Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tried Everything. Would appreciate some advice please.


  • This topic is locked This topic is locked
9 replies to this topic

#1 jgnowuckenfurries

jgnowuckenfurries

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 15 November 2009 - 06:42 PM

Hi to all, first time posting on this site. I am having trouble getting rid of an infection, it seems to keep reappearing. I have scanned and repaired numerous times with AVG Free 9.0, Ad-Aware, MalwareBytes and Glary Utilites.

AVG - continually finds a consistent stream of Tracking Cookies
Ad-Aware - Keeps saying it has detected malicious processes and runs a scan but seems to lock-up each time, I reinstalled adaware and it is though something is hijacking it to stop it from running and repairing.
MalwareBytes - Everytime it is run it finds infections, cleans them and then they are right back.
Glary Utilities - Doesn't find anything.

I have tried running all of these programs in safe mode also one after the other but still having problems, computer is running much slower than it was a few days ago.

I ran Hijackthis and below is the log file. Help would be very much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:48 PM, on 11/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Gigabyte\EasyTune4\et4.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
C:\Program Files\NETGEAR GA511 Adapter\GA511.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [EasyTuneIV] C:\Program Files\Gigabyte\EasyTune4\et4.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [megetevaj] Rundll32.exe "c:\windows\system32\japadesu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Belkin Wireless G USB Adapter Client Utility.lnk = ?
O4 - Global Startup: GA511 Smart Wizard Utility.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader55.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178872966875
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F6EDF40-EB8E-40A5-80CF-48265047B60B}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: \system32\rujudagu.dll c:\windows\system32\mosanugo.dll c:\windows\system32\huwuniva.dll c:\windows\system32\hubobazi.dll c:\windows\system32\tarozole.dll c:\windows\system32\janufini.dll c:\windows\system32\juvokose.dll kotafeka.dll c:\windows\system32\fifusili.dll c:\windows\system32\japadesu.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: dowabeson - {9c1d0b1f-41a4-4549-9963-46343d95158b} - (no file)
O21 - SSODL: bahukimog - {2c98225f-6288-4308-95fe-a9fbfc5eaecd} - (no file)
O21 - SSODL: lekapeyil - {85d4933d-9344-4406-8aca-e1508b402a23} - (no file)
O21 - SSODL: zowojaged - {549376ba-267c-4139-a807-b3fd86ff2ff6} - (no file)
O21 - SSODL: vorejuwov - {83d50d62-109e-4e16-80e2-679234a89192} - (no file)
O21 - SSODL: vogeyereg - {333ad59f-48b9-4b67-9c69-1c6647b40daa} - (no file)
O21 - SSODL: selabonaj - {c7e1ee57-83fb-4108-b75f-0f6cac707668} - (no file)
O21 - SSODL: muyefudaz - {763c6c66-f9ab-431e-8695-5bb5b20fe9c0} - (no file)
O21 - SSODL: yulileloz - {1ea3a6e3-dc9d-40aa-b6da-879e68022fd2} - (no file)
O21 - SSODL: yujilopih - {f3973619-b9ef-416d-96e5-b7ad32c56801} - c:\windows\system32\japadesu.dll
O22 - SharedTaskScheduler: jugezatag - {9c1d0b1f-41a4-4549-9963-46343d95158b} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {2c98225f-6288-4308-95fe-a9fbfc5eaecd} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {85d4933d-9344-4406-8aca-e1508b402a23} - (no file)
O22 - SharedTaskScheduler: jugezatag - {549376ba-267c-4139-a807-b3fd86ff2ff6} - (no file)
O22 - SharedTaskScheduler: jugezatag - {83d50d62-109e-4e16-80e2-679234a89192} - (no file)
O22 - SharedTaskScheduler: jugezatag - {333ad59f-48b9-4b67-9c69-1c6647b40daa} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {c7e1ee57-83fb-4108-b75f-0f6cac707668} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {763c6c66-f9ab-431e-8695-5bb5b20fe9c0} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {1ea3a6e3-dc9d-40aa-b6da-879e68022fd2} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {f3973619-b9ef-416d-96e5-b7ad32c56801} - c:\windows\system32\japadesu.dll
O23 - Service: AODService - Unknown owner - C:\Program.exe (file missing)
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8874 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:24 PM

Posted 16 November 2009 - 08:21 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %systemdrive%\*.exe
    %systemroot%\system32\drivers\*.sys


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============


The next log will show us any hidden files that are present.
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 jgnowuckenfurries

jgnowuckenfurries
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 16 November 2009 - 10:06 PM

Thank You for replying. I will definately donate when we resolve this.

