Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.TDSS + google redirect


  • This topic is locked This topic is locked
22 replies to this topic

#1 Viviana

Viviana

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 11 August 2009 - 06:02 PM

Some problems I've been having:
- I use any search engine on both IE and Firefox, the links are redirected to spam sites.
- Windows pop up constantly saying "The application or DLL _____ is not a valid Windows image. Please check this against your installation."

Today I scanned and sent files to quarantine with registered versions of AVG8, SUPERantispyware, Malware Bytes, and Spyware Doctor but they have not helped. Whenever the above windows pop up, Spyware doctor says the threat's name is "Rootkit.TDSS" and that it was blocked from accessing a file. Please help me remove this along with the link redirecting(perhaps one in the same :thumbup2: ) Here is the DDS log and attatchment.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Adriana Garcia at 17:35:01.03 on Tue 08/11/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.432 [GMT -5:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Global Payments Inc\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Adriana Garcia\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {d8f6dcd9-af7a-412b-b88b-9a2f6f8e4253} -
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: WinTouch Bar: {b28bb341-2c37-4711-bf95-9ddb4ce55f4a} - %SystemRoot%\system32\shdocvw.dll
uRun: [<NO NAME>]
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\simple~1\photos~1\data\xtras\mssysmgr.exe
uRun: [NBJ] "c:\progra~1\ahead\neroba~1\NBJ.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AVGIDS] "c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSUI.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\adrian~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gpnvpn~1.lnk - c:\windows\installer\{4c271126-c295-4828-a901-5910ae0c258b}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: geBqNhfG - geBqNhfG.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adrian~1\applic~1\mozilla\firefox\profiles\pdndup24.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\components\ffwt.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-7-22 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-8-11 12552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-8 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-11 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-11 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-11 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-11 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-8-11 1370488]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSAgent.exe [2009-7-22 5641736]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-7-22 571912]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-8-8 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-8-8 1097096]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-1-24 2749224]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-8-11 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-7-22 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-7-22 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSShim.sys [2009-7-22 27232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-8-19 19096]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
RUnknown lijb;lijb; [x]
S2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;d:\insta~1e.exe --> d:\INSTA~1E.EXE [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-5-3 232720]
S2 zevaoj;zevaoj;c:\windows\system32\drivers\wfwj.sys --> c:\windows\system32\drivers\wfwj.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-8-11 29208]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2007-9-30 31872]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-3-22 15656]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-08-11 12:11 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-08-11 11:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-08-11 11:38 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-11 11:38 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-08-11 11:38 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-11 11:38 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-11 11:38 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-08-11 11:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-08-11 11:17 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-08-11 11:17 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-08-11 11:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-11 11:10 <DIR> --d----- c:\docume~1\adrian~1\applic~1\AVG8
2009-08-11 10:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-11 10:37 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-11 10:37 <DIR> --d----- c:\docume~1\adrian~1\applic~1\SUPERAntiSpyware.com
2009-08-08 23:17 51,355 a------- c:\windows\system32\muzika.xm
2009-08-08 23:13 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-08-08 23:13 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-08-08 23:13 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-08 23:13 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-08-08 23:13 <DIR> --d----- c:\program files\common files\PC Tools
2009-08-08 23:13 <DIR> --d----- c:\program files\Spyware Doctor
2009-08-08 23:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-08-08 23:13 <DIR> --d----- c:\docume~1\adrian~1\applic~1\PC Tools
2009-08-03 19:47 <DIR> --d----- c:\program files\common files\Deterministic Networks
2009-08-03 19:47 <DIR> --d----- c:\program files\Global Payments Inc
2009-08-03 19:46 1,591 a------- c:\windows\VPNInstall.MIF
2009-07-22 17:23 74,760 a------- c:\windows\system32\drivers\UniversalDD.sys
2009-07-22 17:23 25,608 a------- c:\windows\system32\drivers\AVGIDSErHr.sys

==================== Find3M ====================

2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-05-28 20:50 262,144 a------- C:\ntuser.dat
2009-01-08 23:56 83,040 a------- c:\docume~1\adrian~1\applic~1\GDIPFONTCACHEV1.DAT
2008-03-17 11:11 10 a------- c:\program files\.autoreg
2008-02-11 00:42 88 ---shr-- c:\windows\system32\C296DA483A.sys
2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2008-06-16 20:14 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2007-12-17 08:43 27,648 ---sh--- c:\windows\system32\Smab0.dll
2008-02-04 14:26 151,040 ---sh--- c:\windows\system32\VistaUltm.dll
2008-12-23 12:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122320081224\index.dat

============= FINISH: 17:42:12.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 11 August 2009 - 06:30 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

==========

Lets take a deeper look at your computer.
Please do this....

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

And this....

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
==========

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

With your next post please provide:

* OTL.txt
* OTL Extra.txt
* RootRepeal.txt

I will review your logs and post instructions forthcoming.
Regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Viviana

Viviana
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 11 August 2009 - 07:26 PM

Thanks so much for replying quick

OTL.txt
OTL logfile created on: 8/11/2009 7:01:30 PM - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Adriana Garcia\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 419.86 Mb Available Physical Memory | 41.08% Memory free
2.40 Gb Paging File | 1.31 Gb Available in Paging File | 54.62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 91.75 Gb Free Space | 40.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIOHAZARD
Current User Name: Adriana Garcia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/07/22 17:23:10 | 05,641,736 | R--- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
PRC - [2009/08/11 11:37:44 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/11 11:37:45 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe
PRC - [2009/08/11 11:37:44 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/08/11 11:37:54 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/22 17:23:14 | 00,571,912 | R--- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
PRC - [2009/08/11 11:37:54 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/04/17 09:08:46 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Global Payments Inc\VPN Client\cvpnd.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2006/07/06 07:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2006/06/16 08:39:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe
PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2006/06/01 16:25:00 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
PRC - [2008/10/30 11:14:00 | 00,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WTablet\Wacom_TabletUser.exe
PRC - [2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/09/29 14:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/07/24 10:20:00 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 07:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
PRC - [2005/10/05 03:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2006/03/20 16:40:32 | 00,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
PRC - [2007/07/02 17:49:27 | 00,185,784 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/11 11:37:47 | 02,000,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/07/22 17:23:12 | 01,600,008 | R--- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
PRC - [2009/07/22 22:44:50 | 01,181,064 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2003/12/03 10:42:49 | 00,180,224 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Simple Star\PhotoShow Deluxe\data\Xtras\mssysmgr.exe
PRC - [2009/06/30 11:00:02 | 02,836,376 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2009/08/11 10:57:02 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/07/22 17:23:12 | 00,604,680 | R--- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
PRC - [2009/05/26 21:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/08/04 18:10:33 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/11 19:00:54 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adriana Garcia\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/10/30 21:06:10 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/11 11:37:44 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/08/11 11:37:45 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8 [Auto | Running])
SRV - [2009/07/22 17:23:10 | 05,641,736 | R--- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent [Auto | Running])
SRV - [2009/07/22 17:23:14 | 00,571,912 | R--- | M] (AVG) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe -- (AVGIDSWatcher [Auto | Running])
SRV - File not found -- -- (CiscoVpnInstallService [Auto | Stopped])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/04/17 09:08:46 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Global Payments Inc\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2006/06/01 16:25:00 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe -- (ELService [Auto | Running])
SRV - File not found -- -- (GoogleDesktopManager [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/07/06 07:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/07/16 07:48:42 | 01,163,378 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR [Auto | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/08/03 13:36:16 | 00,232,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Stopped])
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2006/06/16 08:39:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe -- (ProtexisLicensing [Auto | Start_Pending])
SRV - [2007/01/25 12:31:34 | 00,093,048 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe -- (TabletServiceWacom [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2008/06/29 11:09:26 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009/08/11 11:17:38 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwdx [On_Demand | Running])
DRV - [2009/08/11 11:17:38 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwfd [On_Demand | Stopped])
DRV - [2009/07/22 17:23:40 | 00,121,352 | R--- | M] (AVG Technologies ) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys -- (AVGIDSDriver [On_Demand | Running])
DRV - [2009/07/22 17:23:40 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\Drivers\AVGIDSErHr.sys -- (AVGIDSErHr [Boot | Running])
DRV - [2009/07/22 17:23:40 | 00,030,216 | ---- | M] (AVG Technologies ) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys -- (AVGIDSFilter [On_Demand | Running])
DRV - [2009/07/22 17:23:40 | 00,027,232 | ---- | M] (AVG Technologies ) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys -- (AVGIDSShim [On_Demand | Running])
DRV - [2009/08/11 11:38:18 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/11 11:38:17 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/08/11 11:38:22 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
DRV - [2009/08/11 11:38:22 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2007/01/18 17:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2008/04/17 09:07:52 | 00,306,299 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/09/08 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 05:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2008/03/29 17:36:28 | 00,125,328 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2006/06/05 13:49:08 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2006/05/09 15:36:44 | 00,009,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ELacpi.sys -- (ELacpi [On_Demand | Running])
DRV - [2006/05/09 15:36:18 | 00,010,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Drivers\Elhid.sys -- (ELhid [System | Running])
DRV - [2006/05/09 15:36:22 | 00,006,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Drivers\Elkbd.sys -- (ELkbd [System | Running])
DRV - [2006/05/09 15:36:42 | 00,007,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Drivers\Elmon.sys -- (ELmon [System | Running])
DRV - [2006/05/09 15:36:20 | 00,006,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Drivers\Elmou.sys -- (ELmou [System | Running])
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/07/06 06:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor [Boot | Running])
DRV - File not found -- Service key not found. -- (lijb [Unknown | Running])
DRV - [2008/06/29 11:09:26 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2001/08/17 14:05:06 | 00,025,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\OVSound2.sys -- (lusbaudio [System | Stopped])
DRV - [2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2006/06/05 03:39:56 | 00,024,064 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\Drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
DRV - [2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2007/01/25 12:31:34 | 00,042,000 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2006/06/16 08:39:00 | 03,581,888 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2009/04/03 10:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2004/08/10 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:05:20 | 00,031,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\OVCE.sys -- (QCEmerald [On_Demand | Stopped])
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/08/11 10:57:02 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2004/06/09 09:29:56 | 00,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DDMI2.sys -- (SDDMI2 [On_Demand | Stopped])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2006/07/24 10:20:00 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2008/05/03 09:18:52 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/01/26 11:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
DRV - [2008/10/06 11:53:24 | 00,015,656 | ---- | M] (Wacom Technology) -- C:\WINDOWS\System32\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor [On_Demand | Stopped])
DRV - [2007/02/16 11:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\WINDOWS\System32\DRIVERS\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
DRV - [2008/07/11 11:16:50 | 00,013,352 | ---- | M] (Wacom Technology) -- C:\WINDOWS\System32\DRIVERS\wacomvhid.sys -- (wacomvhid [On_Demand | Running])
DRV - [2007/02/15 16:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\WINDOWS\System32\DRIVERS\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\S-1-5-21-565947119-4082556615-3286707011-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-565947119-4082556615-3286707011-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/...html?channel=us
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-500\S-1-5-21-565947119-4082556615-3286707011-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.003
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..extensions.enabledItems: {BF32D2C8-9C75-404b-ACF4-880DB4679236}:1.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/17 19:41:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/11 11:17:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/08/11 11:38:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/09 20:58:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/11 11:04:29 | 00,000,000 | ---D | M]

