Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojans


  • This topic is locked This topic is locked
9 replies to this topic

#1 GlutenFree

GlutenFree

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 29 October 2009 - 02:41 PM

AVG has quarantined dozens of trojans to no avail. Thanks for the help.




DDS (Ver_09-10-26.01) - NTFSx86
Run by EPFX at 14:01:34.81 on Thu 10/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.281 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\EPFX\Start Menu\Programs\Startup\lightSourceTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Scan Genius\ScanGenius.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\EPFX\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.thequantumcenter.com/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mWinlogon: Shell=Explorer.exe logon.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {caef0277-e6af-4c9b-b697-2a6a1035c600} - dataheme.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O5 "LPT1:" /M "Stylus CX3800"
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [fefukihaza] Rundll32.exe "wijahupu.dll",s
mRun: [warukarur] Rundll32.exe "c:\windows\system32\nupanogo.dll",a
StartupFolder: c:\docume~1\epfx\startm~1\programs\startup\epsona~1.lnk - d:\titles\ereg\EPSONREG.EXE
StartupFolder: c:\documents and settings\epfx\start menu\programs\startup\lightSourceTray.exe
StartupFolder: c:\docume~1\epfx\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - hxxp://na.inquiero.com/inquiero/mod/setup/ntractivex118_28.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: IfxWlxEN - IfxWlxEN.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
AppInit_DLLs: c:\windows\system32\nupanogo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: gekigalag - {51ccdc3e-cd8a-4467-b243-36f2324cf13a} - c:\windows\system32\rojayefi.dll
SSODL: dusuvomin - {2312f681-c5e5-46c9-9e22-399dadba5142} - c:\windows\system32\nupanogo.dll
STS: mujuzedij: {51ccdc3e-cd8a-4467-b243-36f2324cf13a} - c:\windows\system32\rojayefi.dll
STS: kupuhivus: {2312f681-c5e5-46c9-9e22-399dadba5142} - c:\windows\system32\nupanogo.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\epfx\applic~1\mozilla\firefox\profiles\6tcjn0u8.default\
FF - component: c:\documents and settings\epfx\application data\mozilla\firefox\profiles\6tcjn0u8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-25 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-25 360584]
R1 CPEb;CPEB;c:\windows\system32\drivers\CPEb.sys [2006-2-23 8192]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-24 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-24 285392]
R2 Smart Watchdog;Smart Watchdog Service;c:\program files\compal electronics, inc\smart watchdog\SWDsvc.exe [2006-6-27 114688]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-1-29 36352]
R3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [2007-1-29 27904]
S3 CamFilter;CamFilter;c:\windows\system32\drivers\CamFilter.sys [2007-1-29 16640]

=============== Created Last 30 ================

2009-10-29 15:05:30 0 d-----w- c:\program files\InCode Solutions
2009-10-24 22:00:58 0 d--h--w- C:\$AVG
2009-10-24 21:58:45 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-14 00:52:46 206144 ----a-w- c:\windows\system32\ftd2xx.dll
2009-10-14 00:52:46 120136 ----a-w- c:\windows\system32\ftbusui.dll
2009-10-14 00:50:10 90112 ----a-w- c:\windows\unvise32.exe
2009-10-14 00:41:13 0 d-----w- c:\program files\SmokeAttack
2009-10-14 00:36:54 0 d-----w- C:\home
2009-10-14 00:36:31 0 d-----w- C:\Disease
2009-10-14 00:30:59 307200 ----a-w- c:\windows\system32\CFX32.OCX
2009-10-14 00:27:50 0 d-----w- c:\program files\common files\Borland Shared
2009-10-14 00:27:50 0 d-----w- C:\Clasp32
2009-10-14 00:23:54 0 d-sh--w- C:\qcsafetynet
2009-10-14 00:23:54 0 d-sh--w- C:\qcbackup
2009-10-14 00:23:46 0 d-----w- c:\program files\QC-Tools

==================== Find3M ====================

2009-10-28 18:25:48 143494 ----a-w- c:\windows\hpoins16.dat
2009-10-26 15:47:01 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-24 22:00:20 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-24 21:59:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 14:02:18.32 ===============




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/29 14:17
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF76B7000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7648000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF7AB3000 Size: 11648 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF3C77000 Size: 138496 File Visible: - Signed: -
Status: -

Name: AGRSM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AGRSM.sys
Address: 0xF3F2D000 Size: 1161888 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xF77B7000 Size: 60800 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF75E2000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ATSwpDrv.sys
Image Path: C:\WINDOWS\System32\Drivers\ATSwpDrv.sys
Address: 0xF2B48000 Size: 116512 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7D6F000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xF3AEC000 Size: 326528 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xF7A47000 Size: 21760 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xF3CE7000 Size: 353920 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF7AAF000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7BD3000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7AA7000 Size: 12288 File Visible: - Signed: -
Status: -

Name: btkrnl.sys
Image Path: C:\WINDOWS\system32\DRIVERS\btkrnl.sys
Address: 0xF65F1000 Size: 834432 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF6599000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF78D7000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF76F7000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF7407000 Size: 13952 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF7AAB000 Size: 10240 File Visible: - Signed: -
Status: -

Name: CPEb.sys
Image Path: C:\WINDOWS\system32\drivers\CPEb.sys
Address: 0xF7BBB000 Size: 8192 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF76E7000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7757000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2B08000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7C01000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF64BB000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7D59000 Size: 4096 File Visible: - Signed: -
Status: -

Name: EMS7SK.sys
Image Path: C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
Address: 0xF7897000 Size: 61056 File Visible: - Signed: -
Status: -

Name: ESD7SK.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
Address: 0xF78A7000 Size: 37888 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF77D7000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF75C2000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7BD1000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF75FA000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806FF000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF688E000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF7A27000 Size: 28672 File Visible: - Signed: -
Status: -

Name: HPZid412.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Address: 0xB6A69000 Size: 49920 File Visible: - Signed: -
Status: -

Name: HPZipr12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Address: 0xB9D05000 Size: 16224 File Visible: - Signed: -
Status: -

Name: HPZius12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Address: 0xF7A8F000 Size: 21568 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB8D58000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF78B7000 Size: 52480 File Visible: - Signed: -
Status: -

Name: IFXTPM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
Address: 0xF78F7000 Size: 36352 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF78C7000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF7877000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xF3CC1000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xF3D97000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7697000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF79AF000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7B97000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xAE148000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF66BD000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7599000 Size: 92928 File Visible: - Signed: -
Status: -

Name: Ktp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Ktp.sys
Address: 0xF79B7000 Size: 27904 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7BD5000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF79EF000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF79BF000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF76C7000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xBA1C3000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xF3BDC000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7A37000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7727000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF73F3000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF744B000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF74DF000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF73FF000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xBACEC000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF65DA000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7747000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF77C7000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xF3C99000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xF7887000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7A3F000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF750C000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7C84000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF9D5000 Size: 3960832 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xF68CA000 Size: 3640608 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF76A7000 Size: 61696 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7C60000 Size: 4096 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF791F000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7637000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7C5F000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7917000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF7619000 Size: 120192 File Visible: - Signed: -
Status: -

Name: pfc.sys
Image Path: C:\WINDOWS\system32\drivers\pfc.sys
Address: 0xF79C7000 Size: 21248 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF4049000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF65C9000 Size: 69120 File Visible: - Signed: -
Status: -