I had to start the computer in safe mode as now AVG is picking up a bunch of threats under the name of Vundo.IK, Vundo.IL plus a couple of other Vundo.* , just after the AVG screen pops up it shows a message saying the system is restarting, I think if I disable AVG I may be able to get a scan in full start-up mode if you require.

Thanks Again Jason.

Here are the reports:

ROOTREPEAL

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/16 18:48
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB99C0000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5CE000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal[2].sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal[2].sys
Address: 0xB8E0A000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\administrator\local settings\temp\~df4aa3.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\owner\local settings\temp\~df400e.tmp
Status: Allocation size mismatch (API: 73728, Raw: 0)

Path: c:\documents and settings\owner\local settings\temp\~dfcdb8.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\owner\local settings\temp\~dfdfa5.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\owner\local settings\temp\~df4cd2.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xba11887e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xba118bfe

==EOF==




OTL



OTL logfile created on: 11/16/2009 6:45:05 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.19 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 73.12% Memory free
1.76 Gb Paging File | 1.65 Gb Available in Paging File | 93.74% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.48 Gb Total Space | 283.58 Gb Free Space | 95.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/16 18:43:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/11/12 23:00:24 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/11/16 18:43:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2009/08/16 18:11:28 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\system32\jigefuwi.dll
MOD - [2008/04/13 16:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 16:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 23:00:21 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/12 23:00:20 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/10 21:56:20 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/05/21 10:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/03/28 09:05:37 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/13 05:24:30 | 00,069,632 | ---- | M] () -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2001/11/21 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-117609710-1343024091-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-117609710-1343024091-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-117609710-1343024091-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 56 88 21 2F 67 CA 01 [binary data]
IE - HKU\S-1-5-21-117609710-1343024091-839522115-500\S-1-5-21-117609710-1343024091-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/24 09:47:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/05 02:00:23 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [EasyTuneIV] C:\Program Files\Gigabyte\EasyTune4\ET4.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [megetevaj] C:\WINDOWS\System32\jigefuwi.DLL ()
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk = C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA511 Smart Wizard Utility.lnk = C:\WINDOWS\Installer\{52CAD7C7-1E41-43FE-8613-AB9D79B2DBBC}\NewShortcut1.exe (InstallShield Software Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-1343024091-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader55.cab (Auctiva Image Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1178872966875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (\system32\rujudagu.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\mosanugo.dll) - C:\WINDOWS\System32\mosanugo.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\huwuniva.dll) - C:\WINDOWS\System32\huwuniva.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\hubobazi.dll) - C:\WINDOWS\System32\hubobazi.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\tarozole.dll) - C:\WINDOWS\System32\tarozole.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\janufini.dll) - C:\WINDOWS\System32\janufini.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\juvokose.dll) - C:\WINDOWS\System32\juvokose.dll File not found
O20 - AppInit_DLLs: (kotafeka.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\fifusili.dll) - C:\WINDOWS\System32\fifusili.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\japadesu.dll) - C:\WINDOWS\System32\japadesu.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\yunukino.dll) - C:\WINDOWS\System32\yunukino.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\jigefuwi.dll) - C:\WINDOWS\system32\jigefuwi.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: bahukimog - {2c98225f-6288-4308-95fe-a9fbfc5eaecd} - CLSID or File not found.
O21 - SSODL: dowabeson - {9c1d0b1f-41a4-4549-9963-46343d95158b} - CLSID or File not found.
O21 - SSODL: hofonebiz - {04d69d45-772e-4209-8d98-a81d3a3102b3} - C:\WINDOWS\System32\yunukino.dll File not found
O21 - SSODL: lekapeyil - {85d4933d-9344-4406-8aca-e1508b402a23} - CLSID or File not found.
O21 - SSODL: muyefudaz - {763c6c66-f9ab-431e-8695-5bb5b20fe9c0} - CLSID or File not found.
O21 - SSODL: selabonaj - {c7e1ee57-83fb-4108-b75f-0f6cac707668} - CLSID or File not found.
O21 - SSODL: vogeyereg - {333ad59f-48b9-4b67-9c69-1c6647b40daa} - CLSID or File not found.
O21 - SSODL: vohuruhew - {993120e3-8a5c-4b8a-8e8c-196a6bf1f129} - C:\WINDOWS\system32\jigefuwi.dll ()