[2008/09/21 10:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\mozilla\Extensions
[2008/09/21 10:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/11 15:08:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\mozilla\Firefox\Profiles\pdndup24.default\extensions
[2009/08/11 11:00:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\mozilla\Firefox\Profiles\pdndup24.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/06/11 23:00:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\mozilla\Firefox\Profiles\pdndup24.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2009/04/17 21:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\mozilla\Firefox\Profiles\pdndup24.default\extensions\unplug@compunach
[2007/08/08 17:52:07 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Adriana Garcia\Application Data\Mozilla\FireFox\Profiles\pdndup24.default\searchplugins\siteadvisor.xml
[2009/08/11 15:08:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 18:10:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/17 19:41:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/08/11 10:43:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/04 18:10:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 18:10:33 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/03/17 11:11:13 | 00,069,632 | ---- | M] () -- C:\Program Files\mozilla firefox\components\ffwt.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/01/16 20:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/07/02 14:37:31 | 01,316,352 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/07/02 14:38:28 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/04 18:10:34 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/07/02 17:49:39 | 00,144,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/06/09 11:35:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/09 11:35:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/09 11:35:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/09 11:35:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/09 11:35:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/09 11:35:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/09 11:35:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/07/02 17:49:49 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2007/07/02 17:49:35 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/10/02 23:08:06 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/03/07 16:23:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/07 16:23:07 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/11 12:08:47 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/03/07 16:23:07 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/07 16:23:07 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/07 16:23:07 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/07 16:23:07 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (728 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: () - {D8F6DCD9-AF7A-412B-B88B-9A2F6F8E4253} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-565947119-4082556615-3286707011-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVGIDS] C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe (AVG)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006..\Run: [] File not found
O4 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Simple Star\PhotoShow Deluxe\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-565947119-4082556615-3286707011-500..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\Adriana Garcia\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GPN VPN Client.lnk = C:\WINDOWS\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-565947119-4082556615-3286707011-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\geBqNhfG: DllName - geBqNhfG.dll - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/11 19:00:54 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adriana Garcia\Desktop\OTL.exe
[2009/08/11 14:29:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adriana Garcia\Desktop\Music Project
[2009/08/11 12:11:49 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/08/11 12:08:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adriana Garcia\Local Settings\Application Data\AVG Security Toolbar
[2009/08/11 11:38:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/08/11 11:38:22 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/11 11:38:22 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/08/11 11:38:22 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/11 11:38:22 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/08/11 11:38:18 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/11 11:38:17 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/11 11:38:04 | 39,754,098 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/11 11:38:03 | 00,064,206 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/11 11:38:02 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/11 11:38:01 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/11 11:38:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/08/11 11:38:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/08/11 11:17:38 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/08/11 11:17:38 | 00,029,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/08/11 11:17:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/08/11 11:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adriana Garcia\Application Data\AVG8
[2009/08/11 11:01:44 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/11 11:00:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/08/11 10:59:44 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/08/11 10:59:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/08/11 10:47:48 | 00,000,528 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Adriana Garcia.job
[2009/08/11 10:47:32 | 00,000,514 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Adriana Garcia.job
[2009/08/11 10:43:27 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/11 10:43:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/11 10:43:27 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/11 10:38:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/11 10:37:52 | 00,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/08/11 10:37:50 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/11 10:37:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adriana Garcia\Application Data\SUPERAntiSpyware.com
[2009/08/10 03:09:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adriana Garcia\Desktop\Playlist
[2009/08/08 23:17:55 | 00,051,355 | ---- | C] () -- C:\WINDOWS\System32\muzika.xm
[2009/08/08 23:13:53 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/08/08 23:13:46 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/08/08 23:13:46 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/08/08 23:13:38 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/08/08 23:13:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/08/08 23:13:34 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/08/08 23:13:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/08/08 23:13:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adriana Garcia\Application Data\PC Tools
[2009/08/08 23:13:32 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/08/08 23:13:30 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/08/03 19:47:04 | 00,002,483 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GPN VPN Client.lnk
[2009/08/03 19:47:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2009/08/03 19:47:01 | 00,000,000 | ---D | C] -- C:\Program Files\Global Payments Inc
[2009/08/03 19:46:58 | 00,001,591 | ---- | C] () -- C:\WINDOWS\VPNInstall.MIF
[2009/07/22 17:23:40 | 00,074,760 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\UniversalDD.sys
[2009/07/22 17:23:40 | 00,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSErHr.sys
[2009/01/04 16:26:05 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
[2008/12/22 20:24:35 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\nLame.dll
[2008/12/22 20:24:35 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll
[2008/07/15 10:46:16 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\asr32311.dll
[2008/06/29 11:09:26 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/06/29 11:09:26 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/04/17 09:08:56 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/04/17 09:08:44 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/03/31 05:39:09 | 00,151,040 | -HS- | C] () -- C:\WINDOWS\System32\VistaUltm.dll
[2008/03/31 05:39:09 | 00,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
[2008/03/09 19:39:24 | 00,000,971 | ---- | C] () -- C:\WINDOWS\OREGON.INI
[2008/02/10 13:30:03 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/02/10 13:30:03 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C296DA483A.sys
[2008/01/24 19:05:12 | 00,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/01 09:38:09 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/08/24 16:38:37 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/08/20 10:52:30 | 00,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/08/20 10:52:28 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/07/02 17:51:11 | 00,002,718 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/07/02 14:41:13 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/02 14:36:50 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/04/15 14:50:24 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/25 12:31:36 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/11/27 16:57:58 | 00,081,920 | ---- | C] () -- C:\WINDOWS\asr32311.dll
[2006/11/27 16:57:58 | 00,000,070 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini
[2006/10/19 21:51:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/19 21:47:19 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/19 21:42:45 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/19 21:19:40 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/19 21:18:21 | 00,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 01:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/15 17:40:22 | 00,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/08/16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:18:43 | 00,000,711 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 04:18:41 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/08/11 19:00:54 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adriana Garcia\Desktop\OTL.exe
[2009/08/11 19:00:00 | 00,000,308 | ---- | M] () -- C:\WINDOWS\tasks\aikztczx.job
[2009/08/11 18:58:31 | 39,754,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/11 18:58:11 | 00,064,206 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/11 17:04:01 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GPN VPN Client.lnk
[2009/08/11 17:03:16 | 00,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/11 17:02:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/11 17:01:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/11 17:01:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/11 17:01:09 | 10,716,93824 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/11 11:38:22 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/11 11:38:22 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/08/11 11:38:22 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/11 11:38:22 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/08/11 11:38:18 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/11 11:38:17 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/11 11:38:03 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/11 11:38:02 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/11 11:17:38 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/08/11 11:17:38 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/08/11 11:01:44 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/11 11:00:55 | 00,000,528 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Adriana Garcia.job
[2009/08/11 11:00:55 | 00,000,514 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Adriana Garcia.job
[2009/08/11 10:37:52 | 00,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/08/10 23:39:19 | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/08 23:17:55 | 00,051,355 | ---- | M] () -- C:\WINDOWS\System32\muzika.xm
[2009/08/05 18:26:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/03 19:47:45 | 00,001,591 | ---- | M] () -- C:\WINDOWS\VPNInstall.MIF
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/25 05:23:07 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/25 05:23:07 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/25 05:23:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/25 05:23:00 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/25 03:00:33 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/22 17:23:40 | 00,074,760 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\UniversalDD.sys
[2009/07/22 17:23:40 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSErHr.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

