Perflib_Perfdata_c14.dat
- 2004-08-04 12:00 . 2010-03-26 10:09 72252 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-05-04 13:04 72252 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-05-04 13:04 444360 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-03-26 10:09 444360 c:\windows\system32\perfh009.dat
+ 2010-05-03 12:54 . 2010-04-12 21:29 153376 c:\windows\system32\javaws.exe
+ 2010-05-03 12:54 . 2010-04-12 21:29 145184 c:\windows\system32\javaw.exe
- 2010-01-21 09:44 . 2010-03-23 04:57 145184 c:\windows\system32\javaw.exe
+ 2010-05-03 12:54 . 2010-04-12 21:29 145184 c:\windows\system32\java.exe
- 2010-01-21 09:44 . 2010-03-23 04:57 145184 c:\windows\system32\java.exe
+ 2010-05-03 12:54 . 2010-05-03 12:54 180224 c:\windows\Installer\28330dc.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-27 2020592]
"Aim"="c:\program files\AIM\aim.exe" [2010-04-29 3829080]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-07-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336]
"EnvyHFCPL"="c:\program files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe" [2006-10-27 483328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuix.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-01 00:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"d:\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"d:\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"d:\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"d:\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"d:\\Steam\\steamapps\\common\\company of heroes\\help.htm"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"g:\\Games\\RON Gold\\thrones.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Games2\\BFME2\\game.dat"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AIM\\aim.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [4/30/2010 8:30 PM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/30/2010 8:30 PM 52872]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2/11/2005 7:11 PM 16640]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/30/2010 8:31 PM 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/30/2010 8:30 PM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 61440]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/30/2010 8:30 PM 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [4/30/2010 8:30 PM 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/30/2010 8:30 PM 5888008]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/3/2010 8:38 PM 10384]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [4/30/2010 8:30 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [4/30/2010 8:30 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [4/30/2010 8:30 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [4/30/2010 8:30 PM 26120]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [1/21/2010 7:25 PM 651712]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [4/16/2010 5:31 PM 17792]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [4/30/2010 8:30 PM 30104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/21/2010 7:09 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1580436667-682003330-1004Core.job
- c:\documents and settings\Hollyw00d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-21 22:25]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1580436667-682003330-1004UA.job
- c:\documents and settings\Hollyw00d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-21 22:25]

2010-05-04 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\e7jqxz5d.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - plugin: c:\documents and settings\Hollyw00d\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Hollyw00d\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 12:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
EnvyHFCPL = c:\program files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1?????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1016)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-05 12:47:12
ComboFix-quarantined-files.txt 2010-05-05 16:47
ComboFix2.txt 2010-05-04 01:33
ComboFix3.txt 2010-05-03 00:36
ComboFix4.txt 2010-05-01 02:23

Pre-Run: 42,286,055,424 bytes free
Post-Run: 42,374,246,400 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 5710AF284739EC276AEAC1F06FFAE6B2

Attached Files

  • Attached File  log.txt   30.01KB   4 downloads


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 52,946 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:38 PM

Posted 05 May 2010 - 01:23 PM

Hello again,

Please right click on your Internet Connection icon in the System Tray and select Status. In the Status window click the Options button.

Look under "this connection uses the following items" and highlight Internet Protocol (TCP/IP). Click Properties.

On the General tab, make sure "Obtain an IP address automatically" and "Obtain DNS server address automatically" are both ticked.
On the Alternate Configuration tab, make sure "Automatic private IP address" is ticked.

Click OK to exit the Properties and OK to exit the other windows as well.

Now, click Start > Run and type cmd in the runbox.

A command window will open. Type ipconfig /flushdns and press enter.


Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:
CODE
@echo off
(ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print) >>Log1.txt
start notepad Log1.txt
del %0

Go to the File menu at the top of the Notepad and select Save as.
Select save in: desktop
Fill in File name: test.bat
Save as type: All file types (*.*)
Click save.
Close the Notepad.
Locate and double-click tast.bat on the desktop.
A notepad opens, copy and paste the content it (log1.txt) to your reply.
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Hollyw00d

Hollyw00d
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 05 May 2010 - 01:30 PM

My TCP/IP settings were correct, all on obtain as per instructed. Here is the log from test.bat

Quick Edit: IE seems to be back up and running but Chrome is still dead (I mainly use FF anyway but just tossing that info here)


Windows IP Configuration



Host Name . . . . . . . . . . . . : zahsh

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Dynex



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : Dynex

Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet #2

Physical Address. . . . . . . . . : 00-18-F3-BF-20-51

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Tuesday, May 04, 2010 10:09:51 AM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PM

DNS request timed out.
timeout was 2 seconds.
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 72.14.204.104, 72.14.204.147, 72.14.204.99, 72.14.204.103

DNS request timed out.
timeout was 2 seconds.
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70
67.195.160.76



Pinging google.com [72.14.204.147] with 32 bytes of data:



Reply from 72.14.204.147: bytes=32 time=28ms TTL=52

Reply from 72.14.204.147: bytes=32 time=20ms TTL=52



Ping statistics for 72.14.204.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 20ms, Maximum = 28ms, Average = 24ms



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=85ms TTL=49

Reply from 72.30.2.43: bytes=32 time=85ms TTL=49



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 85ms, Maximum = 85ms, Average = 85ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 f3 bf 20 51 ...... NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.3 192.168.2.3 20
192.168.2.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.3 192.168.2.3 20
224.0.0.0 240.0.0.0 192.168.2.3 192.168.2.3 20
255.255.255.255 255.255.255.255 192.168.2.3 192.168.2.3 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None

Attached Files


Edited by Hollyw00d, 05 May 2010 - 01:33 PM.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 52,946 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:38 PM

Posted 05 May 2010 - 01:41 PM

Try to reinstall Chrome and see if that fixes the problem.

If you are using a router, please reset it, it should have a button on the backside.

Let me know if that did the trick.
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Hollyw00d

Hollyw00d
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 05 May 2010 - 02:15 PM

Uninstalled Google Chrome, reset my router, rebooted the computer, reinstalled Chrome and it's still dead.

IE is unable to go to Windows Update but seems to be up and running.

Firefox and IE still get browser redirects both from random popups and from google search results.

I'm not too concerned with Chrome atm, just a minor issue. Not being able to get to Windows Update concerns me and these redirects are still lurking.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 52,946 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:38 PM

Posted 05 May 2010 - 02:29 PM

This is definitely not good. Could you please rerun OTL and post me a new log?
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Hollyw00d

Hollyw00d
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 05 May 2010 - 02:34 PM

Here is the latest OTL.txt and Extras.txt

OTL logfile created on: 5/5/2010 3:32:26 PM - Run 4
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Hollyw00d\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 6000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 39.49 Gb Free Space | 67.39% Space Free | Partition Type: NTFS
Drive D: | 407.16 Gb Total Space | 16.57 Gb Free Space | 4.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 149.04 Gb Total Space | 21.41 Gb Free Space | 14.36% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 44.25 Gb Free Space | 9.50% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZAHSH
Current User Name: Hollyw00d
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/05 15:30:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hollyw00d\Desktop\OTL.exe
PRC - [2010/04/30 20:31:00 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/30 20:31:00 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/30 20:30:59 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/04/30 20:30:57 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/30 20:30:44 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/30 20:30:42 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/04/30 20:30:25 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/04/30 20:30:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/30 20:30:17 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/04/30 20:30:17 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/04/28 22:35:34 | 003,829,080 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/04/27 17:27:04 | 002,020,592 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/15 17:14:54 | 000,147,456 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/01/15 17:13:50 | 001,208,320 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/10/27 15:59:02 | 000,483,328 | ---- | M] (VIA TECH) -- C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe


========== Modules (SafeList) ==========

MOD - [2010/05/05 15:30:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hollyw00d\Desktop\OTL.exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 20:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2009/03/06 05:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009/02/12 16:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008/10/25 12:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 13:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/30 20:30:42 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/04/30 20:30:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/30 20:30:17 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)


========== Driver Services (SafeList) ==========

DRV - [2010/05/04 08:59:29 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2010/04/30 20:31:27 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/30 20:31:27 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/30 20:30:28 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/04/30 20:30:28 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/04/30 20:30:27 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/30 20:30:18 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/04/30 20:30:18 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/04/30 20:30:18 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/04/30 20:30:12 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/04/30 20:30:12 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/04/27 17:30:10 | 000,061,440 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/03 00:21:08 | 004,630,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/21 19:19:55 | 000,163,712 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2010/01/21 19:09:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/21 19:04:27 | 000,015,440 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/22 14:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/17 10:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 10:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/12/26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/30 23:18:42 | 000,651,712 | ---- | M] (VIA - IC Ensemble, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Envy24HF.sys -- (Envy24HFS)
DRV - [2007/07/20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/05 15:51:10 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/31 07:45:00 | 001,050,784 | ---- | M] (D-Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5416.sys -- (AR5416)
DRV - [2005/02/11 19:11:32 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/30 23:17:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/03 08:54:37 | 000,000,000 | ---D | M]