O21 - SSODL: vorejuwov - {83d50d62-109e-4e16-80e2-679234a89192} - CLSID or File not found.
O21 - SSODL: yulileloz - {1ea3a6e3-dc9d-40aa-b6da-879e68022fd2} - CLSID or File not found.
O21 - SSODL: zowojaged - {549376ba-267c-4139-a807-b3fd86ff2ff6} - CLSID or File not found.
O22 - SharedTaskScheduler: {04d69d45-772e-4209-8d98-a81d3a3102b3} - jugezatag - C:\WINDOWS\System32\yunukino.dll File not found
O22 - SharedTaskScheduler: {1ea3a6e3-dc9d-40aa-b6da-879e68022fd2} - kupuhivus - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {2c98225f-6288-4308-95fe-a9fbfc5eaecd} - tokatiluy - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {333ad59f-48b9-4b67-9c69-1c6647b40daa} - jugezatag - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {549376ba-267c-4139-a807-b3fd86ff2ff6} - jugezatag - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {763c6c66-f9ab-431e-8695-5bb5b20fe9c0} - kupuhivus - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {83d50d62-109e-4e16-80e2-679234a89192} - jugezatag - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {85d4933d-9344-4406-8aca-e1508b402a23} - mujuzedij - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {993120e3-8a5c-4b8a-8e8c-196a6bf1f129} - jugezatag - C:\WINDOWS\system32\jigefuwi.dll ()
O22 - SharedTaskScheduler: {9c1d0b1f-41a4-4549-9963-46343d95158b} - jugezatag - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {c7e1ee57-83fb-4108-b75f-0f6cac707668} - mujuzedij - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/08 10:56:05 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/05/08 10:55:49 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/16 18:43:53 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/11/15 19:49:59 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/11/15 08:09:03 | 00,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2009/11/14 21:40:07 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/11/14 17:07:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/11/13 18:51:43 | 01,312,080 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\All Users\Documents\mbam.exe
[2009/11/13 18:04:28 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/13 18:02:02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/13 18:02:01 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/13 18:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/13 13:30:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/12 23:00:49 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/12 23:00:38 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/12 23:00:38 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/12 23:00:32 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/12 23:00:31 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/12 23:00:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/11/12 23:00:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/10 21:57:25 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/11/10 21:57:16 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/10 21:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/11/10 21:32:04 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/10 21:16:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/11/10 21:16:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2009/11/10 21:16:11 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2009/11/10 20:03:00 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2009/11/10 20:01:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2009/11/10 20:01:32 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/11/10 20:01:32 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2009/11/10 20:01:32 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2009/11/10 20:01:32 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2009/11/10 20:01:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2009/11/10 20:01:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2009/11/10 20:01:31 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2009/11/10 20:01:31 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2009/11/10 20:01:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2009/11/10 20:01:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2009/11/10 20:01:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2009/11/10 20:01:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2009/11/10 20:01:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/16 18:43:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/11/16 18:43:53 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/11/16 18:39:16 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/16 18:38:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/16 18:20:18 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tepafine
[2009/11/16 18:20:05 | 00,002,291 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA511 Smart Wizard Utility.lnk
[2009/11/16 18:20:05 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/16 18:20:02 | 00,087,960 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/16 18:20:00 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/11/16 18:19:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/16 18:16:57 | 45,213,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/16 18:16:30 | 00,093,418 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/16 18:10:59 | 00,000,294 | ---- | M] () -- C:\WINDOWS\tasks\sjrudquv.job
[2009/11/16 18:10:59 | 00,000,294 | ---- | M] () -- C:\WINDOWS\tasks\apohfojc.job
