BleepingComputer.com: smitfraud, rogue, netpumper - you name it...

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

smitfraud, rogue, netpumper - you name it... Multiple infection recover help requested

#1 User is offline   ok computer 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 57
  • Joined: 19-October 09

Posted 09 January 2010 - 08:43 PM

I am fixing this for a neighbor - I've seen it before: "I have Norton on there, but I think maybe the subscription is expired". Of course it was, and there was no boot at all, not even to Safe Mode. I used a boot disk to run Avira, Spybot, and Avast, got it to boot, ran MBAM and removed Norton (as far as I can tell). It operates nicely enough, but still a few bad problems: I still can't boot to Safe Mode...it ends in a blue screen with no legible writing on it (a few random characters). It boots successfully to Windows XP but the onboard network adapter will not connect. I managed to get a wireless adaper to work, but I had to use the manufacturer's utility - the Zero Configuration thing will not work, even thought it shows running under the list of services. I'm guessing there may be other hidden gems in here too. I have no idea how to find them or fix them.

Let me know if the MBAM log would help. I could also attach a HJT log if desired.

Thank you! Any and all help is greatly appreciated!!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


DDS (Ver_09-12-01.01) - NTFSx86
Run by dad at 16:51:34.88 on Sat 01/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.558 [GMT -8:00]

AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.msn.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {52706EF7-D7A2-49AD-A615-E903858CF284} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Net Games Toolbar: {8a6264b5-a8f2-494b-8f37-cf898a763e42} - c:\program files\net_games\tbNet1.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Net Games Toolbar: {8a6264b5-a8f2-494b-8f37-cf898a763e42} - c:\program files\net_games\tbNet1.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Easy Dock] c:\documents and settings\lee speaks\my documents\rca easyrip\EZDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\lee speaks\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
AppInit_DLLs: c:\windows\system32\sajifamu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\05p9w8ju.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RalinkRegistryWriter.exe [2010-1-8 75040]
S2 NNServ;NNServ;"c:\program files\newdotnet\nnrun.exe" "c:\program files\newdotnet\nncore.dll" servicestart --> c:\program files\newdotnet\nnrun.exe [?]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2010-1-8 16512]
S3 TDWXP;WavePlus 802.11b Wireless PCI/PCMCIA Card Driver;c:\windows\system32\drivers\wpndis51.sys [2004-8-3 151552]

=============== Created Last 30 ================

2010-01-08 08:27:01 315510 ----a-w- c:\windows\system32\RAPI.dll
2010-01-08 08:27:01 200704 ----a-w- c:\windows\system32\ssleay32.dll
2010-01-08 08:27:01 16512 ----a-w- c:\windows\system32\drivers\RAPIProtocol.sys
2010-01-08 08:27:01 1093632 ----a-w- c:\windows\system32\libeay32.dll
2010-01-08 08:26:56 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-01-08 08:26:55 465152 ----a-w- c:\windows\system32\drivers\rt73.sys
2010-01-08 08:26:54 0 d-----w- c:\program files\Ralink
2010-01-08 06:51:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Ralink Driver
2010-01-07 06:55:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 06:55:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 06:55:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 04:40:51 0 ----a-w- c:\windows\system32\11478.exe
2010-01-04 22:09:46 25823502 ----a-w- C:\vdf_fusebundle.zip
2010-01-04 20:38:49 262144 ----a-w- c:\windows\SAM
2010-01-03 21:24:47 0 d-sh--w- C:\found.001
2009-12-29 09:27:20 0 ----a-w- c:\windows\system32\3902.exe
2009-12-29 09:07:18 0 ----a-w- c:\windows\system32\14604.exe
2009-12-28 07:00:04 0 ----a-w- c:\windows\system32\31673.exe
2009-12-28 06:40:03 0 ----a-w- c:\windows\system32\2306.exe
2009-12-28 06:20:03 0 ----a-w- c:\windows\system32\13977.exe
2009-12-28 06:00:02 0 ----a-w- c:\windows\system32\9930.exe
2009-12-28 05:40:02 0 ----a-w- c:\windows\system32\22704.exe
2009-12-28 05:20:01 0 ----a-w- c:\windows\system32\29658.exe
2009-12-28 05:00:01 0 ----a-w- c:\windows\system32\4639.exe
2009-12-28 04:40:00 0 ----a-w- c:\windows\system32\31115.exe
2009-12-28 04:20:00 0 ----a-w- c:\windows\system32\4833.exe
2009-12-28 03:59:59 0 ----a-w- c:\windows\system32\16541.exe
2009-12-28 03:39:59 0 ----a-w- c:\windows\system32\22929.exe
2009-12-28 03:19:58 0 ----a-w- c:\windows\system32\2082.exe
2009-12-28 02:59:58 0 ----a-w- c:\windows\system32\16118.exe
2009-12-28 02:39:57 0 ----a-w- c:\windows\system32\21538.exe
2009-12-28 02:19:57 0 ----a-w- c:\windows\system32\5537.exe
2009-12-28 01:59:56 0 ----a-w- c:\windows\system32\11323.exe
2009-12-28 01:39:56 0 ----a-w- c:\windows\system32\24626.exe
2009-12-28 01:19:55 0 ----a-w- c:\windows\system32\32439.exe
2009-12-28 00:59:55 0 ----a-w- c:\windows\system32\16944.exe
2009-12-28 00:39:54 0 ----a-w- c:\windows\system32\26308.exe
2009-12-28 00:19:53 0 ----a-w- c:\windows\system32\13931.exe
2009-12-27 23:59:53 0 ----a-w- c:\windows\system32\7376.exe
2009-12-27 23:39:52 0 ----a-w- c:\windows\system32\4966.exe
2009-12-27 23:19:52 0 ----a-w- c:\windows\system32\11840.exe
2009-12-27 22:59:51 0 ----a-w- c:\windows\system32\18756.exe
2009-12-27 22:19:47 0 ----a-w- c:\windows\system32\24084.exe
2009-12-27 21:59:47 0 ----a-w- c:\windows\system32\12623.exe
2009-12-27 21:39:46 0 ----a-w- c:\windows\system32\19629.exe
2009-12-27 21:19:45 0 ----a-w- c:\windows\system32\3548.exe
2009-12-27 20:59:45 0 ----a-w- c:\windows\system32\24393.exe
2009-12-27 20:39:45 0 ----a-w- c:\windows\system32\31101.exe
2009-12-27 20:19:45 0 ----a-w- c:\windows\system32\15006.exe
2009-12-27 19:59:45 0 ----a-w- c:\windows\system32\15350.exe
2009-12-27 19:39:45 0 ----a-w- c:\windows\system32\24370.exe
2009-12-27 19:19:45 0 ----a-w- c:\windows\system32\6729.exe
2009-12-27 18:59:45 0 ----a-w- c:\windows\system32\15890.exe
2009-12-27 18:39:45 0 ----a-w- c:\windows\system32\23805.exe
2009-12-27 18:19:45 0 ----a-w- c:\windows\system32\27446.exe
2009-12-27 17:59:45 0 ----a-w- c:\windows\system32\22648.exe
2009-12-27 17:39:45 0 ----a-w- c:\windows\system32\19264.exe
2009-12-27 17:19:45 0 ----a-w- c:\windows\system32\8942.exe
2009-12-27 16:59:44 0 ----a-w- c:\windows\system32\9040.exe
2009-12-27 16:39:44 0 ----a-w- c:\windows\system32\30106.exe
2009-12-27 16:19:44 0 ----a-w- c:\windows\system32\288.exe
2009-12-27 15:59:44 0 ----a-w- c:\windows\system32\1842.exe
2009-12-27 15:39:44 0 ----a-w- c:\windows\system32\22190.exe
2009-12-27 15:19:44 0 ----a-w- c:\windows\system32\3035.exe
2009-12-27 14:59:44 0 ----a-w- c:\windows\system32\12316.exe
2009-12-27 14:39:44 0 ----a-w- c:\windows\system32\778.exe
2009-12-27 14:19:44 0 ----a-w- c:\windows\system32\27529.exe
2009-12-27 13:59:44 0 ----a-w- c:\windows\system32\9741.exe
2009-12-27 13:39:44 0 ----a-w- c:\windows\system32\8723.exe
2009-12-27 13:19:44 0 ----a-w- c:\windows\system32\12859.exe
2009-12-27 12:59:41 0 ----a-w- c:\windows\system32\20037.exe
2009-12-27 12:39:40 0 ----a-w- c:\windows\system32\32757.exe
2009-12-27 12:19:40 0 ----a-w- c:\windows\system32\32662.exe
2009-12-27 11:59:40 0 ----a-w- c:\windows\system32\27644.exe
2009-12-27 11:39:40 0 ----a-w- c:\windows\system32\25547.exe
2009-12-27 11:19:40 0 ----a-w- c:\windows\system32\6868.exe
2009-12-27 10:59:40 0 ----a-w- c:\windows\system32\28253.exe
2009-12-27 10:39:40 0 ----a-w- c:\windows\system32\7711.exe
2009-12-27 10:19:40 0 ----a-w- c:\windows\system32\15141.exe
2009-12-27 09:59:40 0 ----a-w- c:\windows\system32\4664.exe
2009-12-27 09:39:40 0 ----a-w- c:\windows\system32\17673.exe
2009-12-27 09:19:40 0 ----a-w- c:\windows\system32\30333.exe
2009-12-27 09:01:36 0 d-----w- c:\program files\Counter-Strike 2D
2009-12-27 08:59:40 0 ----a-w- c:\windows\system32\31322.exe
2009-12-27 08:39:40 0 ----a-w- c:\windows\system32\23811.exe
2009-12-27 08:36:52 6 ----a-w- c:\windows\system32\ClassU
2009-12-27 08:36:52 5 ----a-w- c:\windows\system32\Band4
2009-12-27 08:19:39 0 ----a-w- c:\windows\system32\28703.exe
2009-12-27 07:59:39 0 ----a-w- c:\windows\system32\9894.exe
2009-12-27 07:39:39 0 ----a-w- c:\windows\system32\17035.exe
2009-12-27 07:20:12 0 ----a-w- c:\windows\system32\26299.exe
2009-12-27 07:00:11 0 ----a-w- c:\windows\system32\25667.exe
2009-12-27 06:40:10 0 ----a-w- c:\windows\system32\19912.exe
2009-12-27 06:20:10 0 ----a-w- c:\windows\system32\1869.exe
2009-12-27 06:00:09 0 ----a-w- c:\windows\system32\11538.exe
2009-12-27 05:40:09 0 ----a-w- c:\windows\system32\14771.exe
2009-12-27 05:20:08 0 ----a-w- c:\windows\system32\21726.exe
2009-12-27 05:00:08 0 ----a-w- c:\windows\system32\5447.exe
2009-12-27 04:40:07 0 ----a-w- c:\windows\system32\19895.exe
2009-12-27 04:20:07 0 ----a-w- c:\windows\system32\19718.exe
2009-12-27 04:00:06 0 ----a-w- c:\windows\system32\18716.exe
2009-12-27 03:40:06 0 ----a-w- c:\windows\system32\17421.exe
2009-12-27 03:20:05 0 ----a-w- c:\windows\system32\12382.exe
2009-12-27 03:00:05 0 ----a-w- c:\windows\system32\292.exe
2009-12-27 02:40:04 0 ----a-w- c:\windows\system32\153.exe
2009-12-27 01:39:26 0 ----a-w- c:\windows\system32\32391.exe
2009-12-27 01:19:25 0 ----a-w- c:\windows\system32\5436.exe
2009-12-27 00:59:25 0 ----a-w- c:\windows\system32\4827.exe
2009-12-27 00:39:24 0 ----a-w- c:\windows\system32\11942.exe
2009-12-26 22:40:35 0 ----a-w- c:\windows\system32\28145.exe
2009-12-26 22:20:35 0 ----a-w- c:\windows\system32\5705.exe
2009-12-26 20:40:31 0 ----a-w- c:\windows\system32\15724.exe
2009-12-26 20:20:30 0 ----a-w- c:\windows\system32\19169.exe
2009-12-26 20:00:29 0 ----a-w- c:\windows\system32\26500.exe
2009-12-26 19:40:28 0 ----a-w- c:\windows\system32\6334.exe
2009-12-26 19:20:27 0 ----a-w- c:\windows\system32\18467.exe
2009-12-26 00:05:52 0 d-----w- c:\program files\KingsIsle Entertainment
2009-12-11 22:19:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton

==================== Find3M ====================

2010-01-09 17:28:04 246784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-01-08 08:26:56 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2009-12-30 04:54:50 14336 ----a-w- c:\windows\system32\svchost.exe
2009-12-30 04:54:50 14336 ----a-w- c:\windows\system32\dllcache\svchost.exe
2009-11-30 21:40:27 662 ----a-w- c:\docume~1\dad\applic~1\wklnhst.dat
2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:00:55 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 14:58:48 263552 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:53:29 266752 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 69632 ------w- c:\windows\system32\dllcache\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:54:17 112128 ------w- c:\windows\system32\dllcache\rastls.dll
2008-11-13 02:37:08 6956032 -csha-w- c:\program files\ehthumbs.db
2007-04-07 08:04:55 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-09-27 00:17:03 251 ----a-w- c:\program files\wt3d.ini

============= FINISH: 16:53:42.52 ===============

#2 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 26,080
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 15 January 2010 - 06:51 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#3 User is offline   ok computer 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 57
  • Joined: 19-October 09

Posted 17 January 2010 - 12:11 PM

The two reports are pasted below. Currently I have installed AVG as the permanent antivirus protection for this computer. I ran a full scan yesterday and all that it is finding at this point seems to be two files it identifies as "Trojan Horse NaviPromo.AA". The two files are
  • c:\windows\system32\ubockymaiw.dat
  • c:\windows\system32\ghbaqdpzbe.dat

AVG appears to have removed these files. Spybot S&D finds nothing. If you'd like me to run MBAM or HJT let me know.

The lingering problems that I am aware of are these:
  • Safe Mode still does not work. The boot up terminates in a blue screen with a couple of random characters on it.
  • I was having trouble with the onboard lan adapter. The cable was plugged in but it would not connect at all. I was able to put in a wireless USB adapter but it only worked with the manufacturers utility - I couldn' get the Zero Configuration utility to work. This has changed since the last AVG scan however. I just now went into services and turned on the zero config and it worked (this did nothing before). Now I've unplugged the wireless adapter altogether and the onboard adapter seems to be working fine.
  • I was also having that problem where the browser redirects the URL, but I can't test that because I don't remember which site I was trying to access.

You get the feeling that the problems you've detected might just be the tip of the iceberg.

Here are my reports. Let me know what else you need and thank you very much!!



OTL.TXT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 1/17/2010 8:42:30 AM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\dad\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 553.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 179.74 Gb Free Space | 78.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.77 Gb Total Space | 3.09 Gb Free Space | 81.88% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCJZ5TB1
Current User Name: dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/17 08:42:07 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dad\Desktop\OTL.exe
PRC - [2010/01/12 22:47:17 | 04,043,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgui.exe
PRC - [2010/01/12 22:47:06 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/12 22:27:35 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/12 22:27:35 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/12 22:27:35 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/12 22:27:33 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/12 22:27:30 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/12 22:27:29 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/17 06:55:51 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/11/11 20:54:50 | 01,634,304 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
PRC - [2008/09/05 10:23:20 | 00,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
PRC - [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/08/14 23:49:26 | 00,063,040 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2007/06/13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/06 04:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 04:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/09/08 02:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/08/10 02:00:00 | 00,815,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe


========== Modules (SafeList) ==========

MOD - [2010/01/17 08:42:07 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dad\Desktop\OTL.exe
MOD - [2006/08/25 07:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NNServ)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2010/01/12 22:27:30 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/12 22:27:29 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/07 20:14:16 | 00,103,736 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/04/30 23:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/09/05 10:23:20 | 00,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/08/14 23:49:26 | 00,063,040 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/07/06 04:14:30 | 00,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/06/01 13:25:00 | 00,180,224 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel®
SRV - [2004/07/14 22:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Driver Services (SafeList) ==========

DRV - [2010/01/16 00:21:14 | 00,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2010/01/12 22:27:51 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/12 22:27:51 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/12 22:27:51 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/08 00:26:56 | 00,021,361 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/09/07 20:14:49 | 00,022,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/04/30 21:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/10/21 11:16:58 | 00,465,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2008/08/07 14:42:36 | 00,016,512 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RAPIProtocol.sys -- (RAPIProtocol)
DRV - [2008/06/20 01:52:06 | 00,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/31 14:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 17:46:38 | 00,016,224 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2006/10/26 20:39:59 | 00,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/19 05:02:07 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/07/24 14:20:00 | 01,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/05 10:49:08 | 00,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/05/09 12:36:44 | 00,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/09 12:36:42 | 00,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/09 12:36:22 | 00,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/09 12:36:20 | 00,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/09 12:36:18 | 00,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2005/09/12 00:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 02:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 02:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 02:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 02:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 02:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 02:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 02:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 09:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 09:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 02:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/05/11 19:24:08 | 00,062,856 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt9080.sys -- (SQTECH9080) MegaCam(PID_9080_00)
DRV - [2005/04/24 17:57:36 | 00,091,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2005/01/25 23:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/12 14:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 02:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 20:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 20:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 15:24:22 | 00,151,552 | ---- | M] (WavePlus Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpndis51.sys -- (TDWXP)
DRV - [2004/06/09 07:29:56 | 00,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2003/11/17 18:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 18:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 18:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 15:48:08 | 00,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/09/23 01:49:00 | 00,068,672 | R--- | M] (2Wire, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\2WirePCP.sys -- (2WIREPCP)
DRV - [2001/08/17 11:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 11:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 11:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 11:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 11:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 10:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 10:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 10:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 10:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 10:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 10:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 10:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 10:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 10:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 10:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 10:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 09:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060919
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060919


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060919
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060919
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.live.com [binary data]
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\S-1-5-21-2891760595-2461145334-508594633-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/12 22:27:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/01/12 22:27:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 06:55:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 06:55:55 | 00,000,000 | ---D | M]