Name: psd.sys
Image Path: C:\WINDOWS\System32\drivers\psd.sys
Address: 0xF7A17000 Size: 31104 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF79D7000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7B7B000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF7907000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7707000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7717000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF79DF000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xF3C4C000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7BD7000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF78E7000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9B91000 Size: 49152 File Visible: No Signed: -
Status: -

Name: Rtenicxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
Address: 0xF6718000 Size: 96896 File Visible: - Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xF406D000 Size: 4415488 File Visible: - Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sdbus.sys
Address: 0xF66E0000 Size: 79232 File Visible: - Signed: -
Status: -

Name: snapman.sys
Image Path: snapman.sys
Address: 0xF7465000 Size: 107104 File Visible: - Signed: -
Status: -

Name: SNCAMD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\SNCAMD.SYS
Address: 0xF7A67000 Size: 28672 File Visible: - Signed: -
Status: -

Name: snp2sxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
Address: 0xF2C33000 Size: 11985280 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF75B0000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB9F41000 Size: 333952 File Visible: - Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xF77E7000 Size: 53248 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7BB9000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xBAD58000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xF3D3E000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF79CF000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7737000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tifsfilt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
Address: 0xF2BAB000 Size: 32320 File Visible: - Signed: -
Status: -

Name: timntr.sys
Image Path: timntr.sys
Address: 0xF7480000 Size: 388800 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF64CB000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF7967000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7BC9000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF79A7000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7787000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF66F4000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xF7A97000 Size: 25856 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF2BD3000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF799F000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7A2F000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF68B6000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF76D7000 Size: 52352 File Visible: - Signed: -
Status: -

Name: w39n51.sys
Image Path: C:\WINDOWS\system32\DRIVERS\w39n51.sys
Address: 0xF6730000 Size: 1429632 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF77A7000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF2BDB000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB9A54000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7B99000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 PM

Posted 29 October 2009 - 05:41 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

==========

RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen with briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

With your next post please provide:

* Combofix.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 GlutenFree

GlutenFree
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 30 October 2009 - 12:57 PM

ComboFix 09-10-28.08 - EPFX 10/30/2009 12:28.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.350 [GMT -5:00]
Running from: c:\documents and settings\EPFX\My Documents\Downloads\thcbytes.exe.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\dataheme.dll
c:\windows\system32\govegomu.dll
c:\windows\system32\razifazi.dll
c:\windows\system32\wijahupu.dll
c:\windows\Tasks\qqefomco.job

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-30 17:07 . 2009-10-30 17:07 -------- d--h--w- c:\windows\PIF
2009-10-29 15:05 . 2009-10-29 15:05 -------- d-----w- c:\program files\InCode Solutions
2009-10-28 18:44 . 2009-10-28 18:44 -------- d-----w- c:\documents and settings\EPFX\Local Settings\Application Data\Google
2009-10-24 22:00 . 2009-10-24 22:11 -------- d-----w- C:\$AVG
2009-10-24 21:58 . 2009-10-26 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-14 00:53 . 2009-10-14 00:53 -------- d-----w- c:\program files\DIFX
2009-10-14 00:52 . 2009-02-17 10:23 206144 ----a-w- c:\windows\system32\ftd2xx.dll
2009-10-14 00:52 . 2009-02-17 10:22 120136 ----a-w- c:\windows\system32\ftbusui.dll
2009-10-14 00:50 . 2003-03-16 03:15 90112 ----a-w- c:\windows\unvise32.exe
2009-10-14 00:41 . 2009-10-14 00:41 -------- d-----w- c:\program files\SmokeAttack
2009-10-14 00:36 . 2009-10-14 00:36 -------- d-----w- C:\home
2009-10-14 00:36 . 2009-10-14 00:36 -------- d-----w- C:\Disease
2009-10-14 00:27 . 2009-10-14 00:50 -------- d-----w- C:\Clasp32
2009-10-14 00:27 . 2009-10-14 00:27 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-10-14 00:23 . 2009-10-14 00:24 -------- d-----w- C:\qcsafetynet
2009-10-14 00:23 . 2009-10-14 00:24 -------- d-----w- C:\qcbackup
2009-10-14 00:23 . 2009-10-14 00:23 -------- d-----w- c:\program files\QC-Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 19:34 . 2008-08-08 14:47 -------- d-----w- c:\program files\Palm
2009-10-29 15:23 . 2009-07-01 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-28 18:25 . 2008-07-07 21:23 143494 ----a-w- c:\windows\hpoins16.dat
2009-10-26 20:39 . 2007-07-06 19:44 -------- d-----w- c:\documents and settings\EPFX\Application Data\OpenOffice.org2
2009-10-26 15:47 . 2008-06-25 05:12 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-24 22:00 . 2008-06-25 05:12 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-24 22:00 . 2008-06-25 05:12 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-24 21:59 . 2008-06-25 05:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-24 21:58 . 2008-06-25 05:11 -------- d-----w- c:\program files\AVG
2009-10-16 22:53 . 2009-04-27 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-14 00:49 . 2007-01-29 19:40 -------- d-----w- c:\program files\DivX
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 21:05 . 2007-01-29 18:55 71592 -c--a-w- c:\documents and settings\EPFX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 08:08 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2006-02-28 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-18 17:27 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-08 7405568]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-26 2010904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-04-19 17:08 49152 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-24 21:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2005-11-29 08:43 393216 ----a-w- c:\windows\system32\IfxWlxEN.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^EPFX^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\EPFX\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/25/2008 12:12 AM 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/25/2008 12:12 AM 360584]
R1 CPEb;CPEB;c:\windows\system32\drivers\CPEb.sys [2/23/2006 6:21 PM 8192]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [11/29/2005 4:50 AM 36768]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [10/24/2009 4:58 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/24/2009 4:58 PM 285392]
R2 Smart Watchdog;Smart Watchdog Service;c:\program files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe [6/27/2006 11:49 AM 114688]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/29/2007 1:59 PM 36352]
R3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [1/29/2007 1:45 PM 27904]
S3 CamFilter;CamFilter;c:\windows\system32\drivers\CamFilter.sys [1/29/2007 2:07 PM 16640]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thequantumcenter.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\EPFX\Application Data\Mozilla\Firefox\Profiles\6tcjn0u8.default\
FF - component: c:\documents and settings\EPFX\Application Data\Mozilla\Firefox\Profiles\6tcjn0u8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{caef0277-e6af-4c9b-b697-2a6a1035c600} - dataheme.dll
HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
HKLM-Run-warukarur - c:\windows\system32\govegomu.dll
HKLM-Run-fefukihaza - wijahupu.dll
SharedTaskScheduler-{51ccdc3e-cd8a-4467-b243-36f2324cf13a} - c:\windows\system32\rojayefi.dll
SharedTaskScheduler-{9a39096d-9980-4b08-9c7d-2c86fce918bf} - c:\windows\system32\govegomu.dll
SSODL-gekigalag-{51ccdc3e-cd8a-4467-b243-36f2324cf13a} - c:\windows\system32\rojayefi.dll
SSODL-fisupiyaf-{9a39096d-9980-4b08-9c7d-2c86fce918bf} - c:\windows\system32\govegomu.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 12:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\wuapi.dll.mui.wusetup.219515.bak 23576 bytes executable
c:\windows\system32\wuapi.dll.wusetup.218421.bak 561688 bytes executable
c:\windows\system32\wuauclt.exe.wusetup.219593.new 53472 bytes executable
c:\windows\system32\wuauclt.exe.wusetup.219656.bak 51224 bytes executable
c:\windows\system32\cdm.dll.wusetup.211390.bak 92696 bytes executable

scan completed successfully
hidden files: 5

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\program files\Softex\OmniPass\opxpgina.dll
c:\windows\system32\IfxWlxEN.dll

