Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with trojan horse agent2.ONT, agent2.NWG, agent2.ONU and more.


  • This topic is locked This topic is locked
6 replies to this topic

#1 sandyjames

sandyjames

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 11 August 2009 - 11:35 PM

AVG scan results says that I have password protected files and locked files that it can not test. I believe this is a result of the infection. I have also run spybot search and destroy and hijackthis and the only thing I have accomplished is obviously screwing up my registry.
Also AVG scan results have found trojan horse backdoor small xvx. I have also tried windows defender and vcleaner. also used another program tfc which cleared all temporary files but .no fix. Any help will be greatly appreciated. Sandy


DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 23:00:11.93 on Tue 08/11/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-

5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program

files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program

files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} -

c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} -

c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} -

c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} -

c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program

files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program

files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2

\office11\REFIEBAR.DLL
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application

data\google\update\GoogleUpdate.exe" /c
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [HughesNetTools_McciTrayApp] c:\program files\hughesnettools\1

\McciTrayApp_SSR.exe
mRun: [S3TRAY2] S3tray2.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft

shared\works shared\WkUFind.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0

\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [VTPreset] VTPreset.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
uPolicies-explorer: NoSMMyPictures = 01000000
IE: &Links to this page - c:\documents and settings\all users\application data\tuneup

software\tuneup utilities\web\gbacklinks.htm
IE: &Search - ?p=ZKfox001
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.18

\amvconverter\grab.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-

96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-

206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: SpSubLSP.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?

linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?

1239136147843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} -

hxxp://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program

files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: dc72fa18648 - c:\windows\system32\dssec32.dll
Notify: igfxcui - igfxsrvc.dll
Notify: khfeEwuR - khfeEwuR.dll
Notify: __c007BFF - c:\windows\system32\__c007BFF.dat
AppInit_DLLs: c:\windows\system32\dssec32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: {A177C1C1-EF04-4FCC-8A4B-FE956DC0A099} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-

7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJyyYRI

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\wkpdzkf8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\documents and settings\owner\application

data\mozilla\firefox\profiles\wkpdzkf8.default\extensions\{62760fd6-b943-48c9-ab09-

f99c6fe96088}\platform\winnt\components\EbayAccessService.dll
FF - component: c:\documents and settings\owner\application

data\mozilla\firefox\profiles\wkpdzkf8.default\extensions\{62760fd6-b943-48c9-ab09-

f99c6fe96088}\platform\winnt\components\EbayFormSubmitObserver.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8

\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8

\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8

\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8

\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\{4037a226-f33f-427c-803c-

db710db665ea}\components\bhelper.dll
FF - plugin: c:\documents and settings\owner\local settings\application

data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);
============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-08-11 17:02 <DIR> --d----- c:\program files\Misc. Support Library (Spybot -

Search & Destroy)
2009-08-11 17:02 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search

& Destroy)
2009-08-06 20:50 <DIR> --dsh--- c:\windows\system32\SystemX86
2009-08-06 11:04 2,855 a------- C:\NTDETECT.PIF
2009-08-06 11:03 <DIR> --d-h--- c:\windows\PIF
2009-08-04 02:26 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-08-04 02:15 <DIR> --d----- c:\program files\Orban
2009-08-01 01:11 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-01 00:51 <DIR> --d----- c:\program files\MSXML 4.0
2009-07-31 11:25 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-31 11:05 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-31 11:05 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-31 11:05 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 11:04 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-31 11:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-07-31 11:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-31 04:34 <DIR> --d----- c:\docume~1\owner\applic~1\AVG8
2009-07-31 03:14 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-07-31 03:14 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-07-31 03:14 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-07-31 03:14 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-07-31 03:14 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-07-31 03:14 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-31 03:14 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-07-31 03:14 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-07-31 03:14 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-07-31 03:00 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-07-31 02:35 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-07-31 01:56 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-07-30 12:12 <DIR> --d----- c:\docume~1\owner\applic~1\AVS4YOU
2009-07-30 12:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-07-30 12:07 <DIR> --d----- c:\program files\common files\AVSMedia
2009-07-30 12:07 <DIR> --d----- c:\program files\AVS4YOU
2009-07-27 15:19 18,108 a------- c:\windows\GnuHashes.ini
2009-07-27 15:12 615 a------- c:\windows\system32\b3F1FI6.vbs
2009-07-27 15:10 117,760 a------- c:\windows\system32\dssec32.dll
2009-07-27 15:10 615 a------- c:\windows\system32\kLldRB4I931pQ.vbs
2009-07-27 01:49 11 a------- c:\windows\3DShadow.INI
2009-07-27 00:22 44,544 -------- c:\windows\AWuninstall.exe
2009-07-21 16:15 <DIR> --d----- c:\program files\Oberon Media
2009-07-21 16:15 <DIR> --d----- c:\program files\common files\Oberon Media
2009-07-21 16:14 <DIR> --d----- c:\program files\MySpace Games
2009-07-16 01:40 89 a------- c:\windows\ULead32.ini
2009-07-15 23:02 78 a---h--- c:\windows\Au1tgr.ns
2009-07-15 22:59 78 a---h--- c:\windows\Xwdupv.ns
2009-07-15 22:59 16 a------- c:\windows\Wininit.ini
2009-07-15 22:59 <DIR> --d----- c:\windows\Profiles
2009-07-15 22:59 35,328 -------- c:\windows\INETWH32.DLL
2009-07-15 22:59 26,832 -------- c:\windows\CTL3DV2.DLL
2009-07-15 22:59 4,528 -------- c:\windows\SETBROWS.EXE
2009-07-15 22:59 <DIR> --d----- c:\windows\Noslip
2009-07-15 22:59 9,136 -------- c:\windows\INETWH16.DLL
2009-07-15 11:35 <DIR> --d----- c:\docume~1\owner\applic~1\AKVIS LLC
2009-07-15 11:32 <DIR> --d----- c:\program files\AKVIS