========== Files - Unicode (All) ==========
[2008/03/16 10:59:40 | 00,000,000 | ---D | C](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
[2008/03/16 10:59:48 | 00,000,000 | ---D | C](C:\Program Files\S?mantec) -- C:\Program Files\Sуmantec
[2008/03/16 18:17:53 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
[2008/03/17 11:16:13 | 00,000,000 | ---D | C](C:\WINDOWS\??crosoft.NET) -- C:\WINDOWS\Μіcrosoft.NET
[2008/03/17 11:16:24 | 00,000,000 | ---D | C](C:\WINDOWS\?dobe) -- C:\WINDOWS\Αdobe
[2008/03/20 11:56:06 | 00,000,000 | ---D | C](C:\Documents and Settings\Adriana Garcia\My Documents\??curity) -- C:\Documents and Settings\Adriana Garcia\My Documents\ѕеcurity
[2008/03/20 11:56:06 | 00,000,000 | ---D | M](C:\Documents and Settings\Adriana Garcia\My Documents\??curity) -- C:\Documents and Settings\Adriana Garcia\My Documents\ѕеcurity
[2008/03/22 15:03:15 | 00,000,000 | ---D | M](C:\Program Files\S?mantec) -- C:\Program Files\Sуmantec
[2008/03/23 23:02:06 | 00,000,000 | ---D | C](C:\Program Files\??crosoft.NET) -- C:\Program Files\Міcrosoft.NET
[2008/03/23 23:02:06 | 00,000,000 | ---D | M](C:\Program Files\??crosoft.NET) -- C:\Program Files\Міcrosoft.NET
[2008/03/24 10:12:29 | 00,000,000 | ---D | M](C:\WINDOWS\??crosoft.NET) -- C:\WINDOWS\Μіcrosoft.NET
[2008/03/25 18:40:09 | 00,000,000 | ---D | M](C:\WINDOWS\?dobe) -- C:\WINDOWS\Αdobe
< End of report >

OTL Extra.txt
OTL Extras logfile created on: 8/11/2009 7:01:30 PM - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Adriana Garcia\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 419.86 Mb Available Physical Memory | 41.08% Memory free
2.40 Gb Paging File | 1.31 Gb Available in Paging File | 54.62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 91.75 Gb Free Space | 40.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIOHAZARD
Current User Name: Adriana Garcia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"62515:UDP" = 62515:UDP:*:Enabled:Fukifimworking
"62514:UDP" = 62514:UDP:*:Enabled:Mybiatch
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Global Payments\VPNClient\ipsecdialer.exe" = C:\Program Files\Global Payments\VPNClient\ipsecdialer.exe:*:Enabled:Global Payments Dialer -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:explorer -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35A0C956-ACF1-41AB-89DE-1772C8A27ACB}" = Dracula Origin
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3A43AF05-4309-41A7-AA18-352F12FCBF01}" = COWON Q5W NavUtil
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4C271126-C295-4828-A901-5910AE0C258B}" = Global Payments VPN Client 5.03
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5BCAA4-80F2-4092-BD22-F426453BCD17}" = gigabeat S Series Manual
"{7C939836-8826-4FA9-865F-4580A6E00AA0}" = COWON Q5W User's Guide
"{7EAB1D85-7BA3-47C1-BBF7-A0EBC241DB94}" = Intel® Viiv™ Software
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{93431D7F-E9A0-33B3-1FA2-3ADDB6BA8ACE}" = Vampire - The Masquerade Bloodlines
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A0BAEE73-17FB-11D6-A76A-00B0D079AF64}" = Java 2 SDK, SE v1.4.1
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD0159C9-17FB-11D6-A76A-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F314EA69-9590-4876-8E2B-44CBEE7FFAA1}" = AVG Identity Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Any Video Converter_is1" = Any Video Converter 2.6.7
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG 8.5
"CCleaner" = CCleaner (remove only)
"Dracula Origin_is1" = Dracula Origin
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EL" = Intel® Quick Resume Technology Drivers
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"Java Web Start" = Java Web Start
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Learn to Speak Spanish 7.0" = Learn to Speak Spanish 7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoShow Deluxe" = PhotoShow Deluxe
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"SearchAssist" = SearchAssist
"Spyware Doctor" = Spyware Doctor 6.1
"SUPER ©" = SUPER © Version 2008.bld.25 (Feb 5, 2008)
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Wacom Tablet Driver" = Wacom Tablet
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2009 2:47:16 AM | Computer Name = BIOHAZARD | Source = Microsoft Office 10 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Outlook.

Error - 8/9/2009 1:13:02 PM | Computer Name = BIOHAZARD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/10/2009 4:10:07 AM | Computer Name = BIOHAZARD | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/10/2009 4:10:07 AM | Computer Name = BIOHAZARD | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/10/2009 4:10:07 AM | Computer Name = BIOHAZARD | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/11/2009 11:33:05 AM | Computer Name = BIOHAZARD | Source = MsiInstaller | ID = 10005
Description = Product: SUPERAntiSpyware Professional -- Internal Error 2753. SUPERAntiSpyware.exe

Error - 8/11/2009 4:20:49 PM | Computer Name = BIOHAZARD | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.40.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/11/2009 4:20:50 PM | Computer Name = BIOHAZARD | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.40.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/11/2009 4:46:48 PM | Computer Name = BIOHAZARD | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.40.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/11/2009 5:50:18 PM | Computer Name = BIOHAZARD | Source = Application Hang | ID = 1002
Description = Hanging application RegMech.exe, version 8.0.0.906, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/11/2009 12:04:05 PM | Computer Name = BIOHAZARD | Source = Service Control Manager | ID = 7000
Description = The zevaoj service failed to start due to the following error: %%2

Error - 8/11/2009 12:04:05 PM | Computer Name = BIOHAZARD | Source = Service Control Manager | ID = 7024
Description = The InCD Helper (read only) service terminated with service-specific
error 1 (0x1).

Error - 8/11/2009 12:04:05 PM | Computer Name = BIOHAZARD | Source = Service Control Manager | ID = 7000
Description = The Cisco Systems, Inc. Installer service service failed to start
due to the following error: %%21

Error - 8/11/2009 1:05:31 PM | Computer Name = BIOHAZARD | Source = Service Control Manager | ID = 7000
Description = The zevaoj service failed to start due to the following error: %%2

Error - 8/11/2009 1:05:31 PM | Computer Name = BIOHAZARD | Source = Service Control Manager | ID = 7024
Description = The InCD Helper (read only) service terminated with service-specific
error 1 (0x1).

Error - 8/11/2009 1:05:31 PM | Computer Name = BIOHAZARD | Source = Service Control Manager | ID = 7000
Description = The Cisco Systems, Inc. Installer service service failed to start
due to the following error: %%21

Error - 8/11/2009 3:47:56 PM | Computer Name = BIOHAZARD | Source = iastor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 8/11/2009 6:01:44 PM | Computer Name = BIOHAZARD | Source = Service Control Manager | ID = 7000
Description = The zevaoj service failed to start due to the following error: %%2

Error - 8/11/2009 6:01:44 PM | Computer Name = BIOHAZARD | Source = Service Control Manager | ID = 7024
Description = The InCD Helper (read only) service terminated with service-specific
error 1 (0x1).

Error - 8/11/2009 6:01:44 PM | Computer Name = BIOHAZARD | Source = Service Control Manager | ID = 7000
Description = The Cisco Systems, Inc. Installer service service failed to start
due to the following error: %%21


< End of report >

RootRepeal.txt
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/11 19:07
Program Version: Version 1.3.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xB2EE3000 Size: 749568 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xB33EE000 Size: 2560 File Visible: No Signed: -
Status: -

Name: mgbfxml.sys
Image Path: C:\WINDOWS\system32\drivers\mgbfxml.sys
Address: 0xEF31A000 Size: 61440 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB3ED4000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SKYNETbrydkclf.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNETbrydkclf.sys
Address: 0xEC1FA000 Size: 163840 File Visible: - Signed: -
Status: Hidden from the Windows API!

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\SKYNETbtmpghvs.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETovppkihy.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNEToyqpycaa.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETvriaglvv.dll
Status: Invisible to the Windows API!