- - - - - - - > 'lsass.exe'(1012)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(1552)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Softex\OmniPass\Omniserv.exe
c:\program files\Infineon\Security Platform Software\PSDsrvc.EXE
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\EPFX\Start Menu\Programs\Startup\lightSourceTray.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2009-10-30 12:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-30 17:47

Pre-Run: 40,056,782,848 bytes free
Post-Run: 40,032,317,440 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /noguiboot

- - End Of File - - 97E30A7B140AD1BC6CC52B566A8CA9C6

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 PM

Posted 30 October 2009 - 02:57 PM

Hello again,

Let's continue.........

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\windows\unvise32.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal

==========

Are these folders familiar to you?

c:\program files\SmokeAttack
C:\home
C:\Disease
C:\Clasp32
c:\program files\Common Files\Borland Shared
C:\qcsafetynet
C:\qcbackup
c:\program files\QC-Tools

==========

Perform an online scan with Kaspersky WebScanner. This can take a long time so please be patient.

If you have troubles getting it to run.... - STOP - and tell me about it!

(Requires free Java Runtime Environment (JRE) be installed before scanning for malware as ActiveX is no longer being used.)
  • Click on the Posted Image ...button.
  • The program will launch and fill in the Information section ... on the left.
  • Read the "Requirements and Limitations" then press... the Posted Image ...button.
  • The program will begin downloading the latest program and definition files.
    It takes a while... please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image ...button, if you made any changes.
  • Now under the Scan section on the left:Select My Computer
  • The program will start and scan your system. This will run for a while, be patient... let it run.
    Once the scan is complete, it will display if your system has been infected.
  • Save the scan results as a Text file ... save it to your desktop.
  • Copy and paste the saved scan results file in your next reply.
Posted Image

==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

With your next post please provide:

* Upload results
* Answer to question
* Kaspersky results
* OTL.txt
* OTL Extra.txt
* How is your computer running?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 GlutenFree

GlutenFree
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 30 October 2009 - 06:26 PM

Scanners
[ArcaVir]
2009-10-30 Found nothing
[G DATA]
2009-10-30 Found nothing
[A-Squared]
2009-10-30 Found nothing
[Ikarus]
2009-10-30 Found nothing
[Avast! antivirus]
2009-10-30 Found nothing
[Kaspersky Anti-Virus]
2009-10-30 Found nothing
[Grisoft AVG Anti-Virus]
2009-10-30 Found nothing
[ESET NOD32]
2009-10-30 Found nothing
[Avira AntiVir]
2009-10-30 Found nothing
[Norman Virus Control]
2009-10-30 Found nothing
[Softwin BitDefender]
2009-10-30 Found nothing
[Panda Antivirus]
2009-10-30 Found nothing
[ClamAV]
2009-10-30 Found nothing
[Quick Heal]
2009-10-30 Found nothing
[CPsecure]
2009-10-30 Found nothing
[Sophos]
2009-10-30 Found nothing
[Dr.Web]
2009-10-30 Found nothing
[VirusBlokAda VBA32]
2009-10-28 Found nothing
[Frisk F-Prot Antivirus]
2009-10-30 Found nothing
[VirusBuster]
2009-10-30 Found nothing
[F-Secure Anti-Virus]
2009-10-30 Found nothing


All of the folders are associated with the Clasp32 program, which was updated on October 13. The only folder I am not familiar with is:
c:\program files\Common Files\Borland Shared, but since it was created on October 13, I would assume it is associated with the Clasp32 program as well.




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, October 30, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, October 30, 2009 19:10:42
Records in database: 3105130
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 50086
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:11:58

No threats found. Scanned area is clean.

Selected area has been scanned.


OTL logfile created on: 10/30/2009 6:09:18 PM - Run 1
OTL by OldTimer - Version 3.1.1.4 Folder = C:\Documents and Settings\EPFX\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.92 Mb Total Physical Memory | 633.01 Mb Available Physical Memory | 61.94% Memory free
2.40 Gb Paging File | 1.53 Gb Available in Paging File | 63.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 37.08 Gb Free Space | 66.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIM1
Current User Name: EPFX
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/30 18:08:55 | 00,526,336 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\EPFX\My Documents\Downloads\OTL.exe
PRC - [2009/10/30 16:00:12 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\EPFX\Local Settings\Temp\jkos-EPFX\binaries\ScanningProcess.exe
PRC - [2009/10/30 16:00:12 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\EPFX\Local Settings\Temp\jkos-EPFX\binaries\ScanningProcess.exe
PRC - [2009/10/30 15:58:31 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/30 15:58:30 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/10/29 13:13:24 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/26 10:47:02 | 02,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/10/24 16:59:05 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/24 16:59:05 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/10/24 16:59:05 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/24 16:59:03 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/24 16:59:03 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/24 16:58:50 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/10/24 16:58:47 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/10/25 08:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/03 18:28:08 | 01,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2007/03/11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007/03/11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/10/16 21:13:28 | 00,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/10/05 16:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/06/27 11:49:02 | 00,114,688 | ---- | M] () -- C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
PRC - [2006/04/24 22:55:36 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/04/19 12:10:16 | 00,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2006/02/08 16:06:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/12/07 01:56:38 | 00,593,920 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
PRC - [2005/11/29 04:53:32 | 00,507,904 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IFXSPMGT.exe
PRC - [2005/11/29 04:51:04 | 00,099,872 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
PRC - [2005/11/29 04:51:02 | 00,136,736 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
PRC - [2005/11/29 03:39:40 | 00,737,280 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IFXTCS.exe
PRC - [2002/10/14 15:49:30 | 00,624,640 | ---- | M] () -- C:\Documents and Settings\EPFX\Start Menu\Programs\Startup\lightSourceTray.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/10/30 15:58:31 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
SRV - [2009/10/24 16:58:50 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
SRV - [2009/10/24 16:58:47 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
SRV - [2007/06/04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
SRV - [2007/06/04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
SRV - [2006/10/16 21:13:28 | 00,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
SRV - [2006/10/05 16:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
SRV - [2006/07/29 19:34:38 | 00,117,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.dll
SRV - [2006/06/27 11:49:02 | 00,114,688 | ---- | M] () -- C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
SRV - [2006/04/24 22:55:36 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SRV - [2006/04/19 12:10:16 | 00,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
SRV - [2006/02/08 16:06:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
SRV - [2005/11/29 04:53:32 | 00,507,904 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IFXSPMGT.exe
SRV - [2005/11/29 04:51:04 | 00,099,872 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
SRV - [2005/11/29 03:39:40 | 00,737,280 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IFXTCS.exe
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