==================== Find3M ====================

2009-08-10 18:26 14,336 a------- c:\windows\system32\svchost.exe
2009-08-05 13:43 2,581 ac------ c:\windows\checkip.dat
2009-08-05 13:39 2,578 ac------ c:\windows\ipconfig.dat
2009-06-26 11:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-26 11:50 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-13 00:03 112,911 a------- c:\windows\hpoins07.dat
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2012-06-09 10:08 1,537 ac-sh--- c:\windows\page files\maxmeg.sys
2003-08-31 06:52 0 ac-sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 23:03:48.29 ===============


Attached File  Attach.txt   5.64KB   2 downloads

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:34 AM

Posted 13 August 2009 - 12:53 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 sandyjames

sandyjames
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 14 August 2009 - 10:49 AM

Thank You for your help. I ran the mbam and the otl report. Here is the log from the otl.

OTL logfile created on: 8/14/2009 10:19:25 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

351.48 Mb Total Physical Memory | 59.13 Mb Available Physical Memory | 16.82% Memory free
1.58 Gb Paging File | 1.18 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.28 Gb Total Space | 18.22 Gb Free Space | 54.76% Space Free | Partition Type: NTFS
Drive D: | 3.97 Gb Total Space | 0.14 Gb Free Space | 3.60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-SZ6X6SEFXO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/31 11:03:19 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2002/09/04 14:11:04 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/10/15 16:34:44 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2009/07/31 11:03:43 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/31 11:03:45 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [1998/05/07 18:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\windows\system\hpsysdrv.exe
PRC - [2002/07/31 21:28:38 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\ps2.exe
PRC - [2007/11/20 16:36:25 | 01,454,592 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
PRC - [2003/02/25 04:33:14 | 00,069,632 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\S3tray2.exe
PRC - [2002/07/24 21:20:02 | 00,028,672 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/05/11 23:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/07/31 11:03:35 | 02,000,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2008/11/18 14:40:44 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/05/11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2003/03/21 18:52:06 | 00,552,960 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
PRC - [2005/05/12 00:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2005/05/11 23:16:22 | 00,077,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
PRC - [2009/06/13 00:20:24 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/14 10:17:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 19:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/07/31 11:03:19 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/08/05 10:49:15 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/03/31 20:24:54 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - File not found -- -- (Iomega Activity Disk2 [Disabled | Stopped])
SRV - [2002/09/04 14:11:04 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services [Auto | Running])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/10/15 16:34:44 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/06/16 14:36:46 | 00,117,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.dll -- (usnsvc [On_Demand | Stopped])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/10/01 10:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2009/07/31 11:05:17 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/07/31 11:05:14 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/31 11:05:29 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2004/11/29 17:51:52 | 00,122,928 | ---- | M] (SP) -- C:\WINDOWS\System32\Drivers\SPCA561.SYS -- (CA561 [On_Demand | Stopped])
DRV - [2002/11/28 09:18:04 | 00,015,360 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
DRV - [2003/09/20 14:23:06 | 00,009,728 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
DRV - [2002/11/28 05:43:49 | 00,022,016 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD [Boot | Running])
DRV - [2003/02/22 21:55:26 | 00,141,824 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k [Boot | Running])
DRV - [2003/09/25 23:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.SYS -- (GTNDIS5 [On_Demand | Stopped])
DRV - [2005/03/07 23:43:25 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2005/03/07 23:43:26 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2005/03/07 23:43:27 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2003/03/14 03:13:04 | 00,090,395 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2002/09/04 14:11:08 | 00,030,258 | ---- | M] (Iomega Corporation) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk [Boot | Running])
DRV - [2001/04/30 19:50:28 | 00,014,848 | ---- | M] () -- C:\Program Files\@stake\LC4\lc3pkt.sys -- (lc3pkt_2.1 [On_Demand | Stopped])
DRV - [2004/08/04 00:41:35 | 00,606,684 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
DRV - [2007/10/15 16:36:07 | 00,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped])
DRV - [2007/10/15 16:36:07 | 00,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Stopped])
DRV - [2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2002/09/06 20:24:00 | 00,013,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp [Boot | Running])
DRV - [2008/04/13 13:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
DRV - [2002/08/29 05:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
DRV - [2002/08/29 05:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
DRV - [2004/11/19 08:40:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2002/07/29 23:43:50 | 00,023,808 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/04 00:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2004/03/02 14:02:30 | 00,167,040 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3Psddr [On_Demand | Running])
DRV - [2004/03/02 14:02:30 | 00,167,040 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3SavageNB [On_Demand | Stopped])
DRV - [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/02/26 21:19:50 | 00,260,736 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys -- (SiS315 [On_Demand | Stopped])
DRV - [2002/12/25 00:09:48 | 00,030,848 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP [Boot | Running])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2002/11/15 12:29:46 | 00,073,480 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
DRV - [2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2002/12/27 13:41:00 | 00,026,880 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1 [Boot | Running])
DRV - [2004/05/07 14:47:10 | 00,079,616 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\rt2500usb.sys -- (WUSB54GV4SRV [On_Demand | Stopped])
DRV - [2003/03/14 03:14:28 | 00,112,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/03/14 03:14:16 | 00,078,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\S-1-5-21-2814573802-1274401865-2401023706-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\S-1-5-21-2814573802-1274401865-2401023706-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.2.48
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {2aa17f4f-3c91-4329-b669-ec76dd902591}:1.3.1.7
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.2.3
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:1.6.6
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.5.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.8
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.38
FF - prefs.js..extensions.enabledItems: sxipper@sxip.com:2.2.2
FF - prefs.js..extensions.enabledItems: {4037A226-F33F-427c-803C-DB710DB665EA}:2.0.0.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/07/31 11:03:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/07/31 11:04:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/30 21:24:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/11 18:19:42 | 00,000,000 | ---D | M]