Path: c:\windows\temp\0a7cd6aa-bb4f-4df2-b2b8-4669cab872a8.tmp
Status: Allocation size mismatch (API: 8192, Raw: 16384)

Path: C:\WINDOWS\Temp\SKYNETlulepfhfqa.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETlwkmiyfhgc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETmacsbkpccr.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETmjrdncoxrg.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETmkgbyjukur.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETmsckxhrqyi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETmsxhdjqbhn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETmvtahdkgkv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETmxokmthewe.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETnacctuditu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETnmbjykioai.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETnowumchlgd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETnoxwksqvti.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETnpmgepbjxf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETntvnymgrbq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETnxibkbupue.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETnxkkdqaxrk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNEToalloeymju.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETocjwwgivdb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNEToghyexbvrr.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETohgxaufaub.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNEToiebedwkrt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETonqhesdyfp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETopiiyqcpul.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETopsfdwkkwx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETorqxdnrejr.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETotoiaunhcn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETxlrixsqcio.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETxmmwqxwgfc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETxnbvqxivix.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETxoqdrpvnft.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETxrgeesafkc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETxvgiedoxsu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETxxiwshimau.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETybohesaihg.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETyeptuowsik.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETygribedjjw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETygrtdpjxxh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETyoivwjwrhw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETyppnpawocp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETyqjhfihlxd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETyvronomlwf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\T30DebugLogFile.txt
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\Temporary Internet Files
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\tmpE.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\WGAErrLog.txt
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\WGANotify.settings
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETcganellhho.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETciipkouhpx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETcipsikhvjg.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETcjnifpndxo.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETcmpjivdqvl.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETctydxgrxri.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETcutkvwrevx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETcwhmgclmfi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETcxitpfspmp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETcxnpdrfisq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETcxvjeyaijp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETdascvskqkl.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETdesdcomlpc.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETdjnhkoecna.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETdpxgmhcqgt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETdqfdteshmf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETdsfutfufwn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETdsjcesmpke.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETechfqmdija.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETedoviredbs.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETeejgckfhxn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETeflrbvsdxy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETegdqlswdju.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETegkglctmsv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETeinxtxgiwx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETsoxljajofh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETspmuejfqgg.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETsrvgcqfttl.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETssthlcdgwj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETsvrapkbwqw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETsxxbcbtwvl.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETteucwpjlua.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETthuxpdqwcf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETthwokqgfhf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETtijmghxjik.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETtkbfgqdrtt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETtkpwpbgohs.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETtkydsrlxig.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETtlfgwqaskx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETtngremaiaa.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETtpvphokwda.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETtqgcgmwwhr.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETttjpubnrsd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETtwigqxnvcq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETtyyfgngplx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETudovwxeyqq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETuetevmaqrx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETukprttlyqj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETgkalnstfnq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETgpqhrbxnox.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETgtgxcrieuu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNEThcvjrlxhal.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNEThfiysxsfqg.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNEThrviyqrxtp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNEThtbkjigvew.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNEThvdhdrcvsd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNEThvmmqcrfxe.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNEThwfqrrbgci.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNEThwhecdjqte.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETiaklxavsqk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETibgvfdvtwd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETimpfqxprqd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETipiryagklh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETipxgpijivy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETirtyggcjxd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETitmyswoqpr.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNEToyohgiuqgn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETpeqxoqtdoa.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETpijicuuarn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETptvmqurvno.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETpvyfgglmvb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETpxsbssbvay.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETpybcxeqsdq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETqawpmgsyds.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETqcuxmhspxn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETqdfqpgdnrn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETqemvapdhyn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETqetsntwbmr.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETqhosixrnfv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETqidpnulcfk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETqjggctfeip.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETqomkqcimnw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETukyfifnrsv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETuqirflidia.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETuyqqaworxt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETvcpucmisps.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETvhlohjmybe.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETvkgkeolwpb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETvmbcnmycbi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETvmdmutsubp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETvmwvgiquvs.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETvqpuxhvuki.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETvsnkrljbcs.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETvspxmgoqxi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETvwdjoieend.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETvwkrunpdxy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETvwyklvgkkm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETvxtjghxwrn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETwccbggpbpb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETwhfgsbmjcy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETwrgqbbsoqx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETwrjmyiwowd.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETwtxlxdneom.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETwuptdwjjgf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETwxabkxcjrq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETadmdrbcvsw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETaisdfapvve.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETamdkuqemep.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETanmbhaugox.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETaqkpoiwifn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETbbdhxxmdhr.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETbgpgsqmrip.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETbihyomfsqx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETbogeosmacm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETbqkmpplyvn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETbsptndyihp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETbsueftcpik.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETbxgvqjunyj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETccyknevtqn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETcfbykjvbmy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETcfevbfxiou.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETekcjblueng.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETekkwmmpvfm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETekrmccrdjt.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETeqaienmkut.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETeqvnaktbyn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETergccgvmhj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETetupkivvef.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETexhuqxnyxj.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETfctsypphqq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETfdccdkstug.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETfjxjcosetr.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETfmfihiinue.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETfmtpchphdb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETfnqgpapmdi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETfsvfpokmlh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETfwkcodjojs.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETfxpclwakgx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETgaprlarovq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETgbajvepjeq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETgeflsaeses.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETjbxskxsqfi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETjhxssrgdgl.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETjlocfpurpq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETjntxtepuqf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETjpgracnnbs.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETjvcntshmab.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETjwfdkllygh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETkdftfuftui.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETkhanucafgu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETkmbyugehej.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETkmqokadwgb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETkrlmtalqpp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETlcwavklkqp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETldjntmdnay.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETlfiqimnchu.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETlfosgadghm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETlfvanldwys.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETlfvgnpgrdw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETlgousrtorx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETlmuqahhair.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETlpefdtxqyq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETlqpoyjmhse.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETrbcptowpcw.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETrbtbufladh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETrcivewgyko.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETrdgnshwcfy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETreydgdewno.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETrjdosfipxr.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETrmbwmxksnq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETrmecbuhehy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETrnbutumnos.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETrncmpymore.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETrneqschmmk.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETrtpbxnughi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETrwfgpldksx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETrxyllbvxhy.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETsgdnxnwteh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETsgossfvdjp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETsnttptyyvv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETcfigvsjwhn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETeitqjsrvsi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETgewrftyrfv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETiuyxuicqft.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETlufptherve.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETovnlnmvipn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETqrnsspphpf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETsobguktsch.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETuksanovhbf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETxfafvuwmng.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\SKYNETbrydkclf.sys
Status: Invisible to the Windows API!

Path: C:\Program Files\Activision\Vampire - Bloodlines\vampire.exe:{DCD4F0C9-42CA-B538-2451-56476B98D886}
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Adriana Garcia\Local Settings\Temp\Perflib_Perfdata_72c.dat
Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: SKYNETvriaglvv.dll]
Process: svchost.exe (PID: 1868) Address: 0x008d0000 Size: 57344

Object: Hidden Module [Name: SKYNETbtmpghvs.dll]
Process: svchost.exe (PID: 1868) Address: 0x10000000 Size: 32768

Hidden Services
-------------------
Service Name: SKYNETvgecaijc
Image Path: C:\WINDOWS\system32\drivers\SKYNETbrydkclf.sys

Shadow SSDT
-------------------
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xb2fb3440

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xb2fb33b0

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xb2fb33f0

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xb2fb3330

==EOF==

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 12 August 2009 - 08:55 AM

Hi,
I will review your logs and propose a fix for review by my expert coach. I will then post instructions for you to follow. I would like to ask you to remain patient in the meantime and make no changes to the computer whatsoever unless I direct you to do so! Your fix is based on the current state of your computer and any changes could hamper the cleaning process.
Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 Viviana

Viviana
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 12 August 2009 - 12:12 PM

I give my thanks! I'll be here. However I will be vacationing on the 15th-22nd. Hopefully the thread can be put on hold or something if it needs to

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 12 August 2009 - 01:06 PM

Hello,
Your welcome.
No problem. Will probably get started before you leave. Hopefully in the next day or so. Then we can put it on hold till you return if necessary. Just make sure to remind me that you will be gone if we get to that point. :thumbup2:
Thanks,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 13 August 2009 - 07:14 AM

Hi again.
Thanks for your patience.

Please note....

One or more of the identified infections is a Backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards.

:thumbup2: If after serious consideration of the aforementioned you would like to proceed with a cleanup attempt please proceed as outlined below. :)

==========

Please also note...

:) P2P Warning :cool:

Your log indicates that you have uTorrent installed.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

And finally please note...

The following is referring to Registry Mechanic.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

==========

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt logfile
==========

Please rerun RootRepeal and post another log for my review.

==========

With your next post please provide:

* Decision in regards to Backdoor/rootkit

- If you decided to proceed -

* Combofix.txt
* RootRepeal log
* How is your computer running now?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 Viviana

Viviana
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 13 August 2009 - 02:32 PM

Well I actually was thinking about blanking it, but I need a new drive and to dig for the OS cd before I can go through with it. Since I won't be able to get around to that for a some time I think I'll try to clean it out anyway.