========== Driver Services (SafeList) ==========

DRV - File not found --
DRV - [2009/10/26 10:47:01 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys
DRV - [2009/10/24 17:00:20 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys
DRV - [2009/10/24 17:00:20 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys
DRV - [2009/02/17 07:19:00 | 00,057,672 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftdibus.sys
DRV - [2009/02/17 07:17:00 | 00,072,520 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftser2k.sys
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
DRV - [2007/12/04 17:10:30 | 00,016,640 | R--- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
DRV - [2007/05/31 06:19:24 | 00,096,896 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys
DRV - [2007/03/07 23:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys
DRV - [2007/03/07 23:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys
DRV - [2007/03/07 23:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys
DRV - [2007/01/29 14:50:35 | 00,395,744 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\timntr.sys
DRV - [2007/01/29 14:50:35 | 00,039,264 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tifsfilt.sys
DRV - [2007/01/29 14:50:15 | 00,114,048 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\snapman.sys
DRV - [2007/01/29 14:07:09 | 00,016,640 | ---- | M] (Compal Inc.) -- C:\WINDOWS\system32\drivers\CamFilter.sys
DRV - [2006/11/28 19:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys
DRV - [2006/08/04 07:30:12 | 11,985,280 | ---- | M] () -- C:\WINDOWS\system32\drivers\snp2sxp.sys
DRV - [2006/04/24 22:41:16 | 00,851,402 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys
DRV - [2006/04/24 22:39:08 | 00,030,427 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btport.sys
DRV - [2006/04/24 22:38:30 | 00,065,848 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys
DRV - [2006/04/17 18:31:00 | 04,262,912 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
DRV - [2006/04/03 22:17:24 | 01,429,632 | R--- | M] (IntelŽ Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys
DRV - [2006/03/23 11:59:00 | 00,061,056 | R--- | M] (ENE Technology Inc.) -- C:\WINDOWS\system32\drivers\EMS7SK.sys
DRV - [2006/03/23 11:59:00 | 00,037,888 | R--- | M] (ENE Technology Inc.) -- C:\WINDOWS\system32\drivers\ESD7SK.sys
DRV - [2006/03/17 12:03:32 | 00,027,904 | R--- | M] (ELANTECH Devices Corp.) -- C:\WINDOWS\system32\drivers\Ktp.sys
DRV - [2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys
DRV - [2006/02/23 18:21:14 | 00,008,192 | ---- | M] (Compal) -- C:\WINDOWS\system32\drivers\CPEb.sys
DRV - [2006/02/08 16:06:00 | 03,640,608 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
DRV - [2005/11/29 04:50:58 | 00,036,768 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\System32\drivers\psd.sys
DRV - [2005/10/20 21:19:34 | 00,036,352 | R--- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\drivers\ifxtpm.sys
DRV - [2005/03/29 18:02:22 | 00,116,594 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys
DRV - [2003/09/19 15:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys


========== Modules (SafeList) ==========

MOD - [2009/10/30 18:08:55 | 00,526,336 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\EPFX\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 05:42:52 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:12:07 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.thequantumcenter.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696
FF - prefs.js..extensions.enabledItems: avg@igeared:2.709.018.001
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20091007W
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/10/26 11:04:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/10/24 16:59:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/30 15:58:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 13:13:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/30 15:58:43 | 00,000,000 | ---D | M]