[2008/12/01 13:30:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/12/01 13:30:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/10/30 00:05:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\home2@tomtom.com
[2009/08/13 22:09:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\wkpdzkf8.default\extensions
[2009/01/26 20:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\wkpdzkf8.default\extensions\{2aa17f4f-3c91-4329-b669-ec76dd902591}
[2008/12/01 13:54:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\wkpdzkf8.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2008/12/01 13:54:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\wkpdzkf8.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2009/03/16 17:55:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\wkpdzkf8.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2009/07/25 23:55:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\wkpdzkf8.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/12/01 15:19:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\wkpdzkf8.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2008/12/01 13:54:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\wkpdzkf8.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2009/02/13 11:55:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\wkpdzkf8.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/07/31 00:13:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\wkpdzkf8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/12/01 13:54:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\wkpdzkf8.default\extensions\ilab@intuit
[2009/07/25 23:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\wkpdzkf8.default\extensions\sxipper@sxip.com
[2009/08/13 22:09:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/02/13 02:09:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{4037A226-F33F-427c-803C-DB710DB665EA}
[2009/06/13 00:20:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/10 11:05:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/05 19:56:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/09 17:41:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/06/13 00:20:23 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/13 00:20:23 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/06/13 00:20:25 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/06/11 23:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/12/01 12:01:02 | 00,114,540 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2008/10/30 01:00:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/30 01:00:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/01 21:38:50 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2008/10/30 01:00:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/30 01:00:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/30 01:00:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/30 01:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (319159 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10946 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HughesNetTools_McciTrayApp] C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\System32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTPreset] C:\WINDOWS\System32\VTPreset.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003..\Run: [Google Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce\Setup: [Aspi Update] C:\Temp\aspi32.exe (Adaptec)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe (TLC Productivity Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (interMute, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]
O8 - Extra context menu item: &Links to this page - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm File not found
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-2814573802-1274401865-2401023706-1003\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1239136147843 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} http://phughescw.hughes.motive.com/wizlet/.../Mcci_6-1-0.cab (McciContext Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.165.10 67.142.165.11
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\khfeEwuR: DllName - khfeEwuR.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {A177C1C1-EF04-4FCC-8A4B-FE956DC0A099} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\mlJyyYRI) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/10 04:49:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 04:02:32 | 00,000,045 | -HS- | M] () - D:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{4631a94a-a5d8-11dd-8ed9-0040ca5b3f32}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/14 10:17:09 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/08/13 22:58:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/08/13 22:58:29 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/13 22:58:23 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/13 22:58:21 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/13 22:58:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/13 22:58:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/13 22:54:23 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/08/13 12:26:16 | 00,002,800 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/08/13 12:24:39 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/08/13 12:24:39 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/08/13 12:24:38 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/08/13 12:24:37 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/08/13 12:24:36 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/08/13 12:24:35 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/08/13 12:24:35 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/08/13 12:24:34 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/08/13 12:24:33 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/08/13 12:24:32 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/08/13 12:24:32 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/08/13 12:24:31 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/08/13 12:24:31 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/08/13 12:24:29 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/08/13 12:24:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SmitfraudFix
[2009/08/13 12:22:17 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\roguescanfix_setup.lnk
[2009/08/13 12:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\roguescanfix