I had a few problems with combofix. I turned off all my anti virus programs to run it, but combofix said avg was still running and I couldn't get it to stop or uninstall it, so I just went through with it. When I first ran it, it noted that I had the rootkit and to write down these file names because it had to reboot. Then Windows did the 3 stages where it reads/deletes things before logging in. When it was all done, it logged in but I waited for a long time and I guess it froze. Manually shut down and restarted, ran combofix again and it worked but it failed to download the windows recovery console.

the filenames it stated to note:
1. C:WINDOWS\system32\drivers\SKYNETbrydkclf.sys
2. C:WINDOWS\system32\SKYNETvriaglvv.dll
3. C:WINDOWS\system32\SKYNETovppkihy.dat
4. C:WINDOWS\system32\SKYNETbtmpghvs.dll
5. C:WINDOWS\system32\SKYNEToyqpycaa.dat

combofix log
ComboFix 09-08-10.06 - Adriana Garcia 08/13/2009 13:22.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.443 [GMT -5:00]
Running from: c:\documents and settings\Adriana Garcia\Desktop\Combo-Fix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\racle~1
c:\program files\crosof~1.net
c:\program files\smante~1
c:\windows\crosof~1.net
c:\windows\dobe~1
c:\windows\kb913800.exe
c:\windows\system32\drivers\SKYNETbrydkclf.sys
c:\windows\system32\Plugins
c:\windows\system32\Plugins\ml\ml_pmp_device_Sansa m240 .ini
c:\windows\system32\SKYNETbtmpghvs.dll
c:\windows\system32\SKYNETovppkihy.dat
c:\windows\system32\SKYNEToyqpycaa.dat
c:\windows\system32\SKYNETvriaglvv.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SKYNETvgecaijc
-------\Service_SKYNETvgecaijc


((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 18:08 . 2009-08-13 18:08 -------- d-sh--w- C:\found.001
2009-08-13 00:09 . 2009-08-13 00:09 -------- d-----w- C:\14a84d70e619377519aea5d1e8
2009-08-12 18:40 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-08-12 18:40 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-08-12 18:40 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-08-12 18:40 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-08-12 18:40 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-08-12 18:40 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-08-12 18:40 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-08-12 18:40 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-12 18:40 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-12 18:38 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 18:35 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-12 18:35 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-12 18:24 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-12 18:24 . 2008-10-16 19:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-12 01:17 . 2009-08-12 01:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-11 17:11 . 2009-08-12 18:57 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-11 17:08 . 2009-08-11 17:08 -------- d-----w- c:\documents and settings\Adriana Garcia\Local Settings\Application Data\AVG Security Toolbar
2009-08-11 16:38 . 2009-08-11 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-08-11 16:38 . 2009-08-11 16:38 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-08-11 16:38 . 2009-08-11 16:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-11 16:38 . 2009-08-11 16:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-11 16:38 . 2009-08-11 16:38 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-11 16:38 . 2009-08-11 16:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-11 16:38 . 2009-08-13 11:58 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-11 16:38 . 2009-08-11 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-11 16:17 . 2009-08-11 16:17 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-08-11 16:17 . 2009-08-11 16:17 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-11 16:17 . 2009-08-11 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-11 16:10 . 2009-08-11 16:10 -------- d-----w- c:\docume~1\ADRIAN~1\APPLIC~1\AVG8
2009-08-11 16:00 . 2009-08-11 16:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-11 15:59 . 2009-08-11 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-11 15:59 . 2009-08-11 16:04 -------- d-----w- c:\program files\NOS
2009-08-11 15:38 . 2009-08-11 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-11 15:37 . 2009-08-11 15:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-11 15:37 . 2009-08-11 15:37 -------- d-----w- c:\docume~1\ADRIAN~1\APPLIC~1\SUPERAntiSpyware.com
2009-08-09 04:13 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-09 04:13 . 2009-04-03 15:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-09 04:13 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-09 04:13 . 2009-08-09 04:14 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-09 04:13 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-09 04:13 . 2009-08-09 04:20 -------- d-----w- c:\program files\Spyware Doctor
2009-08-09 04:13 . 2009-08-09 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-09 04:13 . 2009-08-09 04:13 -------- d-----w- c:\docume~1\ADRIAN~1\APPLIC~1\PC Tools
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 00:47 . 2009-08-04 00:47 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2009-08-04 00:47 . 2009-08-04 00:47 -------- d-----w- c:\program files\Global Payments Inc
2009-07-29 04:37 . 2009-07-29 04:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-07-29 04:37 . 2009-07-29 04:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 18:36 . 2009-03-22 19:07 -------- d-----w- c:\docume~1\ADRIAN~1\APPLIC~1\WTablet
2009-08-13 14:28 . 2008-03-16 16:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-11 16:03 . 2008-05-03 13:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 16:01 . 2006-10-20 02:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-11 15:42 . 2006-10-20 02:34 -------- d-----w- c:\program files\Java
2009-08-11 15:37 . 2008-05-03 13:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-11 15:00 . 2006-10-20 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-11 14:38 . 2008-05-03 14:16 -------- d-----w- c:\program files\Panda Security
2009-08-11 14:37 . 2006-10-20 02:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 14:36 . 2006-10-20 02:45 -------- d-----w- c:\program files\Microsoft Works
2009-08-11 14:26 . 2006-10-24 00:41 -------- d-----w- c:\program files\Yahoo!
2009-08-11 14:26 . 2006-10-20 02:43 -------- d-----w- c:\program files\Google
2009-08-11 14:23 . 2007-02-24 00:44 -------- d-----w- c:\docume~1\ADRIAN~1\APPLIC~1\Yahoo!
2009-08-11 14:23 . 2006-10-24 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-11 14:20 . 2008-09-15 23:45 -------- d-----w- c:\program files\IrfanView
2009-08-10 20:10 . 2008-02-24 21:27 -------- d-----w- c:\docume~1\ADRIAN~1\APPLIC~1\Ahead
2009-08-05 09:01 . 2005-08-16 09:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 18:36 . 2008-08-19 19:15 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2008-08-19 19:15 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 04:37 . 2005-08-16 09:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2005-08-16 09:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-25 10:23 . 2009-04-18 00:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 00:31 . 2009-01-25 15:06 -------- d-----w- c:\docume~1\ADRIAN~1\APPLIC~1\Canon
2009-07-17 19:01 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2005-08-16 09:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-06 20:06 . 2009-06-08 05:48 -------- d-----w- c:\docume~1\ADRIAN~1\APPLIC~1\uTorrent
2009-06-29 16:12 . 2005-08-16 09:18 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2005-08-16 09:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2005-08-16 09:18 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2005-08-16 09:18 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2005-08-16 09:18 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2005-08-16 09:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2005-08-16 09:18 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2005-08-16 09:18 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2005-08-16 09:18 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31 . 2005-08-16 09:18 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2005-08-16 09:18 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2005-08-16 09:37 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2005-08-16 09:18 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2005-08-16 09:18 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-08 12:15 . 2006-11-09 21:13 84624 ----a-w- c:\documents and settings\Adriana Garcia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-03 19:09 . 2005-08-16 09:18 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 01:50 . 2009-05-29 01:50 262144 ----a-w- C:\ntuser.dat
2008-03-17 16:11 . 2008-03-17 16:11 10 ----a-w- c:\program files\.autoreg
2008-03-17 16:11 . 2008-03-17 16:11 69632 ----a-w- c:\program files\mozilla firefox\components\ffwt.dll
2008-02-11 05:42 . 2008-02-10 18:30 88 --sh--r- c:\windows\system32\C296DA483A.sys
2006-05-03 10:06 . 2007-08-20 15:51 163328 --sh--r- c:\windows\system32\flvDX.dll
2008-06-17 01:14 . 2008-02-10 18:30 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 . 2007-08-20 15:51 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43 . 2008-03-31 10:39 27648 --sh--w- c:\windows\system32\Smab0.dll
2008-02-04 19:26 . 2008-03-31 10:39 151040 --sh--w- c:\windows\system32\VistaUltm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [2003-12-03 180224]
"NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2004-07-27 1867776]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-11 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-07-02 185784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-08-03 419088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-12 2007832]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\Adriana Garcia\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GPN VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2009-8-3 6144]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-11 16:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62515:UDP"= 62515:UDP:Fukifimworking
"62514:UDP"= 62514:UDP:Mybiatch
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/11/2009 11:38 AM 12552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/8/2009 11:13 PM 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/11/2009 11:38 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/11/2009 11:38 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/11/2009 11:37 AM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [8/11/2009 11:37 AM 1370488]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [1/24/2008 6:56 PM 2749224]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/11/2009 11:17 AM 29208]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/19/2008 2:15 PM 19096]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]
S2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;d:\insta~1e.exe --> d:\INSTA~1E.EXE [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/3/2008 8:47 AM 232720]
S2 zevaoj;zevaoj;c:\windows\system32\drivers\wfwj.sys --> c:\windows\system32\drivers\wfwj.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/11/2009 11:17 AM 29208]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 12:31 PM 42000]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [9/30/2007 9:40 AM 31872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/8/2009 11:13 PM 348752]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [3/22/2009 2:10 PM 15656]
.
Contents of the 'Scheduled Tasks' folder

2009-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-08-13 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Adriana Garcia.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-05-03 18:36]

2009-08-13 c:\windows\Tasks\Malwarebytes' Scheduled Update for Adriana Garcia.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-05-03 18:36]
.
- - - - ORPHANS REMOVED - - - -

BHO-{D8F6DCD9-AF7A-412B-B88B-9A2F6F8E4253} - (no file)
HKLM-Run-AVGIDS - c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
Notify-geBqNhfG - geBqNhfG.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\docume~1\ADRIAN~1\APPLIC~1\Mozilla\Firefox\Profiles\pdndup24.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\components\ffwt.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 13:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1604)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Adriana Garcia\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

- - - - - - - > 'explorer.exe'(2484)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Global Payments Inc\VPN Client\cvpnd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-08-13 13:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 18:49

Pre-Run: 98,037,346,304 bytes free
Post-Run: 99,361,849,344 bytes free

323 --- E O F --- 2009-08-13 08:38

root repeal log
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/13 14:03
Program Version: Version 1.3.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\Combo-Fix\catchme.sys
Address: 0xF794A000 Size: 31744 File Visible: No Signed: -
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xF7642000 Size: 60416 File Visible: No Signed: -
Status: -

Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xEC2D4000 Size: 749568 File Visible: No Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xEF6FE000 Size: 6464 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB805D000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Program Files\Activision\Vampire - Bloodlines\vampire.exe:{DCD4F0C9-42CA-B538-2451-56476B98D886}
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf7369514

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7358282

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7358474

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf7369d00

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf7369fb8

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf73683fa

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf736a422

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf73697d8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf0fef0b0

==EOF==


update
well I went through both firefox and IE and clicked a bunch of search links, and it seems the redirecting has been cured!
firefox is in safe mode, I dunno if that makes a difference

Edited by Viviana, 13 August 2009 - 02:35 PM.