C:\Documents and Settings\EPFX\Application Data\Mozilla\Extensions -> [2008/08/30 16:39:10 | 00,000,000 | ---D | M] --
C:\Documents and Settings\EPFX\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/08/30 16:39:10 | 00,000,000 | ---D | M] --
C:\Documents and Settings\EPFX\Application Data\Mozilla\Firefox\Profiles\6tcjn0u8.default\extensions -> [2009/10/30 15:59:30 | 00,000,000 | ---D | M] --
C:\Documents and Settings\EPFX\Application Data\Mozilla\Firefox\Profiles\6tcjn0u8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/08/25 10:01:33 | 00,000,000 | ---D | M] --
C:\Documents and Settings\EPFX\Application Data\Mozilla\Firefox\Profiles\6tcjn0u8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2009/10/28 13:44:31 | 00,000,000 | ---D | M] --
C:\Program Files\Mozilla Firefox\extensions -> [2009/10/30 15:59:30 | 00,000,000 | ---D | M] --
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/10/29 13:13:32 | 00,000,000 | ---D | M] --
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -> [2009/10/30 15:58:45 | 00,000,000 | ---D | M] --
[2009/10/29 13:13:23 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 13:13:24 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/30 15:58:31 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/10/29 13:13:28 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/08/25 10:01:13 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/25 10:01:13 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/24 17:14:04 | 00,002,273 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/08/25 10:01:13 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/25 10:01:13 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/25 10:01:13 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/25 10:01:13 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/25 10:01:13 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\EPFX\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = D:\Titles\Ereg\EPSONREG.EXE File not found
O4 - Startup: C:\Documents and Settings\EPFX\Start Menu\Programs\Startup\lightSourceTray.exe ()
O4 - Startup: C:\Documents and Settings\EPFX\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} http://na.inquiero.com/inquiero/mod/setup/...tivex118_28.cab (NTR ActiveX 1.1.8)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.171.3.65 205.171.2.65
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/29 13:07:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/30 15:59:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/10/30 15:58:43 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/30 15:58:43 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/30 15:58:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/30 15:58:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/30 15:58:43 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/30 15:58:27 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/10/30 15:57:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\EPFX\Application Data\Sun
[2009/10/30 12:47:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/30 12:37:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/30 12:26:44 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/30 12:24:54 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/30 12:24:54 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/30 12:24:54 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/30 12:24:54 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/30 12:24:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/30 12:13:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/30 12:07:26 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/10/29 10:05:30 | 00,000,000 | ---D | C] -- C:\Program Files\InCode Solutions
[2009/10/28 13:44:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\EPFX\Local Settings\Application Data\Google
[2009/10/28 13:44:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/10/24 17:00:58 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/10/24 16:58:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/13 19:53:03 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/10/13 19:52:46 | 00,206,144 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\ftd2xx.dll
[2009/10/13 19:52:46 | 00,120,136 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\ftbusui.dll
[2009/10/13 19:50:10 | 00,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2009/10/13 19:41:13 | 00,000,000 | ---D | C] -- C:\Program Files\SmokeAttack
[2009/10/13 19:37:37 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVFTSUI2.DLL
[2009/10/13 19:37:37 | 00,138,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVBMP2.DLL
[2009/10/13 19:37:37 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVMCI2.DLL
[2009/10/13 19:37:37 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVSRCH2.DLL
[2009/10/13 19:37:37 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVFS2.DLL
[2009/10/13 19:37:37 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVTITLE2.DLL
[2009/10/13 19:37:37 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVBRKR2.DLL
[2009/10/13 19:37:37 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVAPI2.DLL
[2009/10/13 19:36:54 | 00,000,000 | ---D | C] -- C:\home
[2009/10/13 19:36:31 | 00,000,000 | ---D | C] -- C:\Disease
[2009/10/13 19:30:59 | 00,307,200 | ---- | C] (Software FX, Inc.) -- C:\WINDOWS\System32\CFX32.OCX
[2009/10/13 19:27:50 | 00,000,000 | ---D | C] -- C:\Clasp32
[2009/10/13 19:27:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2009/10/13 19:23:54 | 00,000,000 | ---D | C] -- C:\qcsafetynet
[2009/10/13 19:23:54 | 00,000,000 | ---D | C] -- C:\qcbackup
[2009/10/13 19:23:46 | 00,000,000 | ---D | C] -- C:\Program Files\QC-Tools
[2007/01/29 13:49:55 | 00,122,880 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll
[2007/01/29 13:49:55 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/10/30 15:58:30 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/30 15:58:30 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/30 15:58:30 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/30 15:58:30 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/30 15:58:30 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/30 12:36:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/30 12:35:49 | 00,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/30 12:35:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/30 12:35:35 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/30 12:35:25 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/30 12:35:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/30 12:35:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/30 12:33:08 | 03,407,872 | -H-- | M] () -- C:\Documents and Settings\EPFX\NTUSER.DAT
[2009/10/30 12:33:08 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\EPFX\ntuser.ini
[2009/10/30 12:31:28 | 00,004,100 | -H-- | M] () -- C:\WINDOWS\System32\kehireso
[2009/10/30 12:26:53 | 00,000,292 | RHS- | M] () -- C:\boot.ini
[2009/10/30 12:02:13 | 44,476,289 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/30 12:01:30 | 00,067,810 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/29 10:05:38 | 00,001,735 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\RemoveIT Pro v4 - SE.lnk
[2009/10/28 13:25:48 | 00,143,494 | ---- | M] () -- C:\WINDOWS\hpoins16.dat
[2009/10/27 16:10:00 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/10/27 15:56:18 | 00,000,199 | ---- | M] () -- C:\Documents and Settings\EPFX\Application Data\clasp32.ini
[2009/10/26 16:38:02 | 00,015,021 | ---- | M] () -- C:\Documents and Settings\EPFX\My Documents\Diet.ods
[2009/10/26 10:47:01 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/24 17:00:20 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/24 17:00:20 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/24 16:59:38 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/24 16:59:37 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/24 16:58:49 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/16 17:59:47 | 00,506,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/16 17:59:47 | 00,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/16 17:59:47 | 00,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/16 17:56:20 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/13 20:05:48 | 42,343,574 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\Clasp32-New-Panel-Names.pdf
[2009/10/13 19:50:10 | 00,001,683 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\DivX Player.lnk
[2009/10/13 19:50:10 | 00,001,321 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\DivX Movies.lnk
[2009/10/13 19:41:18 | 00,000,718 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\Smoke Attack.lnk
[2009/10/13 19:40:49 | 00,000,652 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\antismoking.lnk
[2009/10/13 19:36:40 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Disease Lexicon.lnk
[2009/10/13 19:32:44 | 00,000,606 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\Clasp32 2009.lnk
[2009/10/13 19:23:47 | 00,000,827 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\QC-Backup.lnk
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/01 10:44:45 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/30 12:26:53 | 00,000,221 | ---- | C] () -- C:\Boot.bak
[2009/10/30 12:26:46 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/30 12:24:54 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/30 12:24:54 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/30 12:24:54 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/30 12:24:54 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/30 12:24:54 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/29 10:05:38 | 00,001,735 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\RemoveIT Pro v4 - SE.lnk
[2009/10/24 16:59:38 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/13 20:07:51 | 42,343,574 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\Clasp32-New-Panel-Names.pdf
[2009/10/13 19:54:41 | 00,000,199 | ---- | C] () -- C:\Documents and Settings\EPFX\Application Data\clasp32.ini
[2009/10/13 19:51:47 | 53,464,828 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\Practitioner Handbook.exe
[2009/10/13 19:50:10 | 00,001,683 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\DivX Player.lnk
[2009/10/13 19:50:10 | 00,001,321 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\DivX Movies.lnk
[2009/10/13 19:41:18 | 00,000,718 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\Smoke Attack.lnk
[2009/10/13 19:40:49 | 00,000,652 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\antismoking.lnk
[2009/10/13 19:37:37 | 00,067,440 | ---- | C] () -- C:\WINDOWS\System32\MSINSSTF.DLL
[2009/10/13 19:37:37 | 00,057,170 | ---- | C] () -- C:\WINDOWS\System32\SETUPAPI.INC
[2009/10/13 19:37:37 | 00,025,232 | ---- | C] () -- C:\WINDOWS\System32\MSDETSTF.DLL
[2009/10/13 19:37:37 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\MSCUISTF.DLL
[2009/10/13 19:37:37 | 00,014,416 | ---- | C] () -- C:\WINDOWS\System32\MSSHLSTF.DLL
[2009/10/13 19:37:37 | 00,006,384 | ---- | C] () -- C:\WINDOWS\System32\MSUILSTF.DLL
[2009/10/13 19:37:37 | 00,001,357 | ---- | C] () -- C:\WINDOWS\System32\TITLE.INF
[2009/10/13 19:37:37 | 00,000,514 | ---- | C] () -- C:\WINDOWS\System32\SETUP.LST
[2009/10/13 19:37:36 | 00,089,504 | ---- | C] () -- C:\WINDOWS\System32\_MSTEST.EXE
[2009/10/13 19:37:36 | 00,078,064 | ---- | C] () -- C:\WINDOWS\System32\MSCOMSTF.DLL
[2009/10/13 19:37:36 | 00,031,637 | ---- | C] () -- C:\WINDOWS\System32\MMDIB.DLL
[2009/10/13 19:37:36 | 00,000,766 | ---- | C] () -- C:\WINDOWS\System32\CHERBAL.ICO
[2009/10/13 19:37:35 | 00,036,608 | ---- | C] () -- C:\WINDOWS\System32\AMAZING.DLL
[2009/10/13 19:36:40 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Disease Lexicon.lnk
[2009/10/13 19:32:44 | 00,000,606 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\Clasp32 2009.lnk
[2009/10/13 19:23:47 | 00,000,827 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\QC-Backup.lnk
[2009/01/10 11:34:09 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\EPFX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/21 18:54:02 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/09/21 18:49:08 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini
[2007/09/03 10:07:10 | 00,086,584 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/07/13 01:22:25 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\adoics.dll
[2007/01/29 15:30:56 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/01/29 15:09:45 | 00,002,627 | ---- | C] () -- C:\WINDOWS\System32\smport.sys
[2007/01/29 15:07:37 | 00,358,400 | ---- | C] () -- C:\WINDOWS\System32\MultimediaTimer_IF.dll
[2007/01/29 14:55:10 | 00,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2007/01/29 14:52:41 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/29 14:44:46 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/01/29 14:44:46 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/01/29 14:44:46 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/01/29 14:44:46 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/01/29 14:44:46 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/01/29 14:44:46 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/01/29 13:55:16 | 00,071,592 | ---- | C] () -- C:\Documents and Settings\EPFX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/01/29 13:49:56 | 00,024,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2007/01/29 13:49:56 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2007/01/29 13:49:55 | 11,985,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2007/01/29 13:42:15 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/01/29 13:36:14 | 05,360,426 | -H-- | C] () -- C:\Documents and Settings\EPFX\Local Settings\Application Data\IconCache.db
[2007/01/29 13:14:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\EPFX\Application Data\desktop.ini
[2007/01/29 07:52:12 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/24 22:50:56 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/04/04 09:31:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\CPEbLib.dll
[2006/02/28 07:00:00 | 00,000,491 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/02/08 16:06:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/08 16:06:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/08 16:06:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/08 16:06:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/08 16:06:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/08 16:06:00 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
< End of report >