[2008/06/23 10:58:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dad\Application Data\Mozilla\Extensions
[2010/01/15 18:31:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dad\Application Data\Mozilla\Firefox\Profiles\05p9w8ju.default\extensions
[2010/01/15 18:10:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/08 22:40:58 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2005/04/27 12:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2009/12/29 19:49:26 | 00,001,035 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {8a6264b5-a8f2-494b-8f37-cf898a763e42} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Easy Dock] C:\Documents and Settings\lee speaks\My Documents\RCA easyRip\EZDock.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\lee speaks\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\sajifamu.dll) - C:\WINDOWS\System32\sajifamu.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 01:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009/12/06 18:36:44 | 00,786,432 | ---- | M] ()
O33 - MountPoints2\{6d2e8e65-e5f4-11de-a7d2-001676bebe81}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{6d2e8e65-e5f4-11de-a7d2-001676bebe81}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{6d2e8e65-e5f4-11de-a7d2-001676bebe81}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{6d2e8e65-e5f4-11de-a7d2-001676bebe81}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{6d2e8e65-e5f4-11de-a7d2-001676bebe81}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (stera) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/17 08:42:07 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dad\Desktop\OTL.exe
[2010/01/15 18:10:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dad\Local Settings\Application Data\AVG Security Toolbar
[2010/01/12 22:28:21 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010/01/12 22:27:52 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/12 22:27:51 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/12 22:27:51 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/12 22:27:51 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/12 22:27:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/01/12 22:27:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/01/12 22:27:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/12 22:27:29 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/01/12 22:24:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/12 21:41:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2010/01/12 21:39:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dad\Desktop\32bit
[2010/01/12 21:25:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/12 21:25:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/12 21:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/09 16:55:05 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\dad\Desktop\RootRepeal.exe
[2010/01/09 16:45:14 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\dad\Desktop\HJTInstall.exe
[2010/01/08 00:27:01 | 01,093,632 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2010/01/08 00:27:01 | 00,315,510 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\RAPI.dll
[2010/01/08 00:27:01 | 00,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2010/01/08 00:27:01 | 00,016,512 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\RAPIProtocol.sys
[2010/01/08 00:26:56 | 00,021,361 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\AegisP.sys
[2010/01/08 00:26:55 | 00,465,152 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt73.sys
[2010/01/08 00:26:54 | 00,000,000 | ---D | C] -- C:\Program Files\Ralink
[2010/01/07 22:51:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2010/01/07 22:50:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dad\Application Data\InstallShield
[2010/01/06 22:55:24 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/06 22:55:21 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 22:55:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/06 22:54:54 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\dad\Desktop\mbam-setup.exe
[2010/01/03 13:24:47 | 00,000,000 | -HSD | C] -- C:\found.001
[2009/12/28 18:28:13 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/12/27 01:01:36 | 00,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 2D
[2009/12/26 20:48:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/12/25 16:05:52 | 00,000,000 | ---D | C] -- C:\Program Files\KingsIsle Entertainment
[2007/08/29 09:50:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/04/07 00:05:03 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2006/11/17 15:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2006/11/17 15:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2006/11/11 15:08:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2006/11/07 18:09:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/11/06 18:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2006/11/05 23:00:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\yahoo!
[2006/11/05 20:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2006/11/05 20:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/17 08:45:53 | 47,963,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/17 08:43:03 | 00,141,759 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/17 08:42:07 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dad\Desktop\OTL.exe
[2010/01/17 08:36:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/17 08:35:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/17 08:35:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/17 08:35:14 | 10,716,89728 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/16 00:21:14 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStor.sys
[2010/01/15 15:42:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/14 19:14:36 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\dad\NTUSER.DAT
[2010/01/14 19:14:36 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\dad\ntuser.ini
[2010/01/14 19:13:05 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/12 22:28:03 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/12 22:27:52 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/12 22:27:52 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/01/12 22:27:51 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/12 22:27:51 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/12 22:27:51 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/12 22:27:51 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/12 22:27:51 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/09 16:55:23 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\dad\Desktop\settings.dat
[2010/01/09 16:55:09 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\dad\Desktop\RootRepeal.exe
[2010/01/09 16:51:14 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\dad\Desktop\dds.scr
[2010/01/09 16:45:16 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\dad\Desktop\HJTInstall.exe
[2010/01/09 09:11:19 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/09 09:11:19 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/09 09:11:19 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/08 00:27:01 | 00,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[2010/01/08 00:26:56 | 00,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/01/08 00:26:56 | 00,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\AegisP.sys
[2010/01/07 23:51:20 | 00,027,015 | ---- | M] () -- C:\Documents and Settings\dad\Desktop\norton program info.JPG
[2010/01/07 23:20:22 | 00,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/07 23:20:22 | 00,000,237 | RHS- | M] () -- C:\boot.ini
[2010/01/07 23:20:22 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 22:55:27 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/06 22:17:14 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\dad\Desktop\mbam-setup.exe
[2010/01/06 21:45:10 | 00,263,168 | ---- | M] () -- C:\Documents and Settings\dad\Desktop\rkill.com
[2010/01/06 21:23:02 | 00,039,507 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/06 21:12:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/06 20:40:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010/01/06 20:20:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/01/06 20:00:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/01/06 19:40:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/06 19:20:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/04 14:09:46 | 25,823,502 | ---- | M] () -- C:\vdf_fusebundle.zip
[2010/01/04 12:38:49 | 00,262,144 | ---- | M] () -- C:\WINDOWS\SAM
[2009/12/30 21:24:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe
[2009/12/30 21:04:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe
[2009/12/30 20:44:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe
[2009/12/30 20:24:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
[2009/12/30 20:04:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2009/12/30 19:44:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2009/12/30 19:24:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2009/12/30 17:23:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2009/12/30 17:03:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2009/12/29 20:54:50 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe
[2009/12/29 19:49:26 | 00,001,035 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/12/29 14:07:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12316.exe
[2009/12/29 13:47:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\778.exe
[2009/12/29 13:27:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27529.exe
[2009/12/29 13:07:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9741.exe
[2009/12/29 12:47:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\8723.exe
[2009/12/29 12:27:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12859.exe
[2009/12/29 12:07:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\20037.exe
[2009/12/29 11:47:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32757.exe
[2009/12/29 11:27:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32662.exe
[2009/12/29 11:07:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27644.exe
[2009/12/29 10:47:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25547.exe
[2009/12/29 10:27:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6868.exe
[2009/12/29 10:07:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28253.exe
[2009/12/29 09:47:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\7711.exe
[2009/12/29 09:27:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15141.exe
[2009/12/29 09:07:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4664.exe
[2009/12/29 08:47:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17673.exe
[2009/12/29 08:27:41 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\30333.exe
[2009/12/29 08:07:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\31322.exe
[2009/12/29 07:47:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23811.exe
[2009/12/29 07:27:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28703.exe
[2009/12/29 07:07:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9894.exe
[2009/12/29 06:47:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17035.exe
[2009/12/29 06:27:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26299.exe
[2009/12/29 06:07:34 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25667.exe
[2009/12/29 05:47:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19912.exe
[2009/12/29 05:27:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1869.exe
[2009/12/29 05:07:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11538.exe
[2009/12/29 04:47:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14771.exe
[2009/12/29 04:27:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\21726.exe
[2009/12/29 04:07:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5447.exe
[2009/12/29 03:47:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19895.exe
[2009/12/29 03:27:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19718.exe
[2009/12/29 03:07:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18716.exe
[2009/12/29 02:47:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17421.exe
[2009/12/29 02:27:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe
[2009/12/29 02:07:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe
[2009/12/27 23:00:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\31673.exe
[2009/12/27 22:40:03 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2306.exe
[2009/12/27 22:20:03 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\13977.exe
[2009/12/27 22:00:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9930.exe
[2009/12/27 21:40:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22704.exe
[2009/12/27 21:20:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29658.exe
[2009/12/27 21:00:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4639.exe
[2009/12/27 20:40:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\31115.exe
[2009/12/27 20:20:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4833.exe
[2009/12/27 19:59:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16541.exe
[2009/12/27 19:39:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22929.exe
[2009/12/27 19:19:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2082.exe
[2009/12/27 18:59:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16118.exe
[2009/12/27 18:39:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\21538.exe
[2009/12/27 18:19:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5537.exe
[2009/12/27 17:59:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11323.exe
[2009/12/27 17:39:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24626.exe
[2009/12/27 17:19:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32439.exe
[2009/12/27 16:59:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16944.exe
[2009/12/27 16:39:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26308.exe
[2009/12/27 16:19:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\13931.exe
[2009/12/27 15:59:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\7376.exe
[2009/12/27 15:39:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4966.exe
[2009/12/27 15:19:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11840.exe
[2009/12/27 14:59:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18756.exe
[2009/12/27 14:19:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24084.exe
[2009/12/27 13:59:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12623.exe
[2009/12/27 13:39:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19629.exe
[2009/12/27 13:19:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3548.exe
[2009/12/27 12:59:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24393.exe
[2009/12/27 12:39:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\31101.exe
[2009/12/27 12:19:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15006.exe
[2009/12/27 11:59:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15350.exe
[2009/12/27 11:39:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24370.exe
[2009/12/27 11:19:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6729.exe
[2009/12/27 10:59:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15890.exe
[2009/12/27 10:39:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23805.exe
[2009/12/27 10:19:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27446.exe
[2009/12/27 09:59:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22648.exe
[2009/12/27 09:39:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19264.exe
[2009/12/27 09:19:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\8942.exe
[2009/12/27 08:59:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9040.exe
[2009/12/27 08:39:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\30106.exe
[2009/12/27 08:19:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\288.exe
[2009/12/27 07:59:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1842.exe
[2009/12/27 07:39:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22190.exe
[2009/12/27 07:19:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3035.exe
[2009/12/27 00:36:52 | 00,000,006 | ---- | M] () -- C:\WINDOWS\System32\ClassU
[2009/12/27 00:36:52 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\Band4
[2009/12/25 01:28:07 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/17 08:45:14 | 47,963,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm.prepare
[2010/01/12 22:28:02 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/12 22:27:52 | 47,897,727 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/12 22:27:52 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/01/12 22:27:51 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/12 22:27:51 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/12 22:27:51 | 00,141,759 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/12 22:27:51 | 00,140,770 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg.old
[2010/01/10 02:01:24 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/09 16:55:23 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\dad\Desktop\settings.dat
[2010/01/09 16:51:10 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\dad\Desktop\dds.scr
[2010/01/08 00:27:01 | 00,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[2010/01/07 23:51:20 | 00,027,015 | ---- | C] () -- C:\Documents and Settings\dad\Desktop\norton program info.JPG
[2010/01/06 22:55:27 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/06 22:40:04 | 00,263,168 | ---- | C] () -- C:\Documents and Settings\dad\Desktop\rkill.com
[2010/01/06 20:40:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010/01/04 14:09:46 | 25,823,502 | ---- | C] () -- C:\vdf_fusebundle.zip
[2010/01/04 12:38:49 | 00,262,144 | ---- | C] () -- C:\WINDOWS\SAM
[2009/12/29 01:27:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\3902.exe
[2009/12/29 01:07:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\14604.exe
[2009/12/27 23:00:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\31673.exe
[2009/12/27 22:40:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\2306.exe
[2009/12/27 22:20:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\13977.exe
[2009/12/27 22:00:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9930.exe
[2009/12/27 21:40:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\22704.exe
[2009/12/27 21:20:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29658.exe
[2009/12/27 21:00:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4639.exe
[2009/12/27 20:40:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\31115.exe
[2009/12/27 20:20:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4833.exe
[2009/12/27 19:59:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16541.exe
[2009/12/27 19:39:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\22929.exe
[2009/12/27 19:19:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\2082.exe
[2009/12/27 18:59:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16118.exe
[2009/12/27 18:39:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\21538.exe
[2009/12/27 18:19:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5537.exe
[2009/12/27 17:59:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11323.exe
[2009/12/27 17:39:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24626.exe
[2009/12/27 17:19:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32439.exe
[2009/12/27 16:59:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16944.exe
[2009/12/27 16:39:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26308.exe
[2009/12/27 16:19:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\13931.exe
[2009/12/27 15:59:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\7376.exe
[2009/12/27 15:39:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4966.exe
[2009/12/27 15:19:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11840.exe
[2009/12/27 14:59:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18756.exe
[2009/12/27 14:19:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24084.exe
[2009/12/27 13:59:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12623.exe
[2009/12/27 13:39:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19629.exe
[2009/12/27 13:19:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\3548.exe
[2009/12/27 12:59:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24393.exe
[2009/12/27 12:39:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\31101.exe
[2009/12/27 12:19:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15006.exe
[2009/12/27 11:59:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15350.exe
[2009/12/27 11:39:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24370.exe
[2009/12/27 11:19:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6729.exe
[2009/12/27 10:59:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15890.exe
[2009/12/27 10:39:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23805.exe
[2009/12/27 10:19:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\27446.exe
[2009/12/27 09:59:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\22648.exe
[2009/12/27 09:39:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19264.exe
[2009/12/27 09:19:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\8942.exe
[2009/12/27 08:59:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9040.exe
[2009/12/27 08:39:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\30106.exe
[2009/12/27 08:19:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\288.exe
[2009/12/27 07:59:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\1842.exe
[2009/12/27 07:39:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\22190.exe
[2009/12/27 07:19:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\3035.exe
[2009/12/27 06:59:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12316.exe
[2009/12/27 06:39:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\778.exe
[2009/12/27 06:19:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\27529.exe
[2009/12/27 05:59:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9741.exe
[2009/12/27 05:39:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\8723.exe
[2009/12/27 05:19:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12859.exe
[2009/12/27 04:59:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\20037.exe
[2009/12/27 04:39:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32757.exe
[2009/12/27 04:19:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32662.exe
[2009/12/27 03:59:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\27644.exe
[2009/12/27 03:39:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\25547.exe
[2009/12/27 03:19:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6868.exe
[2009/12/27 02:59:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28253.exe
[2009/12/27 02:39:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\7711.exe
[2009/12/27 02:19:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15141.exe
[2009/12/27 01:59:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4664.exe
[2009/12/27 01:39:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17673.exe
[2009/12/27 01:19:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\30333.exe
[2009/12/27 00:59:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\31322.exe
[2009/12/27 00:39:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23811.exe
[2009/12/27 00:36:52 | 00,000,006 | ---- | C] () -- C:\WINDOWS\System32\ClassU
[2009/12/27 00:36:52 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\Band4
[2009/12/27 00:19:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28703.exe
[2009/12/26 23:59:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9894.exe
[2009/12/26 23:39:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17035.exe
[2009/12/26 23:20:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26299.exe
[2009/12/26 23:00:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\25667.exe
[2009/12/26 22:40:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19912.exe
[2009/12/26 22:20:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\1869.exe
[2009/12/26 22:00:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11538.exe
[2009/12/26 21:40:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\14771.exe
[2009/12/26 21:20:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\21726.exe
[2009/12/26 21:00:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5447.exe
[2009/12/26 20:40:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19895.exe
[2009/12/26 20:20:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19718.exe
[2009/12/26 20:00:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18716.exe
[2009/12/26 19:40:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17421.exe
[2009/12/26 19:20:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12382.exe
[2009/12/26 19:00:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\292.exe
[2009/12/26 18:40:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\153.exe
[2009/12/26 17:39:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32391.exe
[2009/12/26 17:19:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe
[2009/12/26 16:59:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe
[2009/12/26 16:39:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe
[2009/12/26 14:40:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2009/12/26 14:20:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2009/12/26 12:40:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/12/26 12:20:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/12/26 12:00:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/12/26 11:40:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/12/26 11:20:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/04/30 23:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/30 23:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/30 23:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/30 23:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/24 16:55:03 | 00,000,662 | ---- | C] () -- C:\Documents and Settings\dad\Application Data\wklnhst.dat
[2008/09/24 16:48:48 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/13 23:36:07 | 06,956,032 | -HS- | C] () -- C:\Program Files\ehthumbs.db
[2008/01/03 22:36:59 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\dad\Local Settings\Application Data\fusioncache.dat
[2007/12/30 17:46:24 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/06 21:53:39 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/24 15:55:13 | 00,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2007/06/19 07:59:36 | 00,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 06:57:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/04/07 00:07:27 | 00,000,094 | -H-- | C] () -- C:\WINDOWS\System32\tbd_G1ssg.ini
[2006/12/14 21:24:24 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/11/16 15:17:07 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/11 03:02:38 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/11/02 20:22:09 | 00,000,175 | ---- | C] () -- C:\WINDOWS\em06z.ini
[2006/09/26 16:17:03 | 00,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/09/19 05:12:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/19 05:05:46 | 00,000,930 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/19 05:04:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/19 04:37:10 | 00,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 05:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 01:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 01:18:35 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\security.dll
[2005/08/05 11:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F
< End of report >