#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 14 August 2009 - 06:46 AM

Hi there.
Well done. :thumbup2:
The Rootkit is gone but we still have some work to do. I will let you know when we are all clear.
Yes your right. It is important that we completely disable AVG. I have outlined how to do this below.

Please run Firefox in "Normal Mode" to make sure it is running alright.

Please do this................

Disable AVG:
Please open the AVG Control Center.

* Double-click on the "AVG Resident Shield" component (looks like this: Posted Image).
* Deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
* When you need to enable the AVG Resident Shield, reopen the AVG Control Center.
* Double-click on the "AVG Resident Shield" component, select the "Turn on AVG Resident Shield" checkmark and save the setting.

==========

Right click and delete Combofix from your desktop!

Download a fresh copy of ComboFix from one of these locations:

Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Posted Image


Download the file & save it as it's originally named to your desktop.

Disable your AntiVirus and AntiSpyware applications if you have not already done so, usually via a right click on the System Tray icon. They may otherwise interfere with our tools as you have already seen.

Posted Image
  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'No' to run the full ComboFix scan.
==========

:) Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\wfwj.sys

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62515:UDP"=-
"62514:UDP"=-
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Driver::
zevaoj


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

With your next post please provide:

* Combofix.txt
* How is your computer running now?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 Viviana

Viviana
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 15 August 2009 - 05:49 AM

Sorry, I am heading on vacation! I will be back in a week with updates on how my computer's doing. Thank you for your patience

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 15 August 2009 - 06:54 AM

Please complete the steps outlined above and post back when you have returned.
Have a nice vacation,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 Viviana

Viviana
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 24 August 2009 - 11:00 AM

Hi, sorry I actually got back a little later than expected
I don't have to reboot the computer and it doesn't freeze like before, but it can get slow and lag for a few minutes at a time. today though, I couldn't open up a particular folder and when I restarted the computer it did another CHKDSK thing..
I got the windows recovery and here's the combofix log:

ComboFix 09-08-23.01 - Adriana Garcia 08/24/2009 10:38.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.540 [GMT -5:00]
Running from: c:\documents and settings\Adriana Garcia\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Adriana Garcia\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

FILE ::
"c:\windows\system32\drivers\wfwj.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_zevaoj


((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.

2009-08-24 08:31 . 2009-08-24 08:31 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-24 08:31 . 2009-08-24 08:31 -------- d-----w- c:\program files\MSBuild
2009-08-24 08:31 . 2009-08-24 08:31 -------- d-----w- c:\program files\Reference Assemblies
2009-08-24 08:29 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-24 08:29 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-24 08:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-24 08:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-24 08:29 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-24 08:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-24 08:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-24 08:29 . 2009-08-24 08:31 -------- d-----w- C:\2f332525ccd7de831eb0c1526df51f88
2009-08-13 21:14 . 2009-08-13 21:14 -------- d-----w- c:\documents and settings\Adriana Garcia\Local Settings\Application Data\Firetongue
2009-08-13 19:27 . 2009-07-24 14:56 1062144 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-08-13 18:08 . 2009-08-13 18:08 -------- d-sh--w- C:\found.001
2009-08-13 00:09 . 2009-08-13 00:09 -------- d-----w- C:\14a84d70e619377519aea5d1e8
2009-08-12 18:40 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-08-12 18:40 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-08-12 18:40 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-08-12 18:40 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-08-12 18:40 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-08-12 18:40 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-08-12 18:40 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-08-12 18:40 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-12 18:40 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-12 18:38 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 18:35 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-12 18:35 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-12 18:24 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-12 18:24 . 2008-10-16 19:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-12 14:20 . 2009-08-11 16:37 2061592 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-08-12 14:20 . 2009-08-11 16:37 3476760 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-08-12 14:20 . 2009-08-11 16:37 1213720 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgfrw.exe
2009-08-12 14:20 . 2009-08-11 16:37 2000152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-08-12 14:20 . 2009-08-11 16:37 2295576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgfwui.dll
2009-08-12 14:20 . 2009-08-11 16:37 1126168 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-08-12 14:20 . 2009-08-11 16:37 758040 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-08-12 14:20 . 2009-08-11 16:37 1471768 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-08-12 01:17 . 2009-08-12 01:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-11 17:11 . 2009-08-14 18:06 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-11 17:08 . 2009-08-11 17:08 -------- d-----w- c:\documents and settings\Adriana Garcia\Local Settings\Application Data\AVG Security Toolbar
2009-08-11 16:38 . 2009-08-11 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-08-11 16:38 . 2009-08-11 16:38 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-08-11 16:38 . 2009-08-11 16:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-11 16:38 . 2009-08-11 16:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-11 16:38 . 2009-08-11 16:38 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-11 16:38 . 2009-08-11 16:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-11 16:38 . 2009-08-24 11:58 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-11 16:38 . 2009-08-13 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-11 16:17 . 2009-08-11 16:17 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-08-11 16:17 . 2009-08-11 16:17 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-11 16:17 . 2009-08-11 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-11 16:10 . 2009-08-11 16:10 -------- d-----w- c:\documents and settings\Adriana Garcia\Application Data\AVG8
2009-08-11 16:00 . 2009-08-11 16:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-11 15:59 . 2009-08-11 15:59 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-08-11 15:59 . 2009-08-11 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-11 15:59 . 2009-08-11 16:04 -------- d-----w- c:\program files\NOS
2009-08-11 15:42 . 2009-08-11 15:42 152576 ----a-w- c:\documents and settings\Adriana Garcia\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-11 15:38 . 2009-08-24 15:45 117760 ----a-w- c:\documents and settings\Adriana Garcia\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-11 15:38 . 2009-08-11 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-11 15:37 . 2009-08-11 15:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-11 15:37 . 2009-08-11 15:37 -------- d-----w- c:\documents and settings\Adriana Garcia\Application Data\SUPERAntiSpyware.com
2009-08-09 04:13 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-09 04:13 . 2009-04-03 15:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-09 04:13 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-09 04:13 . 2009-08-09 04:14 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-09 04:13 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-09 04:13 . 2009-08-09 04:20 -------- d-----w- c:\program files\Spyware Doctor
2009-08-09 04:13 . 2009-08-09 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-09 04:13 . 2009-08-09 04:13 -------- d-----w- c:\documents and settings\Adriana Garcia\Application Data\PC Tools
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 00:47 . 2009-08-04 00:47 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2009-08-04 00:47 . 2009-08-04 00:47 -------- d-----w- c:\program files\Global Payments Inc
2009-07-29 04:37 . 2009-07-29 04:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-07-29 04:37 . 2009-07-29 04:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 15:46 . 2009-03-22 19:07 -------- d-----w- c:\documents and settings\Adriana Garcia\Application Data\WTablet
2009-08-24 15:22 . 2008-03-16 16:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-15 07:40 . 2009-01-25 15:06 -------- d-----w- c:\documents and settings\Adriana Garcia\Application Data\Canon
2009-08-11 16:03 . 2008-05-03 13:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 16:01 . 2006-10-20 02:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-11 16:00 . 2008-08-19 19:15 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-11 15:42 . 2006-10-20 02:34 -------- d-----w- c:\program files\Java
2009-08-11 15:37 . 2008-05-03 13:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-11 15:00 . 2006-10-20 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-11 14:38 . 2008-05-03 14:16 -------- d-----w- c:\program files\Panda Security
2009-08-11 14:37 . 2006-10-20 02:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 14:36 . 2006-10-20 02:45 -------- d-----w- c:\program files\Microsoft Works
2009-08-11 14:26 . 2006-10-24 00:41 -------- d-----w- c:\program files\Yahoo!
2009-08-11 14:26 . 2006-10-20 02:43 -------- d-----w- c:\program files\Google
2009-08-11 14:23 . 2007-02-24 00:44 -------- d-----w- c:\documents and settings\Adriana Garcia\Application Data\Yahoo!
2009-08-11 14:23 . 2006-10-24 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-11 14:20 . 2008-09-15 23:45 -------- d-----w- c:\program files\IrfanView
2009-08-10 20:10 . 2008-02-24 21:27 -------- d-----w- c:\documents and settings\Adriana Garcia\Application Data\Ahead
2009-08-05 09:01 . 2005-08-16 09:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 18:36 . 2008-08-19 19:15 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2008-08-19 19:15 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 04:37 . 2005-08-16 09:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2005-08-16 09:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-25 10:23 . 2009-04-18 00:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2005-08-16 09:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-06 20:06 . 2009-06-08 05:48 -------- d-----w- c:\documents and settings\Adriana Garcia\Application Data\uTorrent
2009-06-29 16:12 . 2005-08-16 09:18 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2005-08-16 09:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2005-08-16 09:18 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2005-08-16 09:18 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2005-08-16 09:18 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2005-08-16 09:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2005-08-16 09:18 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2005-08-16 09:18 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2005-08-16 09:18 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31 . 2005-08-16 09:18 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2005-08-16 09:18 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2005-08-16 09:37 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2005-08-16 09:18 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2005-08-16 09:18 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-08 12:15 . 2006-11-09 21:13 84624 ----a-w- c:\documents and settings\Adriana Garcia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-03 19:09 . 2005-08-16 09:18 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 01:50 . 2009-05-29 01:50 262144 ----a-w- C:\ntuser.dat
2009-05-27 00:50 . 2009-05-29 01:49 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2008-03-17 16:11 . 2008-03-17 16:11 10 ----a-w- c:\program files\.autoreg
2008-03-17 16:11 . 2008-03-17 16:11 69632 ----a-w- c:\program files\mozilla firefox\components\ffwt.dll
2008-02-11 05:42 . 2008-02-10 18:30 88 --sh--r- c:\windows\system32\C296DA483A.sys
2006-05-03 10:06 . 2007-08-20 15:51 163328 --sh--r- c:\windows\system32\flvDX.dll
2008-06-17 01:14 . 2008-02-10 18:30 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 . 2007-08-20 15:51 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43 . 2008-03-31 10:39 27648 --sh--w- c:\windows\system32\Smab0.dll
2008-02-04 19:26 . 2008-03-31 10:39 151040 --sh--w- c:\windows\system32\VistaUltm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [2003-12-03 180224]
"NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2004-07-27 1867776]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-11 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-07-02 185784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-08-03 419088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-12 2007832]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\Adriana Garcia\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GPN VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2009-8-3 6144]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-11 16:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/11/2009 11:38 AM 12552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/8/2009 11:13 PM 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/11/2009 11:38 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/11/2009 11:38 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/11/2009 11:37 AM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [8/11/2009 11:37 AM 1370488]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [1/24/2008 6:56 PM 2749224]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/11/2009 11:17 AM 29208]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/19/2008 2:15 PM 19096]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]
S2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;d:\insta~1e.exe --> d:\INSTA~1E.EXE [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/3/2008 8:47 AM 232720]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/11/2009 11:17 AM 29208]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 12:31 PM 42000]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [9/30/2007 9:40 AM 31872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/8/2009 11:13 PM 348752]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [3/22/2009 2:10 PM 15656]
.
Contents of the 'Scheduled Tasks' folder