[2009/08/13 10:01:46 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/13 10:01:19 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/11 22:56:48 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/08/11 22:00:53 | 00,915,195 | ---- | C] (Beamerke ) -- C:\Documents and Settings\Owner\Desktop\roguescanfix_setup.exe
[2009/08/11 21:59:52 | 01,885,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe
[2009/08/11 17:10:16 | 00,000,941 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/08/11 17:03:14 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\setup-spybotsd162.exe
[2009/08/11 17:02:28 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2009/08/11 17:02:28 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/08/11 15:48:54 | 06,573,721 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\u7avi1640m6.bin
[2009/08/11 14:22:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RootRepeal
[2009/08/10 22:18:43 | 00,462,996 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2009/08/10 22:01:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\hijackthis
[2009/08/10 19:17:44 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/08/10 14:13:05 | 02,701,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rmdndup.exe
[2009/08/10 14:08:55 | 00,053,248 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rmstubby.exe
[2009/08/06 11:04:43 | 00,002,855 | ---- | C] () -- C:\NTDETECT.PIF
[2009/08/06 11:03:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/08/06 10:45:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\avgresults
[2009/08/05 22:22:14 | 44,467,256 | ---- | C] (Norman ASA) -- C:\Documents and Settings\Owner\Desktop\Norman_Malware.exe
[2009/08/05 04:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/04 02:29:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Media Player Classic
[2009/08/04 02:26:35 | 00,000,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2009/08/04 02:26:27 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/08/04 02:16:00 | 00,001,647 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Tuner2 - your ears will know.lnk
[2009/08/04 02:16:00 | 00,000,844 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AAC-aacPlus Plugin Read Me.lnk
[2009/08/04 02:15:58 | 00,000,000 | ---D | C] -- C:\Program Files\Orban
[2009/08/04 02:10:58 | 07,709,881 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\klcodec500s.exe
[2009/08/04 01:20:39 | 00,718,101 | ---- | C] (Orban, Inc. ) -- C:\Documents and Settings\Owner\Desktop\setup_AAC_aacPlus_plugin_1_0_44.exe
[2009/08/02 22:37:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MyCashEmpire-FREE
[2009/08/01 21:38:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Security Toolbar
[2009/08/01 21:27:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\V.Remove
[2009/08/01 21:22:44 | 05,154,304 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WindowsDefender (2).msi
[2009/08/01 01:11:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/08/01 00:51:36 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/07/31 11:25:30 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/07/31 11:05:33 | 00,001,515 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/07/31 11:05:30 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/07/31 11:05:28 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/07/31 11:05:17 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/31 11:05:13 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/07/31 11:04:34 | 39,840,786 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/31 11:04:31 | 00,065,154 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/31 11:04:29 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/07/31 11:04:22 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/07/31 11:04:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/07/31 11:04:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/07/31 11:03:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/07/31 04:34:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG8
[2009/07/31 03:14:17 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/07/31 03:14:16 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/07/31 03:14:15 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/07/31 03:14:15 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/07/31 03:14:15 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/07/31 03:14:15 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/07/31 03:14:15 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/07/31 03:14:15 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/07/31 03:14:14 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/07/31 03:00:21 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/07/31 02:52:04 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/07/31 02:48:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/07/31 02:35:34 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/07/31 01:56:58 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/07/30 12:20:22 | 01,909,601 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\P7160001.wmv
[2009/07/30 12:12:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVS4YOU
[2009/07/30 12:12:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/07/30 12:07:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009/07/30 12:07:22 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009/07/30 11:06:34 | 09,581,530 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\P7160001.MOV
[2009/07/28 13:02:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2009/07/28 13:02:43 | 00,002,292 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2009/07/28 12:59:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2009/07/28 12:59:45 | 00,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2814573802-1274401865-2401023706-1003UA.job
[2009/07/28 12:59:42 | 00,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2814573802-1274401865-2401023706-1003Core.job
[2009/07/28 12:58:16 | 00,570,024 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Owner\Desktop\ChromeSetup.exe
[2009/07/27 15:12:25 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\b3F1FI6.vbs
[2009/07/27 15:11:00 | 00,005,493 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000006934c5cb648C.manifest
[2009/07/27 15:11:00 | 00,002,464 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000006934c5cb648P.manifest
[2009/07/27 15:11:00 | 00,000,565 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000006934c5cb648O.manifest
[2009/07/27 15:11:00 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000006934c5cb648S.manifest