[2009/11/15 19:48:32 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/14 21:14:30 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/11/14 21:14:29 | 03,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/11/13 18:02:05 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/12 23:00:38 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/12 23:00:38 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/12 23:00:38 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/12 23:00:32 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/12 23:00:31 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/12 23:00:31 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/12 23:00:28 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/12 23:00:28 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/10 21:57:12 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/10 21:57:09 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/10 21:51:48 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/15 08:09:08 | 00,000,312 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/11/13 18:02:05 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/13 14:19:36 | 00,000,294 | ---- | C] () -- C:\WINDOWS\tasks\apohfojc.job
[2009/11/12 23:00:38 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/12 23:00:31 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/12 23:00:28 | 45,213,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/12 23:00:28 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/12 23:00:28 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/12 23:00:28 | 00,093,418 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/11 21:09:45 | 00,000,294 | ---- | C] () -- C:\WINDOWS\tasks\sjrudquv.job
[2009/11/10 22:10:09 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/10 21:51:48 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/10 21:34:28 | 03,184,656 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/11/10 20:01:39 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/11/10 20:01:35 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2009/11/10 20:01:31 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/08/16 18:11:28 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\jigefuwi.dll
[2009/08/16 18:11:28 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\vasidifu.dll
[2009/08/16 05:43:59 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\kirasahi.dll
[2009/08/15 15:14:15 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\fepabavi.dll
[2009/08/14 23:19:14 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\piyiliwa.dll
[2009/08/14 11:20:51 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\hadohiyo.dll
[2009/08/13 14:19:21 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\zudeyuwi.dll
[2008/06/14 16:56:20 | 00,000,052 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/06/14 16:56:20 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_4100.ini
[2008/06/14 16:55:42 | 00,000,440 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/06/14 16:55:42 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008/06/14 16:55:41 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/04/09 15:31:05 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/07/10 22:18:40 | 00,000,040 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI
[2007/07/10 22:02:30 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sowdp88.dat
[2007/07/10 22:02:28 | 00,000,048 | ---- | C] () -- C:\WINDOWS\System32\pdfutil.ini
[2007/07/10 22:02:27 | 02,169,344 | ---- | C] () -- C:\WINDOWS\System32\pdfutil.dll
[2007/06/24 20:43:09 | 00,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/05/12 06:35:59 | 00,004,096 | ---- | C] () -- C:\WINDOWS\gdrv.sys
[2007/05/08 03:42:21 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/04/15 15:45:38 | 00,007,188 | ---- | C] () -- C:\WINDOWS\System32\drivers\Hmonitor.sys
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/12/31 23:20:06 | 00,013,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\string.ini
[2005/09/17 16:32:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/09/17 16:32:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/09/17 16:32:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/09/17 16:32:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/09/17 16:32:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/09/17 16:32:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/09/17 16:32:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2002/08/29 12:00:00 | 00,000,517 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 12:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/11/12 23:00:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/06/24 20:38:48 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/07/04 18:05:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/06/24 20:43:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/05/09 00:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[2009/11/10 21:51:52 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/08/05 14:02:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2009/11/15 08:11:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlarySoft
[2007/05/11 14:34:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/03/05 22:38:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sammsoft
[2007/06/24 20:43:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2009/11/16 18:39:16 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/11/16 18:10:59 | 00,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\apohfojc.job
[2002/08/29 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/16 18:20:00 | 00,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2009/11/16 18:19:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/16 18:10:59 | 00,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\sjrudquv.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*.exe >