2009-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-08-24 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Adriana Garcia.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-05-03 18:36]

2009-08-15 c:\windows\Tasks\Malwarebytes' Scheduled Update for Adriana Garcia.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-05-03 18:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Adriana Garcia\Application Data\Mozilla\Firefox\Profiles\pdndup24.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\components\ffwt.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 10:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1604)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Adriana Garcia\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

- - - - - - - > 'explorer.exe'(680)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Global Payments Inc\VPN Client\cvpnd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-08-24 10:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-24 15:55
ComboFix2.txt 2009-08-13 18:50

Pre-Run: 97,165,082,624 bytes free
Post-Run: 97,214,935,040 bytes free

326 --- E O F --- 2009-08-24 08:46

Edited by Viviana, 24 August 2009 - 02:19 PM.


#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 24 August 2009 - 06:54 PM

Welcome back. :thumbup2:
Glad your vacation was good.
Lets continue.

Please do this........

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

==========

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

==========

We need to create an OTL Quick Scan
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here
==========

With your next post please provide:

* F-Secure log
* OTL log
* How is it running now?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 Viviana

Viviana
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 24 August 2009 - 11:30 PM

Hi, I removed all the java I could find and rebooted, but when I tried to install the file on my desktop, it gave me this error:
"Error 25099 Unzipping core files failed"
I looked at the Java help site and it said it was probably due to "java quick start" or any old java versions running at the same time. I couldn't find jqs.exe in processes though

Here's the F-Secure:
Scanning Report
Monday, August 24, 2009 21:41:20 - 23:15:14

Computer name: BIOHAZARD
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\
4 malware found
TrackingCookie.Adinterax (spyware)

* System (Disinfected)

TrackingCookie.Doubleclick (spyware)

* System (Disinfected)

Trojan.Generic.IS (spyware)

* System (Disinfected)

Trojan.Generic.IS.540531 (virus)

* C:\WINDOWS\SYSTEM32\URLCACHE.DLL (Not cleaned)

Statistics
Scanned:

* Files: 62885
* System: 4026
* Not scanned: 8

Actions:

* Disinfected: 3
* Renamed: 0
* Deleted: 0
* Not cleaned: 1
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_24ADF822-76F7-4481-B30B-FF1B40F8687F
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A603334FF32B42031A7C5D096F5A6744_24ADF822-76F7-4481-B30B-FF1B40F8687F

Options
Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use advanced heuristics

and the OTL scan:
OTL logfile created on: 8/24/2009 11:19:50 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Adriana Garcia\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 494.24 Mb Available Physical Memory | 48.36% Memory free
2.40 Gb Paging File | 1.77 Gb Available in Paging File | 73.51% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 139.24 Gb Free Space | 61.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIOHAZARD
Current User Name: Adriana Garcia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/08/11 11:37:44 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/11 11:37:45 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe
PRC - [2008/04/17 09:08:46 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Global Payments Inc\VPN Client\cvpnd.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2006/07/06 07:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2006/06/16 08:39:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/08/11 11:37:44 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe
PRC - [2009/08/11 11:37:54 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/11 11:37:54 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe
PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2006/06/01 16:25:00 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/30 11:14:00 | 00,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WTablet\Wacom_TabletUser.exe
PRC - [2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2005/09/29 14:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/07/24 10:20:00 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 07:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
PRC - [2005/10/05 03:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2006/03/20 16:40:32 | 00,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
PRC - [2007/07/02 17:49:27 | 00,185,784 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/12 09:20:37 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2003/12/03 10:42:49 | 00,180,224 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Simple Star\PhotoShow Deluxe\data\Xtras\mssysmgr.exe
PRC - [2009/08/11 10:57:02 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/05/26 21:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/08/04 18:10:33 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/24 21:34:28 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adriana Garcia\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/10/30 21:06:10 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/11 11:37:44 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/08/11 11:37:45 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8 [Auto | Running])
SRV - File not found -- -- (CiscoVpnInstallService [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/04/17 09:08:46 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Global Payments Inc\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2006/06/01 16:25:00 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe -- (ELService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - File not found -- -- (GoogleDesktopManager [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/07/06 07:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2004/07/16 07:48:42 | 01,163,378 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR [Auto | Stopped])
SRV - [2009/08/03 13:36:16 | 00,232,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Stopped])
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/06/16 08:39:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - [2007/01/25 12:31:34 | 00,093,048 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
SRV - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe -- (TabletServiceWacom [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\S-1-5-21-565947119-4082556615-3286707011-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.003
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..extensions.enabledItems: {BF32D2C8-9C75-404b-ACF4-880DB4679236}:1.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/11 11:17:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/08/11 11:38:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/24 03:37:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/09 20:58:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/24 03:07:46 | 00,000,000 | ---D | M]