[2009/07/27 15:10:57 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\kLldRB4I931pQ.vbs
[2009/07/27 01:49:59 | 00,000,011 | ---- | C] () -- C:\WINDOWS\3DShadow.INI
[2009/07/27 00:22:56 | 00,044,544 | ---- | C] () -- C:\WINDOWS\AWuninstall.exe
[2009/07/21 16:22:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2009/07/21 16:22:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/07/21 16:15:01 | 00,000,000 | ---D | C] -- C:\Program Files\Oberon Media
[2009/07/21 16:15:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2009/07/21 16:14:59 | 00,000,000 | ---D | C] -- C:\Program Files\MySpace Games
[2009/07/17 14:01:06 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2009/07/16 01:40:36 | 00,000,089 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2009/07/15 23:02:12 | 00,000,078 | -H-- | C] () -- C:\WINDOWS\Au1tgr.ns
[2009/07/15 22:59:19 | 00,000,078 | -H-- | C] () -- C:\WINDOWS\Xwdupv.ns
[2009/07/15 22:59:19 | 00,000,016 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009/07/15 22:59:13 | 00,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL
[2009/07/15 22:59:13 | 00,026,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\CTL3DV2.DLL
[2009/07/15 22:59:13 | 00,004,528 | ---- | C] () -- C:\WINDOWS\SETBROWS.EXE
[2009/07/15 22:59:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2009/07/15 22:59:12 | 00,009,136 | ---- | C] () -- C:\WINDOWS\INETWH16.DLL
[2009/07/15 22:59:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\Noslip
[2009/07/15 11:35:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AKVIS LLC
[2009/07/15 11:33:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AKVIS
[2009/07/15 11:32:16 | 00,000,000 | ---D | C] -- C:\Program Files\AKVIS
[2009/05/18 23:43:02 | 00,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2009/05/18 23:43:02 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2009/05/18 23:43:02 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009/04/03 00:14:03 | 00,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2008/11/10 21:27:45 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/10/29 10:53:21 | 01,052,210 | -HS- | C] () -- C:\WINDOWS\System32\nqshuvrj.ini
[2008/10/28 10:18:29 | 01,028,604 | -HS- | C] () -- C:\WINDOWS\System32\vocxunrm.ini
[2008/10/28 09:16:54 | 01,028,568 | -HS- | C] () -- C:\WINDOWS\System32\qrwhnajb.ini
[2008/10/28 09:15:27 | 00,936,506 | -HS- | C] () -- C:\WINDOWS\System32\CIiOrtwa.ini
[2008/10/24 17:33:24 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/03/28 15:12:00 | 00,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2007/01/02 23:27:19 | 00,000,196 | ---- | C] () -- C:\WINDOWS\AToolBar.INI
[2007/01/02 00:08:26 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/01/02 00:07:23 | 00,001,628 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/01/01 02:29:48 | 00,000,008 | ---- | C] () -- C:\WINDOWS\sdcomchk.ini
[2007/01/01 02:23:41 | 00,000,009 | ---- | C] () -- C:\WINDOWS\winxfigt.sys
[2006/11/16 00:20:29 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/11/13 23:31:29 | 00,000,100 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2006/11/13 23:30:58 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006/11/13 23:30:56 | 00,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006/11/13 23:18:13 | 00,000,147 | ---- | C] () -- C:\WINDOWS\Disney's Magic Artist.INI
[2006/11/08 12:45:47 | 00,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2006/07/24 18:18:57 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/22 22:24:54 | 00,000,066 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/07/21 18:57:53 | 00,000,915 | ---- | C] () -- C:\WINDOWS\ARTWORKS.INI
[2006/07/05 13:42:39 | 00,000,895 | ---- | C] () -- C:\WINDOWS\ULEAD.INI
[2006/06/25 00:58:53 | 00,000,031 | ---- | C] () -- C:\WINDOWS\System32\Days5.ini
[2006/06/15 11:56:31 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/06/15 11:48:00 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/06/14 22:19:12 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/06 10:41:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/07/12 15:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/09/16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/03/23 17:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/04/10 06:33:14 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/04/10 06:33:14 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/10 06:10:20 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/10 06:08:02 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/10 06:08:01 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/10 06:07:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 06:07:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/04/10 06:00:09 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/10 05:59:52 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/10 05:53:45 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 05:16:02 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/10 05:06:11 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/10 05:06:11 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/10 05:05:46 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/10 04:53:32 | 00,000,861 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/10 04:37:43 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 04:37:23 | 00,000,993 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/04/10 04:37:19 | 00,000,284 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/04/10 02:08:18 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 02:08:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 14:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[2009/08/14 10:17:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/08/14 10:05:05 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2814573802-1274401865-2401023706-1003UA.job
[2009/08/14 09:18:47 | 00,065,154 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/14 09:18:29 | 39,840,786 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/14 09:15:30 | 00,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/08/14 09:09:16 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/14 09:05:06 | 00,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/08/14 09:04:18 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/08/14 09:04:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/14 09:04:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/13 22:58:29 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/13 22:55:23 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/08/13 22:54:10 | 00,002,464 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000006934c5cb648P.manifest