Extras.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL Extras logfile created on: 1/17/2010 8:42:30 AM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\dad\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 553.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 179.74 Gb Free Space | 78.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.77 Gb Total Space | 3.09 Gb Free Space | 81.88% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCJZ5TB1
Current User Name: dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"57988:TCP" = 57988:TCP:*:Enabled:Pando Media Booster
"57988:UDP" = 57988:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Documents and Settings\lee speaks\Local Settings\Temp\alg.exe" = C:\Documents and Settings\lee speaks\Local Settings\Temp\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Microsoft Windows Explorer -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Valve\Steam\SteamApps\h3rojr\counter-strike\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\h3rojr\counter-strike\hl.exe:*:Disabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Valve\Steam\SteamApps\h3rojr\condition zero deleted scenes\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\h3rojr\condition zero deleted scenes\hl.exe:*:Disabled:Half-Life Launcher -- File not found
"C:\Program Files\Valve\Steam\SteamApps\h3rojr\day of defeat\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\h3rojr\day of defeat\hl.exe:*:Disabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Valve\Steam\SteamApps\h3rojr\deathmatch classic\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\h3rojr\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe" = C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam -- File not found
"C:\Program Files\Kuma Games\Kuma.exe" = C:\Program Files\Kuma Games\Kuma.exe:*:Enabled:Kuma -- File not found
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ӟ" = DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ӟ:*:Enabled:Nod32 Runtime
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe" = C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne -- (Electronic Arts Inc.)
"C:\Documents and Settings\lee speaks\Local Settings\Temp\alg.exe" = C:\Documents and Settings\lee speaks\Local Settings\Temp\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found
"C:\Program Files\InternetSecurity2010\IS2010.exe" = C:\Program Files\InternetSecurity2010\IS2010.exe:*:Enabled:IS2010 -- File not found
"C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE" = C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE:*:Enabled:AUPDATE -- File not found
"C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE" = C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE:*:Enabled:LUCOMS~1 -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault™
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F69001-4D35-4BEA-A074-26DA04EA0CDA}" = MegaCam
"{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}" = Media Converter for Philips
"{7EAB1D85-7BA3-47C1-BBF7-A0EBC241DB94}" = Intel® Viiv™ Software
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault™ Breakthrough
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6AD979-8170-49ED-8529-14174317B281}" = SA60xx Device Manager
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B07F0D17-FE19-4BE6-9F83-27E52CF381D5}" = Utherverse 3D Client
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Video FX Utility" = Advanced Video FX Utility
"Astro Gemini Screensaver Manager_is1" = Astro Gemini Screensaver Manager 2.0
"AVG9Uninstall" = AVG Free 9.0
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Collab" = Collab
"Creative PD0620" = Creative WebCam Instant Driver (1.03.02.0425)
"Creative Photo Manager" = Creative Photo Manager
"Creative WebCam Center" = Creative WebCam Center
"Creative WebCam Instant User's Guide English" = Creative WebCam Instant User's Guide (English)
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"DeluxeCommunications" = DeluxeCommunications
"EL" = Intel® Quick Resume Technology Drivers
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"GameSpy Arcade" = GameSpy Arcade
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Intelore - Millions of Light Years" = Intelore - Millions of Light Years v1.6 (remove only)
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatrixWorld 3D Screensaver" = MatrixWorld 3D Screensaver (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"PunkBusterSvc" = PunkBuster Services
"RCA Detective™_is1" = RCA Detective™ 2.0.0.99
"RCA easyRip_is1" = RCA easyRip 2.1.7.0
"RealPlayer 6.0" = RealPlayer Basic
"Revo Uninstaller" = Revo Uninstaller 1.83
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SightSpeed" = SightSpeed (remove only)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Steam App 10" = Counter-Strike
"Steam App 300" = Day of Defeat: Source
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SystemRequirementsLab" = System Requirements Lab
"Utherverse 3D Client" = Utherverse 3D Client
"ViewpointMediaPlayer" = Viewpoint Media Player
"Web Sudoku Deluxe_is1" = Web Sudoku Deluxe 1.2.2
"WebCam Instant Product Registration" = WebCam Instant Product Registration
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Winter 3D Screensaver_is1" = Winter 3D Screensaver 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/8/2010 3:10:34 AM | Computer Name = DCJZ5TB1 | Source = SENS | ID = 0
Description =

Error - 1/8/2010 3:30:04 AM | Computer Name = DCJZ5TB1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 1/8/2010 3:30:13 AM | Computer Name = DCJZ5TB1 | Source = SENS | ID = 0
Description =

Error - 1/8/2010 4:21:09 AM | Computer Name = DCJZ5TB1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 1/8/2010 4:21:11 AM | Computer Name = DCJZ5TB1 | Source = SENS | ID = 0
Description =

Error - 1/13/2010 2:26:08 AM | Computer Name = DCJZ5TB1 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the
required files. Check your connection to the network, or CD-ROM drive. For other
potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 1/13/2010 2:50:41 AM | Computer Name = DCJZ5TB1 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the
required files. Check your connection to the network, or CD-ROM drive. For other
potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 1/13/2010 2:50:43 AM | Computer Name = DCJZ5TB1 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Word 2002 - Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 1/14/2010 11:21:17 PM | Computer Name = DCJZ5TB1 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x0001ab0a.