[2008/09/21 10:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\mozilla\Extensions
[2008/09/21 10:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/24 17:42:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\mozilla\Firefox\Profiles\pdndup24.default\extensions
[2009/08/11 11:00:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\mozilla\Firefox\Profiles\pdndup24.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/06/11 23:00:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\mozilla\Firefox\Profiles\pdndup24.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2009/04/17 21:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\mozilla\Firefox\Profiles\pdndup24.default\extensions\unplug@compunach
[2007/08/08 17:52:07 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Adriana Garcia\Application Data\Mozilla\FireFox\Profiles\pdndup24.default\searchplugins\siteadvisor.xml
[2009/08/24 21:32:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 18:10:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/17 19:41:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/08/04 18:10:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 18:10:33 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/03/17 11:11:13 | 00,069,632 | ---- | M] () -- C:\Program Files\mozilla firefox\components\ffwt.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/01/16 20:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/07/02 14:37:31 | 01,316,352 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/07/02 14:38:28 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/04 18:10:34 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/07/02 17:49:39 | 00,144,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/06/09 11:35:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/09 11:35:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/09 11:35:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/09 11:35:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/09 11:35:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/09 11:35:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/09 11:35:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/07/02 17:49:49 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2007/07/02 17:49:35 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/10/02 23:08:06 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/03/07 16:23:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/07 16:23:07 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/11 12:08:47 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/03/07 16:23:07 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/07 16:23:07 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/07 16:23:07 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/07 16:23:07 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Simple Star\PhotoShow Deluxe\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Adriana Garcia\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GPN VPN Client.lnk = C:\WINDOWS\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-565947119-4082556615-3286707011-1006\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/08/24 21:41:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/08/24 21:34:27 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adriana Garcia\Desktop\OTL.exe
[2009/08/24 13:44:32 | 10,663,702 | ---- | C] () -- C:\Documents and Settings\Adriana Garcia\Desktop\The Present Tense new.mp3
[2009/08/24 11:13:43 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/24 10:38:23 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/24 10:27:49 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/08/24 10:27:45 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/24 10:27:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/08/24 10:15:36 | 03,183,186 | R--- | C] () -- C:\Documents and Settings\Adriana Garcia\Desktop\ComboFix.exe
[2009/08/24 03:31:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/24 03:31:47 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/24 03:31:29 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/24 03:29:42 | 00,000,000 | ---D | C] -- C:\2f332525ccd7de831eb0c1526df51f88
[2009/08/23 23:15:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adriana Garcia\Desktop\ok
[2009/08/23 20:27:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adriana Garcia\Desktop\New England
[2009/08/15 07:46:45 | 03,331,134 | ---- | C] () -- C:\LMI (Monster, 94).flv.MP3
[2009/08/15 07:44:08 | 04,624,598 | ---- | C] () -- C:\Documents and Settings\Adriana Garcia\Desktop\LMI (Monster, 94).flv
[2009/08/15 07:41:29 | 00,000,000 | ---- | C] () -- C:\Let Me In (Monster, 1994).MP3
[2009/08/15 05:57:47 | 05,750,297 | ---- | C] () -- C:\Documents and Settings\Adriana Garcia\Desktop\REM - let me in.flv
[2009/08/15 02:41:20 | 00,053,248 | ---- | C] () -- C:\Documents and Settings\Adriana Garcia\Desktop\bawwwston.doc
[2009/08/14 02:26:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adriana Garcia\Desktop\Top 50 R.E.M. Songs
[2009/08/14 00:43:55 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Adriana Garcia\Desktop\music project guide.doc
[2009/08/13 16:14:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adriana Garcia\Local Settings\Application Data\Firetongue
[2009/08/13 13:47:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/13 13:08:10 | 00,000,000 | -HSD | C] -- C:\found.001
[2009/08/13 09:29:38 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/13 09:29:38 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/13 09:29:38 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/13 09:29:38 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/13 09:29:38 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/13 09:29:38 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/13 09:29:38 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/13 09:29:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/13 09:26:38 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/12 22:40:55 | 13,273,465 | ---- | C] () -- C:\Documents and Settings\Adriana Garcia\Desktop\01-radiohead-these_are_my_twisted_words-%28advance%29-2009-w.mp3
[2009/08/12 19:09:23 | 00,000,000 | ---D | C] -- C:\14a84d70e619377519aea5d1e8
[2009/08/12 19:07:59 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/08/12 16:37:55 | 03,381,289 | ---- | C] () -- C:\Documents and Settings\Adriana Garcia\Desktop\Playground Love - Air.MP3
[2009/08/12 13:35:05 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/08/12 02:56:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adriana Garcia\Desktop\New Folder (2)
[2009/08/11 20:17:22 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/08/11 19:07:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Adriana Garcia\Desktop\settings.dat
[2009/08/11 19:06:34 | 00,470,528 | ---- | C] ( ) -- C:\Documents and Settings\Adriana Garcia\Desktop\RootRepeal.exe
[2009/08/11 14:29:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adriana Garcia\Desktop\Music Project
[2009/08/11 12:11:49 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/08/11 12:08:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adriana Garcia\Local Settings\Application Data\AVG Security Toolbar
[2009/08/11 11:38:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/08/11 11:38:22 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/11 11:38:22 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/08/11 11:38:22 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/11 11:38:22 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/08/11 11:38:18 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/11 11:38:17 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/11 11:38:04 | 40,128,023 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/11 11:38:03 | 00,068,038 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/11 11:38:02 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/11 11:38:01 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/11 11:38:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/08/11 11:38:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/08/11 11:17:38 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/08/11 11:17:38 | 00,029,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/08/11 11:17:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/08/11 11:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adriana Garcia\Application Data\AVG8
[2009/08/11 11:01:44 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/11 11:00:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/08/11 10:59:44 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/08/11 10:59:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/08/11 10:47:48 | 00,000,528 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Adriana Garcia.job
[2009/08/11 10:47:32 | 00,000,514 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Adriana Garcia.job
[2009/08/11 10:38:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/11 10:37:52 | 00,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/08/11 10:37:50 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/11 10:37:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adriana Garcia\Application Data\SUPERAntiSpyware.com

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\Adriana Garcia\My Documents\*.tmp files]
[2009/08/24 21:34:28 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adriana Garcia\Desktop\OTL.exe
[2009/08/24 21:26:07 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GPN VPN Client.lnk
[2009/08/24 21:25:52 | 00,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/24 21:25:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/24 21:25:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/24 21:25:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/24 21:25:21 | 10,716,93824 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/24 14:58:28 | 40,128,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/24 14:21:20 | 00,084,624 | ---- | M] () -- C:\Documents and Settings\Adriana Garcia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/24 13:44:42 | 10,663,702 | ---- | M] () -- C:\Documents and Settings\Adriana Garcia\Desktop\The Present Tense new.mp3
[2009/08/24 11:00:13 | 00,000,514 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Adriana Garcia.job
[2009/08/24 10:46:41 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/24 10:46:06 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/24 10:27:49 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/08/24 10:15:36 | 03,183,186 | R--- | M] () -- C:\Documents and Settings\Adriana Garcia\Desktop\ComboFix.exe
[2009/08/24 07:10:52 | 01,588,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/24 03:41:41 | 00,503,304 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/24 03:41:41 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/24 03:41:41 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/24 03:36:47 | 00,000,528 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Adriana Garcia.job
[2009/08/24 03:07:52 | 00,000,711 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/23 23:30:09 | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/23 23:30:03 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Adriana Garcia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/23 17:20:33 | 00,068,038 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/15 07:46:54 | 03,331,134 | ---- | M] () -- C:\LMI (Monster, 94).flv.MP3
[2009/08/15 07:46:06 | 04,624,598 | ---- | M] () -- C:\Documents and Settings\Adriana Garcia\Desktop\LMI (Monster, 94).flv
[2009/08/15 07:41:29 | 00,000,000 | ---- | M] () -- C:\Let Me In (Monster, 1994).MP3
[2009/08/15 05:57:48 | 05,750,297 | ---- | M] () -- C:\Documents and Settings\Adriana Garcia\Desktop\REM - let me in.flv
[2009/08/15 03:16:25 | 00,053,248 | ---- | M] () -- C:\Documents and Settings\Adriana Garcia\Desktop\bawwwston.doc
[2009/08/14 02:40:15 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Adriana Garcia\Desktop\music project guide.doc
[2009/08/13 03:37:19 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/12 22:40:58 | 13,273,465 | ---- | M] () -- C:\Documents and Settings\Adriana Garcia\Desktop\01-radiohead-these_are_my_twisted_words-%28advance%29-2009-w.mp3
[2009/08/12 18:26:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/12 16:38:05 | 03,381,289 | ---- | M] () -- C:\Documents and Settings\Adriana Garcia\Desktop\Playground Love - Air.MP3
[2009/08/11 19:07:00 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Adriana Garcia\Desktop\settings.dat
[2009/08/11 11:38:22 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/11 11:38:22 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/08/11 11:38:22 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/11 11:38:22 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/08/11 11:38:18 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/11 11:38:17 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/11 11:38:03 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/11 11:38:02 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/11 11:17:38 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/08/11 11:17:38 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/08/11 11:01:44 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/11 10:37:52 | 00,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk

========== LOP Check ==========

[2006/10/19 21:47:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/08/11 11:10:32 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data
[2009/08/10 15:10:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\Ahead
[2009/04/10 10:59:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\Any Video Converter
[2008/12/21 23:41:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\AVS4YOU
[2007/09/27 05:13:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\Azureus
[2009/08/15 02:40:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\Canon
[2008/09/14 12:16:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\COWON
[2008/06/29 11:12:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\Games
[2008/02/24 16:03:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\Leadertech
[2009/03/31 23:55:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\LimeWire
[2008/10/30 18:48:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\Move Networks
[2009/02/05 23:52:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\MSNInstaller
[2006/10/27 22:44:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\Opera
[2008/01/13 22:01:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\Paltalk
[2008/01/15 22:40:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\Simple Star
[2008/01/11 16:06:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\Thinstall
[2009/07/06 15:06:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\uTorrent
[2009/08/24 21:25:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adriana Garcia\Application Data\WTablet
[2009/08/24 21:41:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/21 18:41:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/08/13 14:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2008/02/18 02:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/01/04 16:26:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/02/11 20:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2009/08/11 11:38:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/07/31 14:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/08/24 21:41:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/08/19 01:12:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2008/08/19 10:15:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2008/06/29 11:10:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2009/08/24 10:22:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/07/01 17:15:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/08/11 10:00:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/10/19 21:47:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2009/08/11 10:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2009/06/03 20:33:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WTablet
[2005/08/16 04:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/08/12 18:26:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/24 03:36:47 | 00,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\Malwarebytes' Scheduled Scan for Adriana Garcia.job
[2009/08/24 11:00:13 | 00,000,514 | ---- | M] () -- C:\WINDOWS\Tasks\Malwarebytes' Scheduled Update for Adriana Garcia.job
[2009/08/24 21:25:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

========== Files - Unicode (All) ==========
[2008/03/20 11:56:06 | 00,000,000 | ---D | C](C:\Documents and Settings\Adriana Garcia\My Documents\??curity) -- C:\Documents and Settings\Adriana Garcia\My Documents\ѕеcurity
[2008/03/20 11:56:06 | 00,000,000 | ---D | M](C:\Documents and Settings\Adriana Garcia\My Documents\??curity) -- C:\Documents and Settings\Adriana Garcia\My Documents\ѕеcurity
< End of report >

edit: I deleted some left over files C:\Program Files\Java which weren't deleted when I uninstalled, and the new java installed. please tell me if I should redo any of the scans now that it's working

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 25 August 2009 - 09:52 PM

Hi there,
Sorry for the delay. I will review the logs and post your next step shortly.
Thanks,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users