[2009/08/13 21:43:24 | 00,005,493 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000006934c5cb648C.manifest
[2009/08/13 21:36:47 | 00,000,565 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000006934c5cb648O.manifest
[2009/08/13 21:36:47 | 00,000,011 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000006934c5cb648S.manifest
[2009/08/13 12:51:43 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/13 12:26:19 | 00,002,800 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/08/13 12:22:17 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\roguescanfix_setup.lnk
[2009/08/13 09:29:56 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/11 22:57:44 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/08/11 22:02:00 | 01,885,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe
[2009/08/11 22:01:51 | 00,915,195 | ---- | M] (Beamerke ) -- C:\Documents and Settings\Owner\Desktop\roguescanfix_setup.exe
[2009/08/11 17:10:16 | 00,000,941 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/08/11 17:05:35 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\setup-spybotsd162.exe
[2009/08/11 15:49:36 | 06,573,721 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\u7avi1640m6.bin
[2009/08/11 14:28:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/08/11 13:04:21 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2814573802-1274401865-2401023706-1003Core.job
[2009/08/10 22:19:19 | 00,462,996 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2009/08/10 19:18:03 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/08/10 18:26:42 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[2009/08/10 18:26:42 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe
[2009/08/10 14:13:39 | 02,701,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rmdndup.exe
[2009/08/10 14:09:13 | 00,053,248 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rmstubby.exe
[2009/08/06 11:04:43 | 00,002,855 | ---- | M] () -- C:\NTDETECT.PIF
[2009/08/05 22:28:09 | 44,467,256 | ---- | M] (Norman ASA) -- C:\Documents and Settings\Owner\Desktop\Norman_Malware.exe
[2009/08/05 19:58:22 | 00,402,406 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/05 19:58:22 | 00,063,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/05 19:58:21 | 00,472,194 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/05 19:05:24 | 00,002,292 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2009/08/05 13:43:47 | 00,002,581 | ---- | M] () -- C:\WINDOWS\checkip.dat
[2009/08/05 13:39:32 | 00,002,578 | ---- | M] () -- C:\WINDOWS\ipconfig.dat
[2009/08/05 04:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 04:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/04 02:26:35 | 00,000,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2009/08/04 02:16:00 | 00,001,647 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Tuner2 - your ears will know.lnk
[2009/08/04 02:16:00 | 00,000,844 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AAC-aacPlus Plugin Read Me.lnk
[2009/08/04 02:12:14 | 07,709,881 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\klcodec500s.exe
[2009/08/04 01:21:04 | 00,718,101 | ---- | M] (Orban, Inc. ) -- C:\Documents and Settings\Owner\Desktop\setup_AAC_aacPlus_plugin_1_0_44.exe
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/01 02:12:38 | 00,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/01 01:13:34 | 00,000,993 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/01 01:13:28 | 00,000,045 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/07/31 17:15:00 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/07/31 11:05:33 | 00,001,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/07/31 11:05:30 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/07/31 11:05:29 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/07/31 11:05:17 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/31 11:05:14 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/07/31 11:04:31 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/07/31 11:04:29 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/07/31 03:52:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/31 03:52:03 | 00,000,230 | -HS- | M] () -- C:\boot.ini
[2009/07/31 02:44:55 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WindowsDefender (2).msi
[2009/07/30 12:21:55 | 01,909,601 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\P7160001.wmv
[2009/07/30 11:29:15 | 09,581,530 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\P7160001.MOV
[2009/07/29 19:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/28 12:58:18 | 00,570,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Desktop\ChromeSetup.exe
[2009/07/27 17:27:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/07/27 15:12:25 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\b3F1FI6.vbs
[2009/07/27 15:10:57 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\kLldRB4I931pQ.vbs
[2009/07/27 03:04:44 | 00,000,089 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2009/07/27 01:49:59 | 00,000,011 | ---- | M] () -- C:\WINDOWS\3DShadow.INI
[2009/07/27 00:22:56 | 00,044,544 | ---- | M] () -- C:\WINDOWS\AWuninstall.exe
[2009/07/26 20:08:01 | 00,064,512 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/21 21:55:50 | 01,381,022 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/07/20 18:12:28 | 00,000,861 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2009/07/18 11:05:06 | 03,069,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/18 11:05:06 | 03,069,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/18 11:05:06 | 01,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll
[2009/07/18 11:05:06 | 01,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2009/07/17 14:01:06 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2009/07/17 14:01:06 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atl.dll
[2009/07/16 12:26:58 | 00,000,078 | -H-- | M] () -- C:\WINDOWS\Xwdupv.ns
[2009/07/16 01:40:38 | 00,000,078 | -H-- | M] () -- C:\WINDOWS\Au1tgr.ns
[2009/07/15 23:02:12 | 00,000,016 | ---- | M] () -- C:\WINDOWS\Wininit.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\svchost.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\sonydcam.sys:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Program Files\NOS\bin\getPlus_HelperSvc.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\P7160001.MOV:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:SummaryInformation
< End of report >