Error - 1/15/2010 2:38:52 AM | Computer Name = DCJZ5TB1 | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x0001ab0a.

[ IntelDH Events ]
Error - 1/8/2010 3:10:45 AM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/8/2010 3:30:23 AM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/8/2010 4:21:18 AM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/9/2010 1:07:28 PM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/12/2010 1:39:49 AM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/13/2010 12:55:39 AM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/13/2010 2:32:39 AM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/13/2010 7:27:07 AM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/14/2010 11:16:59 PM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/14/2010 11:24:47 PM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

[ IntelDH Events ]
Error - 1/8/2010 3:10:45 AM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/8/2010 3:30:23 AM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/8/2010 4:21:18 AM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/9/2010 1:07:28 PM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/12/2010 1:39:49 AM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/13/2010 12:55:39 AM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/13/2010 2:32:39 AM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/13/2010 7:27:07 AM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/14/2010 11:16:59 PM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 1/14/2010 11:24:47 PM | Computer Name = DCJZ5TB1 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

[ System Events ]
Error - 1/14/2010 11:21:19 PM | Computer Name = DCJZ5TB1 | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 1/14/2010 11:21:19 PM | Computer Name = DCJZ5TB1 | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/14/2010 11:24:47 PM | Computer Name = DCJZ5TB1 | Source = Service Control Manager | ID = 7023
Description = The Intel® Quick Resume technology service terminated with the following
error: %%203

Error - 1/15/2010 2:40:03 AM | Computer Name = DCJZ5TB1 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/15/2010 2:41:54 AM | Computer Name = DCJZ5TB1 | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 1/15/2010 2:42:01 AM | Computer Name = DCJZ5TB1 | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 1/15/2010 2:42:05 AM | Computer Name = DCJZ5TB1 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/15/2010 2:42:14 AM | Computer Name = DCJZ5TB1 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/17/2010 12:36:03 PM | Computer Name = DCJZ5TB1 | Source = Service Control Manager | ID = 7023
Description = The Intel® Quick Resume technology service terminated with the following
error: %%203

Error - 1/17/2010 12:36:43 PM | Computer Name = DCJZ5TB1 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >


#4 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 26,080
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 17 January 2010 - 12:43 PM

Hi,

please run a rootkit scan with gmer as well:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#5 User is offline   ok computer 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 57
  • Joined: 19-October 09

Posted 17 January 2010 - 08:39 PM

This has given me some trouble. When I first ran it, I got a blue screen within about 20 minutes. I rebooted and ran it again, and it was doing great, though the scan apparently takes many hours. I found that the log could be saved as-is before the scan was over so I saved a copy every hour or so, in case it crashed again. The last time I tried saving one, it crashed (though not a blue screen - the program just froze up).

I am attaching the last copy of the gmer.log file that I was able to save, but again, this was before the program was finished scanning. I'll try to run another one, and I'll let you know how it goes.

GMER.LOG
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-17 12:01:09
Windows 5.1.2600 Service Pack 2
Running: unenv9g6.exe; Driver: C:\DOCUME~1\dad\LOCALS~1\Temp\pgloapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\iastor.sys entry point in ".rsrc" section [0xF73FC024]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5E02360, 0x3CEED5, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat AFBB6C8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device -> \Driver\iastor \Device\Harddisk0\DR0 870E7841

#6 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 26,080
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 17 January 2010 - 08:51 PM

Hi,

I am suspecting a rootkit, please run this additional scan for confirmation:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#7 User is offline   ok computer 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 57
  • Joined: 19-October 09

Posted 18 January 2010 - 10:33 AM

Here it is. Hope it helps...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x870E0841]<<
kernel: MBR read successfully
user & kernel MBR OK

#8 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 26,080
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 19 January 2010 - 09:57 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#9 User is offline   ok computer 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 57
  • Joined: 19-October 09

Posted 19 January 2010 - 11:52 PM

This isn't my computer (it's my neighbor's) so it it's just the same with you, I'll continue the cleanup process and then hand it back to him with your information about the root kit and corresponding threat. Frankly, this machine could use a clean install.

Attached below is the text from the ComboFix log.

Awaiting your instructions...


ComboFix log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix 10-01-19.02 - dad 01/19/2010 19:48:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.605 [GMT -8:00]
Running from: c:\documents and settings\dad\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UA.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UAcpt.dtd
c:\documents and settings\Guest\Application Data\Dxcdmns.dll
c:\documents and settings\Guest\err.log
c:\documents and settings\Guest\Local Settings\Temporary Internet Files\Dxc.log
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\Dxc.log
c:\progra~1\COMMON~1\{2CAA5~1
c:\progra~1\COMMON~1\{3CAA5~1
c:\program files\Common Files\Companion Wizard
c:\program files\deluxecommunications
c:\program files\Seekmo Programs
c:\windows\kb913800.exe
c:\windows\pack.epk
c:\windows\system32\11323.exe
c:\windows\system32\11478.exe
c:\windows\system32\11538.exe
c:\windows\system32\11840.exe
c:\windows\system32\11942.exe
c:\windows\system32\12316.exe
c:\windows\system32\12382.exe
c:\windows\system32\12623.exe
c:\windows\system32\12859.exe
c:\windows\system32\13931.exe
c:\windows\system32\13977.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\15006.exe
c:\windows\system32\15141.exe
c:\windows\system32\153.exe
c:\windows\system32\15350.exe
c:\windows\system32\15724.exe
c:\windows\system32\15890.exe
c:\windows\system32\16118.exe
c:\windows\system32\16541.exe
c:\windows\system32\16944.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\17673.exe
c:\windows\system32\1842.exe
c:\windows\system32\18467.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\18756.exe
c:\windows\system32\19169.exe
c:\windows\system32\19264.exe
c:\windows\system32\19629.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\20037.exe
c:\windows\system32\2082.exe
c:\windows\system32\21538.exe
c:\windows\system32\21726.exe
c:\windows\system32\22190.exe
c:\windows\system32\22648.exe
c:\windows\system32\22704.exe
c:\windows\system32\22929.exe
c:\windows\system32\2306.exe
c:\windows\system32\23805.exe
c:\windows\system32\23811.exe
c:\windows\system32\24084.exe
c:\windows\system32\24370.exe
c:\windows\system32\24393.exe
c:\windows\system32\24626.exe
c:\windows\system32\25547.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26308.exe
c:\windows\system32\26500.exe
c:\windows\system32\27446.exe
c:\windows\system32\27529.exe
c:\windows\system32\27644.exe
c:\windows\system32\28145.exe
c:\windows\system32\28253.exe
c:\windows\system32\28703.exe
c:\windows\system32\288.exe
c:\windows\system32\292.exe
c:\windows\system32\29658.exe
c:\windows\system32\30106.exe
c:\windows\system32\30333.exe
c:\windows\system32\3035.exe
c:\windows\system32\31101.exe
c:\windows\system32\31115.exe
c:\windows\system32\31322.exe
c:\windows\system32\31673.exe
c:\windows\system32\32391.exe
c:\windows\system32\32439.exe
c:\windows\system32\32662.exe
c:\windows\system32\32757.exe
c:\windows\system32\3548.exe
c:\windows\system32\3902.exe
c:\windows\system32\4639.exe
c:\windows\system32\4664.exe
c:\windows\system32\4827.exe
c:\windows\system32\4833.exe
c:\windows\system32\4966.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5537.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\6729.exe
c:\windows\system32\6868.exe
c:\windows\system32\7376.exe
c:\windows\system32\7711.exe
c:\windows\system32\778.exe
c:\windows\system32\8723.exe
c:\windows\system32\8942.exe
c:\windows\system32\9040.exe
c:\windows\system32\9741.exe
c:\windows\system32\9894.exe
c:\windows\system32\9930.exe
c:\windows\system32\stera.log

Infected copy of c:\windows\system32\drivers\iastor.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCI
-------\Legacy_NNSERV
-------\Service_NNServ


((((((((((((((((((((((((( Files Created from 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))))))
.