[2010/05/03 23:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Extensions
[2010/05/03 08:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\e7jqxz5d.default\extensions
[2010/04/29 05:10:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\e7jqxz5d.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/30 06:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\e7jqxz5d.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/01/21 18:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\j8fvt9k5.Tor\extensions
[2010/01/21 18:51:50 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\j8fvt9k5.Tor\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/01/21 18:51:50 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\j8fvt9k5.Tor\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/02/18 01:09:46 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Application Data\Mozilla\Firefox\Profiles\e7jqxz5d.default\searchplugins\daemon-search.xml
[2010/05/03 21:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/05/01 00:07:55 | 000,392,351 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13576 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [EnvyHFCPL] C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe (VIA TECH)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - Startup: C:\Documents and Settings\Hollyw00d\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk = C:\Program Files\Logitech\G35\eReg.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1645522239-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuix.exe) - C:\WINDOWS\system32\logonuix.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\WINDOWS\system32\config\systemprofile\Application Data\ACommander\ccmain.exe) - C:\WINDOWS\System32\config\systemprofile\Application Data\ACommander\ccmain.exe File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\WINDOWS\system32\config\systemprofile\Application Data\ACommander\ccmain.exe) - C:\WINDOWS\System32\config\systemprofile\Application Data\ACommander\ccmain.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Hollyw00d\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hollyw00d\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/21 05:42:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/21 04:41:53 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/05 15:30:28 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hollyw00d\Desktop\OTL.exe
[2010/05/05 14:46:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/05 12:35:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/05/03 21:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/05/03 21:33:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/03 13:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\AVG9
[2010/05/03 08:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/03 08:54:37 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/03 08:54:37 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/03 08:54:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/03 08:54:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/02 20:24:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/02 16:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/02 16:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/01 07:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\My Documents\AIMLogger
[2010/05/01 05:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/01 05:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/01 00:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/01 00:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/30 23:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Local Settings\Application Data\AIM
[2010/04/30 23:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/04/30 23:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/04/30 22:05:29 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/04/30 21:04:14 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/04/30 21:00:28 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\spybotsd162.exe
[2010/04/30 20:31:27 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/30 20:31:27 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/30 20:31:26 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/30 20:31:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/04/30 20:30:28 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/04/30 20:30:27 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/04/30 20:30:26 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/30 20:30:12 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/04/30 20:30:12 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/04/30 20:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/04/30 20:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/30 08:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/04/30 06:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\QuickScan
[2010/04/30 06:15:15 | 000,000,000 | ---D | C] -- C:\fixwareout
[2010/04/30 05:15:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/30 05:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\SUPERAntiSpyware.com
[2010/04/30 05:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/30 04:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Local Settings\Application Data\WinZip
[2010/04/30 04:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/30 03:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/30 03:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/30 02:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\Malwarebytes
[2010/04/30 02:15:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/30 02:15:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/30 02:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/30 02:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/30 01:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\scdata
[2010/04/30 01:43:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/30 01:42:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/30 01:42:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/30 01:42:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/30 01:42:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/30 01:40:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/30 01:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/30 01:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/24 00:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\Media Player Classic
[2010/04/20 06:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\Facebook
[2010/04/16 18:50:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/16 17:32:46 | 000,000,000 | ---D | C] -- C:\AV_LOGS
[2010/04/16 17:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\Avnex
[2010/04/16 17:31:00 | 000,017,792 | ---- | C] (Avnex) -- C:\WINDOWS\System32\drivers\vcsvad.sys
[2010/04/14 22:52:30 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/04/14 14:26:02 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2010/04/14 14:25:55 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2010/04/13 19:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/04/13 19:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/04/13 19:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/04/13 19:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/04/12 15:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2010/04/10 11:06:21 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\WINDOWS\System32\drivers\AmdLLD.sys
[2010/04/10 11:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2010/04/10 01:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hollyw00d\Application Data\Xfire
[2010/04/10 01:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010/04/09 13:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/01/21 19:25:06 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2010/01/21 19:25:06 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/05 15:30:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hollyw00d\Desktop\OTL.exe
[2010/05/05 15:07:38 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/05/05 15:07:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/05 15:07:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/05 15:06:26 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Hollyw00d\NTUSER.DAT
[2010/05/05 15:06:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Hollyw00d\ntuser.ini
[2010/05/05 15:02:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1580436667-682003330-1004UA.job
[2010/05/05 14:46:56 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Desktop\Google Chrome.lnk
[2010/05/05 12:44:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/05 12:32:07 | 003,946,364 | R--- | M] () -- C:\Documents and Settings\Hollyw00d\Desktop\ComboFix.exe
[2010/05/05 09:02:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1580436667-682003330-1004Core.job
[2010/05/05 08:04:32 | 059,590,935 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/04 17:02:37 | 050,881,218 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Desktop\AB2286F-F529DA1674F112C6E96D633F722B5BE2C55D0E1D.flv
[2010/05/04 15:16:48 | 017,016,097 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Desktop\11.flv
[2010/05/04 15:03:34 | 000,162,816 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/04 15:00:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/04 09:16:43 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2010/05/04 09:04:47 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/04 09:04:47 | 000,444,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/04 09:04:47 | 000,072,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/04 08:59:29 | 000,089,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvatabus.sys
[2010/05/03 21:40:33 | 000,001,581 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/05/03 21:40:33 | 000,001,365 | -H-- | M] () -- C:\IPH.PH
[2010/05/01 00:07:55 | 000,392,351 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/30 23:17:37 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/30 21:01:33 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd162.exe
[2010/04/30 20:31:28 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/30 20:31:27 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/30 20:31:27 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/30 20:31:26 | 000,583,987 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/04/30 20:31:26 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/30 20:30:28 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/04/30 20:30:28 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/04/30 20:30:27 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/30 20:30:12 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/04/30 20:30:12 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/04/30 06:17:52 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100501-000755.backup
[2010/04/30 04:50:48 | 000,122,478 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\My Documents\cc_20100430_045036.reg
[2010/04/30 01:47:07 | 006,399,862 | -H-- | M] () -- C:\Documents and Settings\Hollyw00d\Local Settings\Application Data\IconCache.db
[2010/04/30 01:44:01 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/26 06:50:02 | 047,523,331 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Desktop\2h Enhancement Shaman pvp.mp4
[2010/04/16 16:43:49 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\Hollyw00d\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
[2010/04/16 16:26:30 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/10 11:06:32 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/05 14:46:56 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\Desktop\Google Chrome.lnk
[2010/05/05 12:31:42 | 003,946,364 | R--- | C] () -- C:\Documents and Settings\Hollyw00d\Desktop\ComboFix.exe
[2010/05/04 16:11:02 | 050,881,218 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\Desktop\AB2286F-F529DA1674F112C6E96D633F722B5BE2C55D0E1D.flv
[2010/05/04 15:06:13 | 017,016,097 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\Desktop\11.flv
[2010/05/04 09:17:15 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\mbr.log
[2010/05/04 09:16:43 | 000,077,312 | ---- | C] () -- C:\mbr.exe
[2010/05/03 09:34:05 | 000,002,994 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\log.txt
[2010/04/30 23:18:56 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/04/30 23:17:37 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/30 22:12:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/30 20:31:26 | 000,583,987 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/04/30 20:31:26 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/30 20:31:22 | 059,590,935 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/30 06:16:57 | 000,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/30 04:50:41 | 000,122,478 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\My Documents\cc_20100430_045036.reg
[2010/04/30 01:44:00 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/04/30 01:43:58 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/30 01:42:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/30 01:42:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/30 01:42:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/30 01:42:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/26 06:41:20 | 047,523,331 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\Desktop\2h Enhancement Shaman pvp.mp4
[2010/04/16 16:43:49 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\Hollyw00d\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
[2010/04/16 16:26:30 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/01/21 19:19:28 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2010/01/21 19:08:01 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/21 19:08:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/01/21 19:06:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/21 18:49:34 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2005/03/18 08:52:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
< End of report >