There was also an extra log created by otl. Wasn't sure if you needed it so here it is as well.

OTL Extras logfile created on: 8/14/2009 10:19:25 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

351.48 Mb Total Physical Memory | 59.13 Mb Available Physical Memory | 16.82% Memory free
1.58 Gb Paging File | 1.18 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.28 Gb Total Space | 18.22 Gb Free Space | 54.76% Space Free | Partition Type: NTFS
Drive D: | 3.97 Gb Total Space | 0.14 Gb Free Space | 3.60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-SZ6X6SEFXO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2814573802-1274401865-2401023706-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Disabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Disabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Disabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe" = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576 -- ()
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone) -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Disabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Disabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-3976-4267-9F39-1DC4745090B7}" = Microsoft Learning and Research Plus Support Files
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{08B07E0D-F182-49A9-A409-624B43946DFA}" = EffettoVisivo Intellistamp
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F4877D9-C72C-5882-63A2-088D973CEBE9}" = MyStylez
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}" = Serif PagePlus SE 1.0
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 14
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4C4F2C25-3D14-46C5-8D0D-BCD202AD5D9B}" = AKVIS Coloriage
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B2029A4-1854-42BC-96B6-4ACE5F5414BD}" = ArtRage 2 Starter Edition
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7A837109-E671-470D-B489-F1EBE471D220}" = Windows Live Messenger
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{8466123B-2CBE-4809-8FAF-94D1F76BC4FE}" = AKVIS Chameleon
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.18
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9770A25C-45A7-478E-AF50-4FDE53EED270}" = American Greetings CreataCard Select 6
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BBF28FAC-101D-4F03-8F95-B99396C5AA9D}" = LC4
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{CB0888EE-96D8-4713-84DC-36462C33AEB4}" = Bazooka Scanner
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"360Share" = 360Share(remove only)
"3D Shadow by Lokas Software" = 3D Shadow by Lokas Software
"ActMon Write All Stored Passwords (WASP)_is1" = ActMon Write All Stored Passwords (WASP)
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Apophysis 2.0" = Apophysis 2.0
"As Simple As Photoshop_is1" = As Simple As Photoshop
"Ask Toolbar_is1" = Ask Toolbar
"audcle" = Plus! MP3 Audio Converter LE
"AVG8Uninstall" = AVG Free 8.5
"BackWeb-1940576 Uninstaller" = Compaq Connections
"CloneCD" = CloneCD
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.pxldesigns.MyStylez.E5593223B402BB83A41F832F6917FE4E2A0173C1.1" = MyStylez
"CSS Button Designer" = CSS Button Designer
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"G-Force" = G-Force
"Glary Utilities_is1" = Glary Utilities 2.11.0.638
"GML Matting_is1" = GML Matting 0.3
"Harry's Filters_is1" = Harry's Filters 3.01
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HughesNetTools" = HughesNetTools
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"Instant Support" = Instant Support
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Standard)
"Little Ink Pot's Thredgeholder Plugin_is1" = Thredgeholder Plugin v 1.0
"Little Ink Pot's Xpose Plugin_is1" = Xpose Plugin v 1.0
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"mplibwiz.inf" = Media Library Management Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNMS" = MSN Internet Software
"PS2" = PS2
"Qumana" = Qumana
"RocketLife" = RocketLife
"roguescanfix_setup_is1" = roguescanfix 1.5
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"Service Dmtool 3.12.6 [MC]" = Service Dmtool 3.12.6 [MC]
"Shockwave" = Shockwave
"SpamSubtract" = SpamSubtract
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4 RC
"Tweak UI 2.10" = Tweak UI
"Ulead ArtTexture.Plugin 1.0" = Ulead ArtTexture.Plugin 1.0
"Ulead Particle.Plugin 1.0" = Ulead Particle.Plugin 1.0
"UWCSuite2002_is1" = Ultra WinCleaner Utility Suite 2002
"ViewpointMediaPlayer" = Viewpoint Media Player
"wa2wmp" = Windows Media Player Skin Importer
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WhiteCap" = WhiteCap
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Auto Tuneup Basic v2.1.2_is1" = XP Auto Tuneup Basic v2.1.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2814573802-1274401865-2401023706-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/9/2008 1:32:30 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Standard Edition 2003 -- Error 25090. Office
Setup encountered a problem with the Office Source Engine, system error: -2147023838.
Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look
for "Office Source Engine" for information on how to resolve this problem.