2010-01-18 15:29 . 2010-01-18 15:29 77312 ----a-w- C:\mbr.exe
2010-01-16 02:10 . 2010-01-16 02:10 -------- d-----w- c:\documents and settings\dad\Local Settings\Application Data\AVG Security Toolbar
2010-01-15 03:13 . 2010-01-15 03:13 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-01-13 06:28 . 2010-01-13 06:52 -------- d-----w- C:\$AVG
2010-01-13 06:27 . 2010-01-13 06:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-13 06:27 . 2010-01-13 06:27 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-13 06:27 . 2010-01-13 06:27 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-13 06:27 . 2010-01-13 06:27 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-13 06:27 . 2010-01-17 16:46 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-13 06:27 . 2010-01-16 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-13 06:27 . 2010-01-17 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-13 06:27 . 2010-01-13 06:27 -------- d-----w- c:\program files\AVG
2010-01-13 05:41 . 2010-01-13 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2010-01-10 10:01 . 2010-01-15 03:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-08 08:27 . 2008-09-09 19:03 315510 ----a-w- c:\windows\system32\RAPI.dll
2010-01-08 08:27 . 2008-08-07 22:42 16512 ----a-w- c:\windows\system32\drivers\RAPIProtocol.sys
2010-01-08 08:27 . 2008-06-14 04:11 200704 ----a-w- c:\windows\system32\ssleay32.dll
2010-01-08 08:27 . 2008-06-14 04:11 1093632 ----a-w- c:\windows\system32\libeay32.dll
2010-01-08 08:26 . 2010-01-08 08:26 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-01-08 08:26 . 2008-10-21 19:16 465152 ----a-w- c:\windows\system32\drivers\rt73.sys
2010-01-08 08:26 . 2010-01-08 08:26 -------- d-----w- c:\program files\Ralink
2010-01-08 06:51 . 2010-01-08 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Ralink Driver
2010-01-08 06:50 . 2010-01-08 06:50 -------- d-----w- c:\documents and settings\dad\Application Data\InstallShield
2010-01-07 06:55 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 06:55 . 2010-01-16 01:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 06:55 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 22:09 . 2010-01-04 22:09 25823502 ----a-w- C:\vdf_fusebundle.zip
2010-01-03 21:24 . 2010-01-03 21:24 -------- d-----w- C:\found.001
2009-12-27 09:01 . 2009-12-27 09:01 -------- d-----w- c:\program files\Counter-Strike 2D
2009-12-26 00:05 . 2009-12-26 00:05 -------- d-----w- c:\program files\KingsIsle Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 08:21 . 2006-09-19 12:37 246784 ----a-w- c:\windows\system32\drivers\iastor.sys
2010-01-16 02:25 . 2006-10-28 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-01-16 02:25 . 2006-10-28 04:44 -------- d-----w- c:\program files\Yahoo!
2010-01-16 01:58 . 2010-01-16 01:58 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-13 20:30 . 2005-08-17 01:54 -------- d-----w- c:\program files\DIGStream
2010-01-13 06:27 . 2010-01-13 06:47 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-13 06:27 . 2010-01-13 06:47 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-01-13 06:27 . 2010-01-13 06:47 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-01-13 06:27 . 2010-01-13 06:47 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-13 06:27 . 2010-01-13 06:47 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2010-01-13 06:27 . 2010-01-13 06:47 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-01-13 05:30 . 2006-11-16 23:42 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-13 05:30 . 2005-08-17 01:58 -------- d-----w- c:\program files\RGB
2010-01-08 08:26 . 2009-04-20 21:27 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-01-08 08:17 . 2007-05-23 22:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-08 08:17 . 2007-05-23 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-08 06:51 . 2006-09-19 12:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-06 05:12 . 2007-05-24 20:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-30 04:54 . 2005-08-16 09:18 14336 ----a-w- c:\windows\system32\svchost.exe
2009-12-11 22:19 . 2009-12-11 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-11-30 21:40 . 2008-09-25 00:55 662 ----a-w- c:\documents and settings\dad\Application Data\wklnhst.dat
2009-11-25 21:01 . 2010-01-16 02:31 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-21 16:36 . 2005-08-16 09:18 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2008-11-13 02:37 . 2008-09-14 07:36 6956032 -csha-w- c:\program files\ehthumbs.db
2007-04-07 08:04 . 2007-04-07 08:05 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-09-27 00:17 . 2006-09-27 00:17 251 ----a-w- c:\program files\wt3d.ini
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 0B788EE2A876D7B31DF840C13F08CD2B . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-13 2033432]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2010-1-8 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-13 06:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 17:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-05-01 07:30 13750272 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-05-01 07:30 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-05-01 07:31 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD0620 STISvc]
2005-05-10 17:03 36864 ----a-r- c:\windows\system32\P0620Pin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-01 07:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-07-24 22:20 282624 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 12:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 04:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\h3rojr\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\h3rojr\\day of defeat\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\h3rojr\\deathmatch classic\\hl.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57988:TCP"= 57988:TCP:Pando Media Booster
"57988:UDP"= 57988:UDP:Pando Media Booster

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/12/2010 10:27 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/12/2010 10:27 PM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/12/2010 10:27 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/12/2010 10:27 PM 285392]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Ralink\Common\RalinkRegistryWriter.exe [1/8/2010 12:27 AM 75040]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/6/2010 10:55 PM 38224]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [1/8/2010 12:27 AM 16512]
S3 TDWXP;WavePlus 802.11b Wireless PCI/PCMCIA Card Driver;c:\windows\system32\drivers\wpndis51.sys [8/3/2004 3:24 PM 151552]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\lee speaks\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\dad\Application Data\Mozilla\Firefox\Profiles\05p9w8ju.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

BHO-{8a6264b5-a8f2-494b-8f37-cf898a763e42} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-Easy Dock - c:\documents and settings\lee speaks\My Documents\RCA easyRip\EZDock.exe
MSConfigStartUp-Internet Security 2010 - c:\program files\InternetSecurity2010\IS2010.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-tgcmd - c:\program files\Support.com\bin\tgcmd.exe
MSConfigStartUp-Windows Console - wkssvc.exe
MSConfigStartUp-winupdate86 - c:\windows\system32\winupdate86.exe
AddRemove-RCA Detective™_is1 - c:\documents and settings\lee speaks\My Documents\RCA Detective\unins000.exe
AddRemove-RCA easyRip_is1 - c:\documents and settings\lee speaks\My Documents\RCA easyRip\unins000.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 20:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2176)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-19 20:33:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-20 04:33

Pre-Run: 194,806,603,776 bytes free
Post-Run: 195,002,728,448 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30

- - End Of File - - 028DA2388543D1223E5CBB75BA5C83C7

#10 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 26,080
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 20 January 2010 - 02:54 PM

Hi,

well the cleaner the machine, the less likely it is they will actually reformat. wink.gif

Anywho to continue the cleaning process:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
FCopy::
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

How is the PC doing now? You should have seen some improvement after running combofix.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#11 User is offline   ok computer 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 57
  • Joined: 19-October 09

Posted 20 January 2010 - 09:45 PM

The new ComboFix log is below. As for the computer's operation, yes, it seems to be greatly improved, though I haven't been really using it heavily except to run these processes and communicate with you. Still, I don't think one would have any idea at this point that there was anything wrong with it, except for the fact that Safe Mode doesn't work. Maybe it does work now - I haven't tried it in a few days.

Thanks again for all your help. Here is the log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



ComboFix 10-01-19.02 - dad 01/20/2010 18:25:26.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.659 [GMT -8:00]
Running from: c:\documents and settings\dad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\dad\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-18 15:29 . 2010-01-18 15:29 77312 ----a-w- C:\mbr.exe
2010-01-16 02:31 . 2009-11-25 21:01 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-01-16 02:10 . 2010-01-16 02:10 -------- d-----w- c:\documents and settings\dad\Local Settings\Application Data\AVG Security Toolbar
2010-01-16 01:58 . 2010-01-16 01:58 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-15 03:13 . 2010-01-15 03:13 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-01-13 06:47 . 2010-01-13 06:27 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-13 06:47 . 2010-01-13 06:27 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-01-13 06:47 . 2010-01-13 06:27 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-01-13 06:47 . 2010-01-13 06:27 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-13 06:47 . 2010-01-13 06:27 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2010-01-13 06:47 . 2010-01-13 06:27 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-01-13 06:28 . 2010-01-13 06:52 -------- d-----w- C:\$AVG
2010-01-13 06:27 . 2010-01-13 06:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-13 06:27 . 2010-01-13 06:27 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-13 06:27 . 2010-01-13 06:27 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-13 06:27 . 2010-01-13 06:27 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-13 06:27 . 2010-01-17 16:46 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-13 06:27 . 2010-01-16 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-13 06:27 . 2010-01-17 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-13 06:27 . 2010-01-13 06:27 -------- d-----w- c:\program files\AVG
2010-01-13 05:41 . 2010-01-13 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2010-01-10 10:01 . 2010-01-15 03:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-08 08:27 . 2008-09-09 19:03 315510 ----a-w- c:\windows\system32\RAPI.dll
2010-01-08 08:27 . 2008-08-07 22:42 16512 ----a-w- c:\windows\system32\drivers\RAPIProtocol.sys
2010-01-08 08:27 . 2008-06-14 04:11 200704 ----a-w- c:\windows\system32\ssleay32.dll
2010-01-08 08:27 . 2008-06-14 04:11 1093632 ----a-w- c:\windows\system32\libeay32.dll
2010-01-08 08:26 . 2010-01-08 08:26 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-01-08 08:26 . 2008-10-21 19:16 465152 ----a-w- c:\windows\system32\drivers\rt73.sys
2010-01-08 08:26 . 2010-01-08 08:26 -------- d-----w- c:\program files\Ralink
2010-01-08 06:51 . 2010-01-08 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Ralink Driver
2010-01-08 06:51 . 2008-10-21 19:16 465152 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT7x Wireless LAN Card\Driver\rt73.sys
2010-01-08 06:51 . 2008-07-11 03:34 528384 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT7x Wireless LAN Card\Driver\RaInst.exe
2010-01-08 06:51 . 2007-05-17 19:17 192512 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT7x Wireless LAN Card\Driver\CoInstaller.dll
2010-01-08 06:51 . 2006-11-02 15:21 319456 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT7x Wireless LAN Card\Driver\difxapi.dll
2010-01-08 06:50 . 2010-01-08 06:50 -------- d-----w- c:\documents and settings\dad\Application Data\InstallShield
2010-01-07 06:55 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 06:55 . 2010-01-16 01:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 06:55 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 22:09 . 2010-01-04 22:09 25823502 ----a-w- C:\vdf_fusebundle.zip
2010-01-03 21:24 . 2010-01-03 21:24 -------- d-----w- C:\found.001
2009-12-27 09:01 . 2009-12-27 09:01 -------- d-----w- c:\program files\Counter-Strike 2D
2009-12-26 00:05 . 2009-12-26 00:05 -------- d-----w- c:\program files\KingsIsle Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 08:21 . 2006-09-19 12:37 246784 ----a-w- c:\windows\system32\drivers\iastor.sys
2010-01-16 02:25 . 2006-10-28 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-01-16 02:25 . 2006-10-28 04:44 -------- d-----w- c:\program files\Yahoo!
2010-01-13 20:30 . 2005-08-17 01:54 -------- d-----w- c:\program files\DIGStream
2010-01-13 05:30 . 2006-11-16 23:42 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-13 05:30 . 2005-08-17 01:58 -------- d-----w- c:\program files\RGB
2010-01-08 08:26 . 2009-04-20 21:27 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-01-08 08:17 . 2007-05-23 22:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-08 08:17 . 2007-05-23 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-08 06:51 . 2006-09-19 12:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-06 05:12 . 2007-05-24 20:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-30 04:54 . 2005-08-16 09:18 14336 ------w- c:\windows\system32\svchost.exe
2009-12-11 22:19 . 2009-12-11 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-11-30 21:40 . 2008-09-25 00:55 662 ----a-w- c:\documents and settings\dad\Application Data\wklnhst.dat
2009-11-21 16:36 . 2005-08-16 09:18 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2005-08-16 09:18 916480 ------w- c:\windows\system32\wininet.dll
2008-11-13 02:37 . 2008-09-14 07:36 6956032 -csha-w- c:\program files\ehthumbs.db
2007-04-07 08:04 . 2007-04-07 08:05 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-09-27 00:17 . 2006-09-27 00:17 251 ----a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-13 2033432]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2010-1-8 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-13 06:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 17:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-05-01 07:30 13750272 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-05-01 07:30 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-05-01 07:31 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD0620 STISvc]
2005-05-10 17:03 36864 ----a-r- c:\windows\system32\P0620Pin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-01 07:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-07-24 22:20 282624 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 12:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 04:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\h3rojr\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\h3rojr\\day of defeat\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\h3rojr\\deathmatch classic\\hl.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57988:TCP"= 57988:TCP:Pando Media Booster
"57988:UDP"= 57988:UDP:Pando Media Booster