OTL Extras logfile created on: 5/5/2010 3:32:26 PM - Run 4
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Hollyw00d\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 6000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 39.49 Gb Free Space | 67.39% Space Free | Partition Type: NTFS
Drive D: | 407.16 Gb Total Space | 16.57 Gb Free Space | 4.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 149.04 Gb Total Space | 21.41 Gb Free Space | 14.36% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 44.25 Gb Free Space | 9.50% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZAHSH
Current User Name: Hollyw00d
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1645522239-1580436667-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher
"8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher
"8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
"8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"D:\Steam\steamapps\common\trackmania nations forever\TmForever.exe" = D:\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever -- ()
"D:\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe" = D:\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever -- ()
"D:\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe" = D:\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)
"D:\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe" = D:\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme -- ()
"D:\Steam\steamapps\common\company of heroes\RelicCOH.exe" = D:\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes -- (THQ Canada Inc.)
"D:\Steam\steamapps\common\company of heroes\help.htm" = D:\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"G:\Games\RON Gold\thrones.exe" = G:\Games\RON Gold\thrones.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Games2\BFME2\game.dat" = D:\Games2\BFME2\game.dat:*:Enabled:The Battle for Middle-earth™ II -- (Electronic Arts Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01840D1A-3B62-1E2A-9997-C9B9007F1E5F}" = Catalyst Control Center Core Implementation
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DAFF305-A88A-40AC-A882-EB2C6F53AF94}" = League of Legends
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{32BAA79B-CBB2-3693-A0E3-71EA4A1E9761}" = ccc-core-static
"{33BA828D-CF19-0B52-8483-61FCFD83F75D}" = Catalyst Control Center HydraVision Full
"{362CCC45-63D1-9688-C74D-F32F1B0CD919}" = CCC Help English
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4183E4E3-F943-416C-D4E1-0673F1CBA6E1}" = ccc-utility
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69FAC221-570C-A7A2-10FF-30F3BDDED603}" = Catalyst Control Center Graphics Light
"{6C89B82E-AD76-7715-43EA-C37E563E83BB}" = ATI Catalyst Install Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77C4F53F-8618-B4AC-A54D-694CA504BC2E}" = Catalyst Control Center Graphics Full Existing
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A52C4BAB-E8E7-906E-EF34-91EA765505BE}" = ccc-core-preinstall
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB2E2ED5-DE74-F09D-3B23-0C4BA51D8C60}" = Catalyst Control Center Graphics Previews Common
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7 Ultra Edition
"{FDE0EEEA-B1CD-BFED-22BB-AD87B886CC47}" = Catalyst Control Center Graphics Full New
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Audacity_is1" = Audacity 1.2.6
"AudioShell_is1" = AudioShell 1.3.5
"AVG9Uninstall" = AVG 9.0
"BootSkin" = BootSkin
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3207] [2010-01-18]
"Final Fantasy VII_is1" = Final Fantasy VII - Ultima Edition
"FLV Player" = FLV Player 2.0 (build 25)
"Fraps" = Fraps (remove only)
"Hamachi" = Hamachi 1.0.0.62
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"RiseOfNationsExpansion 1.0" = Rise of Nations
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"ROCKIT PRO DJ" = ROCKIT PRO DJ 4.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II Beta" = StarCraft II Beta
"Steam" = Steam
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Vidalia" = Vidalia 0.1.15
"VLC media player" = VLC media player 1.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1645522239-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2010 1:58:18 PM | Computer Name = ZAHSH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module nvappfilter.dll, version 2.2.0.475, fault address 0x00005587.