OTL logfile created on: 10/30/2009 6:09:18 PM - Run 1
OTL by OldTimer - Version 3.1.1.4 Folder = C:\Documents and Settings\EPFX\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.92 Mb Total Physical Memory | 633.01 Mb Available Physical Memory | 61.94% Memory free
2.40 Gb Paging File | 1.53 Gb Available in Paging File | 63.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 37.08 Gb Free Space | 66.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIM1
Current User Name: EPFX
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/30 18:08:55 | 00,526,336 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\EPFX\My Documents\Downloads\OTL.exe
PRC - [2009/10/30 16:00:12 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\EPFX\Local Settings\Temp\jkos-EPFX\binaries\ScanningProcess.exe
PRC - [2009/10/30 16:00:12 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\EPFX\Local Settings\Temp\jkos-EPFX\binaries\ScanningProcess.exe
PRC - [2009/10/30 15:58:31 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/30 15:58:30 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/10/29 13:13:24 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/26 10:47:02 | 02,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/10/24 16:59:05 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/24 16:59:05 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/10/24 16:59:05 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/24 16:59:03 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/24 16:59:03 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/24 16:58:50 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/10/24 16:58:47 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/10/25 08:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/03 18:28:08 | 01,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2007/03/11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007/03/11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/10/16 21:13:28 | 00,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/10/05 16:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/06/27 11:49:02 | 00,114,688 | ---- | M] () -- C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
PRC - [2006/04/24 22:55:36 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/04/19 12:10:16 | 00,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2006/02/08 16:06:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/12/07 01:56:38 | 00,593,920 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
PRC - [2005/11/29 04:53:32 | 00,507,904 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IFXSPMGT.exe
PRC - [2005/11/29 04:51:04 | 00,099,872 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
PRC - [2005/11/29 04:51:02 | 00,136,736 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
PRC - [2005/11/29 03:39:40 | 00,737,280 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IFXTCS.exe
PRC - [2002/10/14 15:49:30 | 00,624,640 | ---- | M] () -- C:\Documents and Settings\EPFX\Start Menu\Programs\Startup\lightSourceTray.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/10/30 15:58:31 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
SRV - [2009/10/24 16:58:50 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
SRV - [2009/10/24 16:58:47 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
SRV - [2007/06/04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
SRV - [2007/06/04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
SRV - [2006/10/16 21:13:28 | 00,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
SRV - [2006/10/05 16:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
SRV - [2006/07/29 19:34:38 | 00,117,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.dll
SRV - [2006/06/27 11:49:02 | 00,114,688 | ---- | M] () -- C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
SRV - [2006/04/24 22:55:36 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SRV - [2006/04/19 12:10:16 | 00,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
SRV - [2006/02/08 16:06:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
SRV - [2005/11/29 04:53:32 | 00,507,904 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IFXSPMGT.exe
SRV - [2005/11/29 04:51:04 | 00,099,872 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
SRV - [2005/11/29 03:39:40 | 00,737,280 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IFXTCS.exe
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


========== Driver Services (SafeList) ==========

DRV - File not found --
DRV - [2009/10/26 10:47:01 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys
DRV - [2009/10/24 17:00:20 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys
DRV - [2009/10/24 17:00:20 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys
DRV - [2009/02/17 07:19:00 | 00,057,672 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftdibus.sys
DRV - [2009/02/17 07:17:00 | 00,072,520 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftser2k.sys
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
DRV - [2007/12/04 17:10:30 | 00,016,640 | R--- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
DRV - [2007/05/31 06:19:24 | 00,096,896 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys
DRV - [2007/03/07 23:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys
DRV - [2007/03/07 23:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys
DRV - [2007/03/07 23:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys
DRV - [2007/01/29 14:50:35 | 00,395,744 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\timntr.sys
DRV - [2007/01/29 14:50:35 | 00,039,264 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tifsfilt.sys
DRV - [2007/01/29 14:50:15 | 00,114,048 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\snapman.sys
DRV - [2007/01/29 14:07:09 | 00,016,640 | ---- | M] (Compal Inc.) -- C:\WINDOWS\system32\drivers\CamFilter.sys
DRV - [2006/11/28 19:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys
DRV - [2006/08/04 07:30:12 | 11,985,280 | ---- | M] () -- C:\WINDOWS\system32\drivers\snp2sxp.sys
DRV - [2006/04/24 22:41:16 | 00,851,402 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys
DRV - [2006/04/24 22:39:08 | 00,030,427 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btport.sys
DRV - [2006/04/24 22:38:30 | 00,065,848 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys
DRV - [2006/04/17 18:31:00 | 04,262,912 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
DRV - [2006/04/03 22:17:24 | 01,429,632 | R--- | M] (IntelŽ Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys
DRV - [2006/03/23 11:59:00 | 00,061,056 | R--- | M] (ENE Technology Inc.) -- C:\WINDOWS\system32\drivers\EMS7SK.sys
DRV - [2006/03/23 11:59:00 | 00,037,888 | R--- | M] (ENE Technology Inc.) -- C:\WINDOWS\system32\drivers\ESD7SK.sys
DRV - [2006/03/17 12:03:32 | 00,027,904 | R--- | M] (ELANTECH Devices Corp.) -- C:\WINDOWS\system32\drivers\Ktp.sys
DRV - [2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys
DRV - [2006/02/23 18:21:14 | 00,008,192 | ---- | M] (Compal) -- C:\WINDOWS\system32\drivers\CPEb.sys
DRV - [2006/02/08 16:06:00 | 03,640,608 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
DRV - [2005/11/29 04:50:58 | 00,036,768 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\System32\drivers\psd.sys
DRV - [2005/10/20 21:19:34 | 00,036,352 | R--- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\drivers\ifxtpm.sys
DRV - [2005/03/29 18:02:22 | 00,116,594 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys
DRV - [2003/09/19 15:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys


========== Modules (SafeList) ==========

MOD - [2009/10/30 18:08:55 | 00,526,336 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\EPFX\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 05:42:52 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:12:07 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.thequantumcenter.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696
FF - prefs.js..extensions.enabledItems: avg@igeared:2.709.018.001
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20091007W
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/10/26 11:04:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/10/24 16:59:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/30 15:58:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 13:13:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/30 15:58:43 | 00,000,000 | ---D | M]