Error - 10/24/2008 3:33:42 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = ASP.NET 1.0.3705.6060 | ID = 1031
Description =

Error - 11/24/2008 5:56:47 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 7/21/2009 5:17:47 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = LiveUpdate | ID = 2752568
Description = 6002: LiveUpdate failed because the LiveUpdate package could not be
uncompressed. Make sure your disk is not full and run LiveUpdate again.

Error - 7/23/2009 10:59:47 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = LiveUpdate | ID = 2752568
Description = 6002: LiveUpdate failed because the LiveUpdate package could not be
uncompressed. Make sure your disk is not full and run LiveUpdate again.

Error - 7/25/2009 12:38:30 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = LiveUpdate | ID = 2752568
Description = 6002: LiveUpdate failed because the LiveUpdate package could not be
uncompressed. Make sure your disk is not full and run LiveUpdate again.

Error - 7/25/2009 12:38:33 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = LiveUpdate | ID = 2752568
Description = 6002: LiveUpdate failed because the LiveUpdate package could not be
uncompressed. Make sure your disk is not full and run LiveUpdate again.

Error - 7/25/2009 12:38:38 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = LiveUpdate | ID = 2752568
Description = 6002: LiveUpdate failed because the LiveUpdate package could not be
uncompressed. Make sure your disk is not full and run LiveUpdate again.

Error - 8/2/2009 5:04:19 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Google Update | ID = 20
Description =

Error - 8/2/2009 6:04:10 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 8/13/2009 11:37:35 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 8/13/2009 11:39:52 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/13/2009 11:42:43 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/13/2009 11:43:22 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/13/2009 11:47:24 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/13/2009 11:53:13 PM | Computer Name = YOUR-SZ6X6SEFXO | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/14/2009 12:06:33 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 8/14/2009 12:42:58 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 8/14/2009 12:43:02 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
agp440 fasttx2k nv_agp PCIIde SISAGP viaagp1

Error - 8/14/2009 10:08:05 AM | Computer Name = YOUR-SZ6X6SEFXO | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:34 AM

Posted 14 August 2009 - 04:03 PM

You forgot to post the log from Malwarebytes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 sandyjames

sandyjames
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 15 August 2009 - 09:59 AM

:thumbup2: Sorry. Here it is.
Malwarebytes' Anti-Malware 1.40
Database version: 2618
Windows 5.1.2600 Service Pack 3

8/13/2009 11:35:19 PM
mbam-log-2009-08-13 (23-34-48).txt

Scan type: Quick Scan
Objects scanned: 89920
Time elapsed: 19 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 19
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dssec32.dll (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\B.tmp (Trojan.Agent) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dc72fa18648 (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007bff (Trojan.Vundo) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: c:\windows\system32\dssec32.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: system32\dssec32.dll -> No action taken.

Folders Infected:
C:\WINDOWS\system32\SystemX86 (Worm.Archive) -> No action taken.

Files Infected:
C:\WINDOWS\system32\dssec32.dll (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\desktop\windows_media_update.exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\6.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\8.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\E.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\SystemX86\253.crack.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SystemX86\253.crack.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SystemX86\254.keygen.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SystemX86\254.keygen.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SystemX86\255.serial.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SystemX86\255.serial.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SystemX86\256.setup.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SystemX86\256.setup.zip.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SystemX86\257.music.au (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SystemX86\257.music.au.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SystemX86\258.music2.au (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SystemX86\258.music2.au.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SystemX86\259.music3.au (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SystemX86\259.music3.au.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SystemX86\260.music.snd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SystemX86\260.music.snd.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:34 AM

Posted 15 August 2009 - 02:38 PM

The log there shows "No action taken" with on everything that was detected. I just want to confirm that you had Malwarebytes remove everything it found.


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

=================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:34 AM

Posted 05 September 2009 - 10:22 AM

Unfortunately there has been no response. :thumbup2:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users