Error - 1/27/2010 3:01:51 PM | Computer Name = ZAHSH | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 1.0.3.0, faulting module libavcodec_plugin.dll,
version 0.0.0.0, fault address 0x002f9320.

Error - 2/6/2010 8:53:18 AM | Computer Name = ZAHSH | Source = Application Hang | ID = 1002
Description = Hanging application StepMania.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2010 9:00:50 AM | Computer Name = ZAHSH | Source = Application Error | ID = 1000
Description = Faulting application stepmania.exe, version 1.0.0.1, faulting module
stepmania.exe, version 1.0.0.1, fault address 0x001bb189.

[ System Events ]
Error - 5/4/2010 10:09:01 AM | Computer Name = ZAHSH | Source = NIC1394 | ID = 5002
Description = 1394 Net Adapter : Has determined that the adapter is not functioning
properly.

Error - 5/4/2010 10:09:01 AM | Computer Name = ZAHSH | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/4/2010 10:09:01 AM | Computer Name = ZAHSH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/4/2010 10:09:49 AM | Computer Name = ZAHSH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde

Error - 5/5/2010 12:43:55 PM | Computer Name = ZAHSH | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_ROOTREPEAL\0000 disappeared from the system
without first being prepared for removal.

Error - 5/5/2010 3:02:53 PM | Computer Name = ZAHSH | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.3 for the Network Card with network
address 0018F3BF2051 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/5/2010 3:07:23 PM | Computer Name = ZAHSH | Source = NIC1394 | ID = 5002
Description = 1394 Net Adapter : Has determined that the adapter is not functioning
properly.

Error - 5/5/2010 3:07:23 PM | Computer Name = ZAHSH | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/5/2010 3:07:23 PM | Computer Name = ZAHSH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/5/2010 3:08:13 PM | Computer Name = ZAHSH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde


< End of report >


Attached Files



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 52,946 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:38 PM

Posted 05 May 2010 - 02:37 PM

Please launch Malwarebytes Antimalware, update it first and run a full scan. Post me the results.
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Hollyw00d

Hollyw00d
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 05 May 2010 - 05:06 PM

Updated MBAM and ran a full scan across all of my drives. Here is the log, found 1 infection (which seems unrelated at first glance as I've had this file which is part of a game for literally years now). I had it clean the file anyway and restarted as prompted. No change in status, redirects still prominent.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4070

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/5/2010 6:03:51 PM
mbam-log-2010-05-05 (18-03-51).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|)
Objects scanned: 409529
Time elapsed: 2 hour(s), 8 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
G:\Games\StepMania CVS\Program\msvcp60.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users