C:\Documents and Settings\EPFX\Application Data\Mozilla\Extensions -> [2008/08/30 16:39:10 | 00,000,000 | ---D | M] --
C:\Documents and Settings\EPFX\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/08/30 16:39:10 | 00,000,000 | ---D | M] --
C:\Documents and Settings\EPFX\Application Data\Mozilla\Firefox\Profiles\6tcjn0u8.default\extensions -> [2009/10/30 15:59:30 | 00,000,000 | ---D | M] --
C:\Documents and Settings\EPFX\Application Data\Mozilla\Firefox\Profiles\6tcjn0u8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/08/25 10:01:33 | 00,000,000 | ---D | M] --
C:\Documents and Settings\EPFX\Application Data\Mozilla\Firefox\Profiles\6tcjn0u8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2009/10/28 13:44:31 | 00,000,000 | ---D | M] --
C:\Program Files\Mozilla Firefox\extensions -> [2009/10/30 15:59:30 | 00,000,000 | ---D | M] --
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/10/29 13:13:32 | 00,000,000 | ---D | M] --
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -> [2009/10/30 15:58:45 | 00,000,000 | ---D | M] --
[2009/10/29 13:13:23 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 13:13:24 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/30 15:58:31 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/10/29 13:13:28 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/08/25 10:01:13 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/25 10:01:13 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/24 17:14:04 | 00,002,273 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/08/25 10:01:13 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/25 10:01:13 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/25 10:01:13 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/25 10:01:13 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/25 10:01:13 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\EPFX\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = D:\Titles\Ereg\EPSONREG.EXE File not found
O4 - Startup: C:\Documents and Settings\EPFX\Start Menu\Programs\Startup\lightSourceTray.exe ()
O4 - Startup: C:\Documents and Settings\EPFX\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} http://na.inquiero.com/inquiero/mod/setup/...tivex118_28.cab (NTR ActiveX 1.1.8)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.171.3.65 205.171.2.65
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/29 13:07:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/30 15:59:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/10/30 15:58:43 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/30 15:58:43 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/30 15:58:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/30 15:58:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/30 15:58:43 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/30 15:58:27 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/10/30 15:57:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\EPFX\Application Data\Sun
[2009/10/30 12:47:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/30 12:37:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/30 12:26:44 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/30 12:24:54 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/30 12:24:54 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/30 12:24:54 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/30 12:24:54 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/30 12:24:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/30 12:13:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/30 12:07:26 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/10/29 10:05:30 | 00,000,000 | ---D | C] -- C:\Program Files\InCode Solutions
[2009/10/28 13:44:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\EPFX\Local Settings\Application Data\Google
[2009/10/28 13:44:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/10/24 17:00:58 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/10/24 16:58:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/13 19:53:03 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/10/13 19:52:46 | 00,206,144 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\ftd2xx.dll
[2009/10/13 19:52:46 | 00,120,136 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\ftbusui.dll
[2009/10/13 19:50:10 | 00,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2009/10/13 19:41:13 | 00,000,000 | ---D | C] -- C:\Program Files\SmokeAttack
[2009/10/13 19:37:37 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVFTSUI2.DLL
[2009/10/13 19:37:37 | 00,138,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVBMP2.DLL
[2009/10/13 19:37:37 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVMCI2.DLL
[2009/10/13 19:37:37 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVSRCH2.DLL
[2009/10/13 19:37:37 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVFS2.DLL
[2009/10/13 19:37:37 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVTITLE2.DLL
[2009/10/13 19:37:37 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVBRKR2.DLL
[2009/10/13 19:37:37 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MVAPI2.DLL
[2009/10/13 19:36:54 | 00,000,000 | ---D | C] -- C:\home
[2009/10/13 19:36:31 | 00,000,000 | ---D | C] -- C:\Disease
[2009/10/13 19:30:59 | 00,307,200 | ---- | C] (Software FX, Inc.) -- C:\WINDOWS\System32\CFX32.OCX
[2009/10/13 19:27:50 | 00,000,000 | ---D | C] -- C:\Clasp32
[2009/10/13 19:27:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2009/10/13 19:23:54 | 00,000,000 | ---D | C] -- C:\qcsafetynet
[2009/10/13 19:23:54 | 00,000,000 | ---D | C] -- C:\qcbackup
[2009/10/13 19:23:46 | 00,000,000 | ---D | C] -- C:\Program Files\QC-Tools
[2007/01/29 13:49:55 | 00,122,880 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll
[2007/01/29 13:49:55 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/10/30 15:58:30 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/30 15:58:30 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/30 15:58:30 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/30 15:58:30 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/30 15:58:30 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/30 12:36:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/30 12:35:49 | 00,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/30 12:35:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/30 12:35:35 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/30 12:35:25 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/30 12:35:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/30 12:35:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/30 12:33:08 | 03,407,872 | -H-- | M] () -- C:\Documents and Settings\EPFX\NTUSER.DAT
[2009/10/30 12:33:08 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\EPFX\ntuser.ini
[2009/10/30 12:31:28 | 00,004,100 | -H-- | M] () -- C:\WINDOWS\System32\kehireso
[2009/10/30 12:26:53 | 00,000,292 | RHS- | M] () -- C:\boot.ini
[2009/10/30 12:02:13 | 44,476,289 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/30 12:01:30 | 00,067,810 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/29 10:05:38 | 00,001,735 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\RemoveIT Pro v4 - SE.lnk
[2009/10/28 13:25:48 | 00,143,494 | ---- | M] () -- C:\WINDOWS\hpoins16.dat
[2009/10/27 16:10:00 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/10/27 15:56:18 | 00,000,199 | ---- | M] () -- C:\Documents and Settings\EPFX\Application Data\clasp32.ini
[2009/10/26 16:38:02 | 00,015,021 | ---- | M] () -- C:\Documents and Settings\EPFX\My Documents\Diet.ods
[2009/10/26 10:47:01 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/24 17:00:20 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/24 17:00:20 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/24 16:59:38 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/24 16:59:37 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/24 16:58:49 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/16 17:59:47 | 00,506,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/16 17:59:47 | 00,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/16 17:59:47 | 00,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/16 17:56:20 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/13 20:05:48 | 42,343,574 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\Clasp32-New-Panel-Names.pdf
[2009/10/13 19:50:10 | 00,001,683 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\DivX Player.lnk
[2009/10/13 19:50:10 | 00,001,321 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\DivX Movies.lnk
[2009/10/13 19:41:18 | 00,000,718 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\Smoke Attack.lnk
[2009/10/13 19:40:49 | 00,000,652 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\antismoking.lnk
[2009/10/13 19:36:40 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Disease Lexicon.lnk
[2009/10/13 19:32:44 | 00,000,606 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\Clasp32 2009.lnk
[2009/10/13 19:23:47 | 00,000,827 | ---- | M] () -- C:\Documents and Settings\EPFX\Desktop\QC-Backup.lnk
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/01 10:44:45 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/30 12:26:53 | 00,000,221 | ---- | C] () -- C:\Boot.bak
[2009/10/30 12:26:46 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/30 12:24:54 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/30 12:24:54 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/30 12:24:54 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/30 12:24:54 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/30 12:24:54 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/29 10:05:38 | 00,001,735 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\RemoveIT Pro v4 - SE.lnk
[2009/10/24 16:59:38 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/13 20:07:51 | 42,343,574 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\Clasp32-New-Panel-Names.pdf
[2009/10/13 19:54:41 | 00,000,199 | ---- | C] () -- C:\Documents and Settings\EPFX\Application Data\clasp32.ini
[2009/10/13 19:51:47 | 53,464,828 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\Practitioner Handbook.exe
[2009/10/13 19:50:10 | 00,001,683 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\DivX Player.lnk
[2009/10/13 19:50:10 | 00,001,321 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\DivX Movies.lnk
[2009/10/13 19:41:18 | 00,000,718 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\Smoke Attack.lnk
[2009/10/13 19:40:49 | 00,000,652 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\antismoking.lnk
[2009/10/13 19:37:37 | 00,067,440 | ---- | C] () -- C:\WINDOWS\System32\MSINSSTF.DLL
[2009/10/13 19:37:37 | 00,057,170 | ---- | C] () -- C:\WINDOWS\System32\SETUPAPI.INC
[2009/10/13 19:37:37 | 00,025,232 | ---- | C] () -- C:\WINDOWS\System32\MSDETSTF.DLL
[2009/10/13 19:37:37 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\MSCUISTF.DLL
[2009/10/13 19:37:37 | 00,014,416 | ---- | C] () -- C:\WINDOWS\System32\MSSHLSTF.DLL
[2009/10/13 19:37:37 | 00,006,384 | ---- | C] () -- C:\WINDOWS\System32\MSUILSTF.DLL
[2009/10/13 19:37:37 | 00,001,357 | ---- | C] () -- C:\WINDOWS\System32\TITLE.INF
[2009/10/13 19:37:37 | 00,000,514 | ---- | C] () -- C:\WINDOWS\System32\SETUP.LST
[2009/10/13 19:37:36 | 00,089,504 | ---- | C] () -- C:\WINDOWS\System32\_MSTEST.EXE
[2009/10/13 19:37:36 | 00,078,064 | ---- | C] () -- C:\WINDOWS\System32\MSCOMSTF.DLL
[2009/10/13 19:37:36 | 00,031,637 | ---- | C] () -- C:\WINDOWS\System32\MMDIB.DLL
[2009/10/13 19:37:36 | 00,000,766 | ---- | C] () -- C:\WINDOWS\System32\CHERBAL.ICO
[2009/10/13 19:37:35 | 00,036,608 | ---- | C] () -- C:\WINDOWS\System32\AMAZING.DLL
[2009/10/13 19:36:40 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Disease Lexicon.lnk
[2009/10/13 19:32:44 | 00,000,606 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\Clasp32 2009.lnk
[2009/10/13 19:23:47 | 00,000,827 | ---- | C] () -- C:\Documents and Settings\EPFX\Desktop\QC-Backup.lnk
[2009/01/10 11:34:09 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\EPFX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/21 18:54:02 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/09/21 18:49:08 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini
[2007/09/03 10:07:10 | 00,086,584 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/07/13 01:22:25 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\adoics.dll
[2007/01/29 15:30:56 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/01/29 15:09:45 | 00,002,627 | ---- | C] () -- C:\WINDOWS\System32\smport.sys
[2007/01/29 15:07:37 | 00,358,400 | ---- | C] () -- C:\WINDOWS\System32\MultimediaTimer_IF.dll
[2007/01/29 14:55:10 | 00,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2007/01/29 14:52:41 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/29 14:44:46 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/01/29 14:44:46 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/01/29 14:44:46 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/01/29 14:44:46 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/01/29 14:44:46 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/01/29 14:44:46 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/01/29 13:55:16 | 00,071,592 | ---- | C] () -- C:\Documents and Settings\EPFX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/01/29 13:49:56 | 00,024,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2007/01/29 13:49:56 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2007/01/29 13:49:55 | 11,985,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2007/01/29 13:42:15 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/01/29 13:36:14 | 05,360,426 | -H-- | C] () -- C:\Documents and Settings\EPFX\Local Settings\Application Data\IconCache.db
[2007/01/29 13:14:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\EPFX\Application Data\desktop.ini
[2007/01/29 07:52:12 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/24 22:50:56 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/04/04 09:31:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\CPEbLib.dll
[2006/02/28 07:00:00 | 00,000,491 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/02/08 16:06:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/08 16:06:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/08 16:06:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/08 16:06:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/08 16:06:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/08 16:06:00 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
< End of report >