< %systemroot%\system32\drivers\*.sys >
[2008/04/13 10:46:18 | 00,053,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\1394bus.sys
[2008/04/13 10:36:35 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys
[2002/08/29 12:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpiec.sys
[2001/08/17 11:19:14 | 00,747,392 | ---- | M] (Aureal, Inc.) -- C:\WINDOWS\system32\drivers\adm8830.sys
[2002/08/28 22:00:48 | 00,010,880 | ---- | M] (Aureal, Inc.) -- C:\WINDOWS\system32\drivers\admjoy.sys
[2008/04/13 08:39:23 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys
[2005/12/31 23:20:47 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys
[2008/08/14 02:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/13 10:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2008/04/13 10:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\alim1541.sys
[2008/04/13 10:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys
[2008/04/13 10:31:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008/04/13 10:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys
[2005/03/09 14:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys
[2007/08/14 16:49:42 | 00,034,304 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\system32\drivers\AmdTools.sys
[2008/04/13 10:51:25 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arp1394.sys
[2008/04/13 10:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:29:29 | 00,056,623 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2004/08/03 21:29:29 | 00,011,615 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2004/08/03 21:29:29 | 00,012,047 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2004/08/03 21:29:30 | 00,030,671 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2004/08/03 21:29:30 | 00,063,663 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2004/08/03 21:29:31 | 00,026,367 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2004/08/03 21:29:31 | 00,021,343 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2004/08/03 21:29:31 | 00,036,463 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2004/08/03 21:29:31 | 00,029,455 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2004/08/03 21:29:31 | 00,034,735 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2004/08/03 21:29:26 | 00,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2004/08/03 21:29:26 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2004/08/03 21:29:27 | 00,057,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2004/08/03 21:29:28 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2004/08/03 21:29:29 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2004/08/03 21:29:29 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2004/08/03 21:29:30 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2004/08/03 21:29:30 | 00,028,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2004/08/03 21:29:30 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2004/08/03 21:29:31 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2004/08/03 21:29:31 | 00,031,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2004/08/03 21:29:31 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2008/04/13 10:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2002/08/29 12:00:00 | 00,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008/04/13 10:51:30 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmlane.sys
[2002/08/29 12:00:00 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmuni.sys
[2001/08/17 05:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys
[2009/11/12 23:00:32 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2009/11/12 23:00:31 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2009/11/12 23:00:38 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2002/08/29 12:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\beep.sys
[2007/05/31 21:13:20 | 00,238,848 | R--- | M] (Belkin Corporation. ) -- C:\WINDOWS\system32\drivers\BLKWGU.sys
[2008/04/13 10:53:23 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bridge.sys
[2008/04/13 10:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys
[2008/04/13 10:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2008/04/13 10:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys
[2008/06/13 03:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys
[2008/04/13 10:46:31 | 00,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthprint.sys
[2008/04/13 10:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys
[2002/08/29 12:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2002/08/29 12:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008/04/13 11:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdfs.sys
[2007/06/20 02:00:00 | 00,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys
[2007/06/20 02:00:00 | 00,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys
[2008/04/13 10:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys
[2002/08/29 12:00:00 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008/04/13 11:16:22 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\classpnp.sys
[2002/08/29 12:00:00 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008/04/13 10:31:32 | 00,036,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\crusoe.sys
[2003/12/25 10:53:10 | 00,011,237 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\diag69xp.sys
[2008/04/13 10:40:47 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 10:40:44 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\diskdump.sys
[2008/04/13 10:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008/04/13 10:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys
[2002/08/29 12:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys
[2008/04/13 10:45:01 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dmusic.sys
[2008/04/13 10:45:14 | 00,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys
[2008/04/13 10:45:13 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2002/08/29 12:00:00 | 00,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008/04/13 10:38:29 | 00,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxg.sys
[2002/08/29 12:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2006/11/15 16:23:06 | 00,038,144 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\EAPPkt.sys
[2001/08/17 05:46:40 | 00,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\enum1394.sys
[2004/09/16 16:30:30 | 00,185,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ETDrv.sys
[2008/04/13 11:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fastfat.sys
[2008/04/13 10:40:25 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys
[2008/04/13 10:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fips.sys
[2008/04/13 10:40:25 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008/04/13 10:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2002/08/29 12:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys
[2002/08/29 12:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2002/08/29 12:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2004/08/02 15:43:40 | 00,070,400 | ---- | M] (NETGEAR ) -- C:\WINDOWS\system32\drivers\GA511NXP.SYS