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/12/2010 10:27 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/12/2010 10:27 PM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/12/2010 10:27 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/12/2010 10:27 PM 285392]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Ralink\Common\RalinkRegistryWriter.exe [1/8/2010 12:27 AM 75040]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/6/2010 10:55 PM 38224]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [1/8/2010 12:27 AM 16512]
S3 TDWXP;WavePlus 802.11b Wireless PCI/PCMCIA Card Driver;c:\windows\system32\drivers\wpndis51.sys [8/3/2004 3:24 PM 151552]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\lee speaks\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\dad\Application Data\Mozilla\Firefox\Profiles\05p9w8ju.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 18:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2992)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-20 18:34:39
ComboFix-quarantined-files.txt 2010-01-21 02:34
ComboFix2.txt 2010-01-20 04:33

Pre-Run: 195,020,443,648 bytes free
Post-Run: 194,995,888,128 bytes free

- - End Of File - - AA348763E9BD53BFF046CAC213DB6D7F

#12 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 26,080
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 21 January 2010 - 06:05 AM

Hi,

the log looks good.

Please run a scan with Eset:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

and provide a new log from OTL.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#13 User is offline   ok computer 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 57
  • Joined: 19-October 09

Posted 21 January 2010 - 10:24 PM

At this point I AM able to boot into Safe Mode, so that problem seems to be remedied as well, thanks to you.

The ESET log is below. I'm amazed at how much is still being detected.

The OTL log follows that...didn't OTL produce 2 reports before?



ESET
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
C:\Program Files\Trend Micro\Internet Security 12\VSS7R9EN.000 a variant of Win32/Adware.CommAd application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\Internet Security 12\VSSCD5EN.000 a variant of Win32/Adware.CommAd application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\Internet Security 12\VSSCD6T7.000 a variant of Win32/Adware.CommAd application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\Internet Security 12\VSSCD8BV.000 a variant of Win32/Adware.CommAd application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\Internet Security 12\VSSEA1U7.000 a variant of Win32/Adware.CommAd application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\Internet Security 12\VSSEFR17.000 a variant of Win32/Adware.CommAd application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\Internet Security 12\VSSEHNEN.000 a variant of Win32/Adware.CommAd application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\Internet Security 12\VSSEUKCV.001 a variant of Win32/Adware.CommAd application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\iaStor.sys.vir Win32/Olmarik.SJ virus deleted - quarantined





OTL...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 1/21/2010 7:08:50 PM - Run 2
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\dad\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 345.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 181.43 Gb Free Space | 79.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCJZ5TB1
Current User Name: dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/17 08:42:07 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dad\Desktop\OTL.exe
PRC - [2010/01/12 22:47:06 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/12 22:27:35 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/12 22:27:35 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/12 22:27:35 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/12 22:27:33 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/12 22:27:30 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/12 22:27:29 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/26 15:45:38 | 00,843,032 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2009/04/30 23:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/01/26 14:31:12 | 05,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2008/11/11 20:54:50 | 01,634,304 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
PRC - [2008/09/05 10:23:20 | 00,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
PRC - [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/08/14 23:49:26 | 00,063,040 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2007/06/13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/06 04:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 04:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/09/08 02:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/17 08:42:07 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dad\Desktop\OTL.exe
MOD - [2006/08/25 07:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2010/01/12 22:27:30 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/12 22:27:29 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/07 20:14:16 | 00,103,736 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/04/30 23:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/09/05 10:23:20 | 00,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/08/14 23:49:26 | 00,063,040 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/07/06 04:14:30 | 00,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/06/01 13:25:00 | 00,180,224 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel®
SRV - [2004/07/14 22:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Driver Services (SafeList) ==========

DRV - [2010/01/16 00:21:14 | 00,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2010/01/12 22:27:51 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/12 22:27:51 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/12 22:27:51 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/08 00:26:56 | 00,021,361 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/09/07 20:14:49 | 00,022,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/04/30 21:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/10/21 11:16:58 | 00,465,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2008/08/07 14:42:36 | 00,016,512 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RAPIProtocol.sys -- (RAPIProtocol)
DRV - [2008/06/20 01:52:06 | 00,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/31 14:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 17:46:38 | 00,016,224 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2006/10/26 20:39:59 | 00,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/19 05:02:07 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/07/24 14:20:00 | 01,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/05 10:49:08 | 00,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/05/09 12:36:44 | 00,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/09 12:36:42 | 00,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/09 12:36:22 | 00,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/09 12:36:20 | 00,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/09 12:36:18 | 00,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2005/09/12 00:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 02:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 02:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 02:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 02:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 02:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 02:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 02:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 09:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 09:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 02:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/05/11 19:24:08 | 00,062,856 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt9080.sys -- (SQTECH9080) MegaCam(PID_9080_00)
DRV - [2005/04/24 17:57:36 | 00,091,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2005/01/25 23:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/12 14:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 02:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 20:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 20:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 15:24:22 | 00,151,552 | ---- | M] (WavePlus Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpndis51.sys -- (TDWXP)
DRV - [2004/06/09 07:29:56 | 00,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2003/11/17 18:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 18:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 18:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 15:48:08 | 00,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/09/23 01:49:00 | 00,068,672 | R--- | M] (2Wire, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\2WirePCP.sys -- (2WIREPCP)
DRV - [2001/08/17 11:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 11:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 11:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 11:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 11:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 10:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 10:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 10:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 10:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 10:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 10:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 10:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 10:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 10:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 10:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 10:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 09:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060919
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060919


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060919
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060919
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\S-1-5-21-2891760595-2461145334-508594633-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2891760595-2461145334-508594633-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060919
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-500\S-1-5-21-2891760595-2461145334-508594633-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2891760595-2461145334-508594633-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-501\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-501\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-501\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-501\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-501\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.live.com [binary data]
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-501\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-501\..\URLSearchHook: {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2891760595-2461145334-508594633-501\S-1-5-21-2891760595-2461145334-508594633-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/12 22:27:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/01/12 22:27:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/20 18:21:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/17 10:31:52 | 00,000,000 | ---D | M]