Other than a logon.exe error when the computer rebooted, it appears to be running fine. I appreciate your assistance.

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 PM

Posted 31 October 2009 - 11:02 AM

Happy Halloween, :(

Please copy & paste the contents of this log.....

C:\QooBox\Add-Remove Programs.txt


==========

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

With your next post please provide:

* Requested logfile
* MBAM log
* Any further problems?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 GlutenFree

GlutenFree
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 31 October 2009 - 12:36 PM

Happy Halloween


1-8-2008 QED
32 Bit HP CIO Components Installer
Acronis Disk Director Suite
Acronis True Image Home
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Advanced help manual
Agere Systems HDA Modem
AiO_Scan
Antismoking 2009 for XP or Vista 8.1
ArcSoft PhotoImpression 5
AVG Free 9.0
BufferChm
Clasp32 5-5-2009 QED rev. 04-28-2009
Clasp32 Database Engine Install
Critical Update for Windows Media Player 11 (KB959772)
D5300
D5300_doccd
D5300_Help
DeviceDiscovery
DeviceManagementQFolder
DivX Player
EnergeticMedicine
EPSON CX 3800 Guide
EPSON Printer Software
EPSON Scan
Fingerprint Sensor Minimum Install
FTDI USB Serial Converter Drivers
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Image Zone 4.2
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Photosmart Printer Software 9.0
HP Print Diagnostic Utility
HP PSC & OfficeJet 4.2
Infineon TPM Professional Package
Inst5657
Integrated Camera
InterVideo WinDVD
KTP Ware PS/2-WDM 5.0.3.6
lightSource
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero OEM
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OmniPass 4.00.32
OpenOffice.org 2.0
Palm Conduit Support for COM
Palm Desktop by ACCESS
PanoStandAlone
PS_SF_02_ProductContext
PS_SF_02_Software
PS_SF_02_Software_min
PSSWCORE
QC-Backup
QFolder
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Remove DivX Codec
RemoveIT Pro v4 - SE
Scan
Scan Genius
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sidewalker
Smart Watchdog
Smoke Attack
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VideoToolkit01
WebFldrs XP
WebReg
WIDCOMM Bluetooth Software
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
Wireless Select Switch
XML Paper Specification Shared Components Pack 1.0


Malwarebytes' Anti-Malware 1.41
Database version: 3070
Windows 5.1.2600 Service Pack 3

10/31/2009 12:34:10 PM
mbam-log-2009-10-31 (12-34-10).txt

Scan type: Quick Scan
Objects scanned: 99871
Time elapsed: 9 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Computer is running fine so far.

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 PM

Posted 31 October 2009 - 01:17 PM

Hello,

Congratulations! You now appear clean!

**********

Please pay particularly close attention to the instructions that follow. To neglect these steps risk needless reinfection!!

**********

Are things running okay? Do you have any more questions?

**********

Uninstall Combofix
  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    <Notice the space between the "x" and "/".>

    Posted Image

  • The following will implement some very important cleanup procedures as well as reset System Restore points.
**********

Run OTL again

We will now remove the tools we used during this fix using OTL.
  • Double click the OTL icon to start the program.
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
**********

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install an Anti-Spyware program, and update it regularly
    Malwarebytes' Anti-Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Prevention article : To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    Windows XP
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

  • Keep your other software up to date as well. Software does not need to be made by Microsoft to be insecure. Download Secunia Software Inspector to keep all your software up to date.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
**********

System Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

**********

Good luck & safe surfing,
Regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 GlutenFree

GlutenFree
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 31 October 2009 - 03:11 PM

I followed the steps and I am good to go. Thanks for all your help and suggestions. I know exactly where the trojans came from and I will not be visiting that site anymore!

#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 PM

Posted 01 November 2009 - 11:56 AM

Your welcome. :(

Since this topic appears to be resolved, I will now close it.
If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users