[2008/06/23 10:58:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dad\Application Data\Mozilla\Extensions
[2010/01/15 18:31:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dad\Application Data\Mozilla\Firefox\Profiles\05p9w8ju.default\extensions
[2010/01/19 20:59:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/08 22:40:58 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2005/04/27 12:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2010/01/19 20:24:16 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2891760595-2461145334-508594633-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2891760595-2461145334-508594633-501\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2891760595-2461145334-508594633-500..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2891760595-2461145334-508594633-500..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe File not found
O4 - HKU\S-1-5-21-2891760595-2461145334-508594633-501..\Run: [cmonitor] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe File not found
O4 - HKU\S-1-5-21-2891760595-2461145334-508594633-501..\Run: [dc6_check] C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe File not found
O4 - HKU\S-1-5-21-2891760595-2461145334-508594633-501..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2891760595-2461145334-508594633-501..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe File not found
O4 - HKU\S-1-5-21-2891760595-2461145334-508594633-501..\Run: [ERS_check] C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe File not found
O4 - HKU\S-1-5-21-2891760595-2461145334-508594633-501..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\S-1-5-21-2891760595-2461145334-508594633-501..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe File not found
O4 - HKU\S-1-5-21-2891760595-2461145334-508594633-501..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe File not found
O4 - HKU\S-1-5-21-2891760595-2461145334-508594633-501..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2891760595-2461145334-508594633-501..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-2891760595-2461145334-508594633-501..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\PE_C_ALL USERS\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2891760595-2461145334-508594633-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2891760595-2461145334-508594633-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2891760595-2461145334-508594633-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2891760595-2461145334-508594633-501\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2891760595-2461145334-508594633-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\lee speaks\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2891760595-2461145334-508594633-1007\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2891760595-2461145334-508594633-500\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2891760595-2461145334-508594633-501\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 01:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/21 17:17:01 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/01/20 18:43:17 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/19 19:42:21 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/19 19:39:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/19 19:39:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/19 19:39:48 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/19 19:39:48 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/19 19:39:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/19 19:38:40 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/17 08:42:07 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dad\Desktop\OTL.exe
[2010/01/15 18:10:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dad\Local Settings\Application Data\AVG Security Toolbar
[2010/01/12 22:28:21 | 00,000,000 | ---D | C] -- C:\$AVG
[2010/01/12 22:27:52 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/12 22:27:51 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/12 22:27:51 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/12 22:27:51 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/12 22:27:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/01/12 22:27:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/01/12 22:27:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/12 22:27:29 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/01/12 22:24:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/12 21:41:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2010/01/12 21:39:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dad\Desktop\32bit
[2010/01/12 21:25:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/12 21:25:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/12 21:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/09 16:55:05 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\dad\Desktop\RootRepeal.exe
[2010/01/09 16:45:14 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\dad\Desktop\HJTInstall.exe
[2010/01/08 00:27:01 | 01,093,632 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2010/01/08 00:27:01 | 00,315,510 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\RAPI.dll
[2010/01/08 00:27:01 | 00,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2010/01/08 00:27:01 | 00,016,512 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\RAPIProtocol.sys
[2010/01/08 00:26:56 | 00,021,361 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\AegisP.sys
[2010/01/08 00:26:55 | 00,465,152 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt73.sys
[2010/01/08 00:26:54 | 00,000,000 | ---D | C] -- C:\Program Files\Ralink
[2010/01/07 22:51:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2010/01/07 22:50:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dad\Application Data\InstallShield
[2010/01/06 22:55:24 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/06 22:55:21 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 22:55:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/06 22:54:54 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\dad\Desktop\mbam-setup.exe
[2010/01/03 13:24:47 | 00,000,000 | ---D | C] -- C:\found.001
[2009/12/28 18:28:13 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/12/27 01:01:36 | 00,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 2D
[2009/12/26 20:48:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/12/25 16:05:52 | 00,000,000 | ---D | C] -- C:\Program Files\KingsIsle Entertainment
[2007/08/29 09:50:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/04/07 00:05:03 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2006/11/17 15:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2006/11/17 15:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2006/11/11 15:08:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2006/11/07 18:09:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/11/06 18:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2006/11/05 23:00:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\yahoo!
[2006/11/05 20:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2006/11/05 20:36:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/21 17:19:36 | 54,493,657 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/21 17:19:07 | 00,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/21 17:15:55 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\dad\NTUSER.DAT
[2010/01/21 17:13:41 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/21 17:12:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/21 17:12:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/21 17:12:39 | 10,716,89728 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/21 17:11:40 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\dad\ntuser.ini
[2010/01/21 17:11:38 | 02,128,656 | -H-- | M] () -- C:\Documents and Settings\dad\Local Settings\Application Data\IconCache.db
[2010/01/20 18:32:29 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/19 20:24:16 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/19 19:42:35 | 00,000,307 | RHS- | M] () -- C:\boot.ini
[2010/01/19 19:37:45 | 03,829,629 | R--- | M] () -- C:\Documents and Settings\dad\Desktop\ComboFix.exe
[2010/01/18 07:29:53 | 00,077,312 | ---- | M] () -- C:\mbr.exe
[2010/01/18 07:02:03 | 00,236,544 | ---- | M] () -- C:\Documents and Settings\dad\Desktop\pev.exe
[2010/01/18 07:02:03 | 00,008,984 | ---- | M] () -- C:\Documents and Settings\dad\Desktop\ncmd.cfxxe
[2010/01/18 07:02:03 | 00,000,476 | ---- | M] () -- C:\Documents and Settings\dad\Desktop\rkill.reg
[2010/01/17 10:33:00 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\dad\Desktop\unenv9g6.exe
[2010/01/17 08:42:07 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dad\Desktop\OTL.exe
[2010/01/16 00:21:14 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iastor.sys
[2010/01/14 19:13:05 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/12 22:28:03 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/12 22:27:52 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/12 22:27:52 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/01/12 22:27:51 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/12 22:27:51 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/12 22:27:51 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/12 22:27:51 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/12 22:27:51 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/09 16:55:23 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\dad\Desktop\settings.dat
[2010/01/09 16:55:09 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\dad\Desktop\RootRepeal.exe
[2010/01/09 16:51:14 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\dad\Desktop\dds.scr
[2010/01/09 16:45:16 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\dad\Desktop\HJTInstall.exe
[2010/01/09 09:11:19 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/09 09:11:19 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/09 09:11:19 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/08 00:27:01 | 00,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[2010/01/08 00:26:56 | 00,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/01/08 00:26:56 | 00,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\AegisP.sys
[2010/01/07 23:51:20 | 00,027,015 | ---- | M] () -- C:\Documents and Settings\dad\Desktop\norton program info.JPG
[2010/01/07 23:20:22 | 00,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/07 23:20:22 | 00,000,237 | ---- | M] () -- C:\Boot.bak
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 22:55:27 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/06 22:17:14 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\dad\Desktop\mbam-setup.exe
[2010/01/06 21:45:10 | 00,263,168 | ---- | M] () -- C:\Documents and Settings\dad\Desktop\rkill.com
[2010/01/06 21:23:02 | 00,039,507 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/04 14:09:46 | 25,823,502 | ---- | M] () -- C:\vdf_fusebundle.zip
[2010/01/04 12:38:49 | 00,262,144 | ---- | M] () -- C:\WINDOWS\SAM
[2009/12/29 20:54:50 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe
[2009/12/27 00:36:52 | 00,000,006 | ---- | M] () -- C:\WINDOWS\System32\ClassU
[2009/12/27 00:36:52 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\Band4
[2009/12/25 01:28:07 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/21 17:12:39 | 10,716,89728 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/19 19:42:34 | 00,000,237 | ---- | C] () -- C:\Boot.bak
[2010/01/19 19:42:25 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/19 19:39:48 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/19 19:39:48 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/19 19:39:48 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/19 19:39:48 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/19 19:39:48 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/19 19:35:30 | 03,829,629 | R--- | C] () -- C:\Documents and Settings\dad\Desktop\ComboFix.exe
[2010/01/18 07:29:53 | 00,077,312 | ---- | C] () -- C:\mbr.exe
[2010/01/18 07:02:03 | 00,236,544 | ---- | C] () -- C:\Documents and Settings\dad\Desktop\pev.exe
[2010/01/18 07:02:03 | 00,008,984 | ---- | C] () -- C:\Documents and Settings\dad\Desktop\ncmd.cfxxe
[2010/01/18 07:02:03 | 00,000,476 | ---- | C] () -- C:\Documents and Settings\dad\Desktop\rkill.reg
[2010/01/17 10:32:59 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\dad\Desktop\unenv9g6.exe
[2010/01/12 22:28:02 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/12 22:27:52 | 54,493,657 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/12 22:27:52 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/01/12 22:27:51 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/12 22:27:51 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/12 22:27:51 | 00,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/10 02:01:24 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/09 16:55:23 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\dad\Desktop\settings.dat
[2010/01/09 16:51:10 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\dad\Desktop\dds.scr
[2010/01/08 00:27:01 | 00,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[2010/01/07 23:51:20 | 00,027,015 | ---- | C] () -- C:\Documents and Settings\dad\Desktop\norton program info.JPG
[2010/01/06 22:55:27 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/06 22:40:04 | 00,263,168 | ---- | C] () -- C:\Documents and Settings\dad\Desktop\rkill.com
[2010/01/04 14:09:46 | 25,823,502 | ---- | C] () -- C:\vdf_fusebundle.zip
[2010/01/04 12:38:49 | 00,262,144 | ---- | C] () -- C:\WINDOWS\SAM
[2009/12/27 00:36:52 | 00,000,006 | ---- | C] () -- C:\WINDOWS\System32\ClassU
[2009/12/27 00:36:52 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\Band4
[2009/04/30 23:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/30 23:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/30 23:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/30 23:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/24 16:55:03 | 00,000,662 | ---- | C] () -- C:\Documents and Settings\dad\Application Data\wklnhst.dat
[2008/09/24 16:48:48 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/13 23:36:07 | 06,956,032 | -HS- | C] () -- C:\Program Files\ehthumbs.db
[2008/01/03 22:36:59 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\dad\Local Settings\Application Data\fusioncache.dat
[2007/12/30 17:46:24 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/06 21:53:39 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/24 15:55:13 | 00,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2007/06/19 07:59:36 | 00,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 06:57:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/04/07 00:07:27 | 00,000,094 | -H-- | C] () -- C:\WINDOWS\System32\tbd_G1ssg.ini
[2006/12/14 21:24:24 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/11/16 15:17:07 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/11 03:02:38 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/11/02 20:22:09 | 00,000,175 | ---- | C] () -- C:\WINDOWS\em06z.ini
[2006/09/26 16:17:03 | 00,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/09/19 05:12:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/19 05:05:46 | 00,000,930 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/19 05:04:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/19 04:37:10 | 00,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 05:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 01:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 01:18:35 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\security.dll
[2005/08/05 11:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F
< End of report >

#14 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 26,080
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 22 January 2010 - 12:27 PM

Hi,

OTL only produces two log when it is run for the first time. After that, unless specifically asked for, it will only produce the one log.

The finds from Eset actually are good. smile.gif (I know, weird, hu? laugh.gif) Eset found the files in the quarantine folders of other removal tools, none of these files can do any harm. smile.gif

Before we get to the final step I would like you to update your java:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

let me know if you run into any problem with that.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#15 User is offline   ok computer 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 57
  • Joined: 19-October 09

Posted 23 January 2010 - 11:44 AM

Right - I guess that makes sense about the detections.

I uninstalled all of the Java installations and then installed JRE 6, update 18. I disabled "quick start". I hate those.

What happens next??

I like the photos attached to your profile. Are those yours? Can I ask where they are?

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users