[2008/04/13 10:36:40 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2008/04/13 08:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2005/01/07 16:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys
[2008/04/13 10:46:30 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbth.sys
[2008/04/13 10:45:26 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008/04/13 10:45:26 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidir.sys
[2008/04/13 10:45:22 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidparse.sys
[2008/04/13 10:45:27 | 00,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys
[2007/04/15 15:45:38 | 00,007,188 | ---- | M] () -- C:\WINDOWS\system32\drivers\Hmonitor.sys
[2004/08/03 21:41:46 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/03 21:41:48 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/03 21:41:54 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2008/04/13 10:53:53 | 00,264,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys
[2008/04/13 11:18:00 | 00,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2008/04/13 10:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys
[2008/04/13 10:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008/04/13 10:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2002/08/29 12:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008/04/13 10:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008/04/13 10:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008/04/13 11:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008/04/13 10:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys
[2008/04/13 10:36:41 | 00,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008/04/13 10:39:47 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008/04/13 10:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys
[2008/04/13 10:45:09 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008/04/13 11:16:36 | 00,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ks.sys
[2009/06/24 03:18:41 | 00,092,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2003/12/25 10:53:10 | 00,008,440 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\LANPkt.sys
[2009/09/23 04:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys
[2001/08/17 12:53:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\loop.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2002/08/29 12:00:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mcd.sys
[2004/08/03 21:41:55 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2008/04/13 10:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys
[2002/08/29 12:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008/04/13 11:00:19 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\modem.sys
[2008/04/13 10:39:47 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys
[2008/04/13 10:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2008/04/13 10:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2008/10/24 03:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008/04/13 10:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfs.sys
[2008/04/13 10:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys
[2008/04/13 10:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2008/04/13 10:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008/04/13 10:39:51 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008/04/13 10:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2004/08/03 21:41:38 | 00,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/03 21:41:37 | 01,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/03 21:29:36 | 00,452,736 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2008/04/13 11:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mup.sys
[2008/04/13 10:43:55 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2008/04/13 11:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys
[2008/04/13 10:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008/04/13 10:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008/04/13 11:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2008/04/13 10:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008/04/13 10:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys
[2008/04/13 11:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 10:51:25 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nic1394.sys
[2002/08/29 12:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008/04/13 10:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008/04/13 10:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\npfs.sys
[2008/04/13 11:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 21:41:39 | 00,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2002/08/29 12:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\null.sys
[2006/10/22 11:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2005/07/29 16:11:00 | 00,034,048 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys
[2005/07/29 16:11:00 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys
[2005/07/29 16:10:00 | 00,301,312 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnrm.sys
[2005/07/29 16:10:00 | 00,221,824 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvsnpu.sys
[2005/07/29 16:10:00 | 00,100,480 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvtcp.sys
[2002/08/29 12:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2002/08/29 12:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008/04/13 10:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2002/08/29 12:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2002/08/29 12:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008/04/13 10:46:18 | 00,061,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ohci1394.sys
[2002/08/29 12:00:00 | 00,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008/04/13 10:31:31 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys
[2008/04/13 10:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys
[2008/04/13 10:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\partmgr.sys
[2002/08/29 12:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008/04/13 10:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys
[2002/08/29 12:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys
[2008/04/13 10:40:29 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008/04/13 10:36:43 | 00,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2008/04/13 11:19:41 | 00,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys
[2008/04/13 10:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys
[2008/04/13 10:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys
[2002/08/29 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys
[2007/07/26 02:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys
[2002/08/29 12:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008/04/13 11:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008/04/13 10:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008/04/13 11:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys
[2002/08/29 12:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys
[2002/08/29 12:00:00 | 00,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008/04/13 11:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys
[2002/08/29 12:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008/04/13 10:32:51 | 00,196,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2008/04/13 16:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 21:41:39 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\recagent.sys
[2008/04/13 10:40:27 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys
[2008/04/13 10:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2002/08/29 12:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2002/08/29 12:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\riodrv.sys
[2008/05/08 06:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008/04/13 10:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008/04/13 10:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2002/08/29 12:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2007/03/28 14:45:38 | 04,395,008 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys
[2004/08/03 21:29:51 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2009/11/10 21:57:12 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
[2008/04/13 10:40:30 | 00,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008/04/13 10:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys
[2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2008/04/13 10:40:12 | 00,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys
[2008/04/13 11:15:45 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys
[2008/04/13 10:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008/04/13 10:40:48 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008/04/13 10:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008/04/13 10:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2008/04/13 10:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys
[2004/08/03 21:41:40 | 00,129,535 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/03 21:41:42 | 00,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/03 21:41:44 | 00,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/03 21:41:45 | 00,013,240 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008/04/13 10:36:34 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smbali.sys
[2002/08/29 12:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smclib.sys
[2008/04/13 10:46:07 | 00,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2008/04/13 10:45:07 | 00,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys
[2008/04/13 10:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys
[2008/12/11 02:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2008/04/13 10:45:15 | 00,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\stream.sys
[2008/04/13 10:39:53 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys
[2008/04/13 10:45:09 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys
[2008/04/13 11:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008/04/13 10:40:50 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tape.sys
[2008/06/20 03:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 03:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008/04/13 11:00:05 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdi.sys
[2008/04/13 16:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008/04/13 16:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008/04/13 16:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys
[2002/08/29 12:00:00 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2002/08/29 12:00:00 | 00,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008/04/13 10:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys
[2007/05/30 20:12:30 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS
[2008/04/13 10:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008/04/13 10:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\udfs.sys
[2008/04/13 10:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys
[2008/04/13 10:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008/04/13 10:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2008/04/13 10:45:40 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008/04/13 10:45:41 | 00,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008/04/13 10:45:39 | 00,032,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2002/08/29 12:00:00 | 00,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbd.sys
[2008/04/13 10:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008/04/13 10:45:37 | 00,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008/04/13 10:45:43 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbintel.sys
[2008/04/13 10:45:35 | 00,017,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbohci.sys
[2008/04/13 10:45:36 | 00,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys
[2008/04/13 10:47:37 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008/04/13 10:45:34 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008/04/13 10:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 10:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2002/08/29 12:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008/04/13 10:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys
[2008/04/13 10:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008/04/13 10:44:40 | 00,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008/04/13 10:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008/04/13 10:43:55 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wacompen.sys
[2004/08/03 21:29:38 | 00,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2004/08/03 21:29:39 | 00,011,295 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2004/08/03 21:29:40 | 00,011,871 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2004/08/03 21:29:40 | 00,011,935 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008/04/13 10:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys
[2004/08/03 21:29:44 | 00,022,271 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2004/08/03 21:29:45 | 00,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2008/04/13 11:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2002/08/29 12:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmilib.sys
[2004/08/13 07:43:00 | 00,753,664 | R--- | M] (Belkin Corporation, Inc.) -- C:\WINDOWS\system32\drivers\wnihdd51.sys
[2006/10/18 19:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2002/08/29 12:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2006/09/28 17:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys
[2006/09/28 18:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys
[2 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
< End of report >




EXTRAS




OTL Extras logfile created on: 11/16/2009 6:45:05 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.19 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 73.12% Memory free
1.76 Gb Paging File | 1.65 Gb Available in Paging File | 93.74% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.48 Gb Total Space | 283.58 Gb Free Space | 95.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\WinMX\WinMX.exe" = C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application -- (Frontcode Technologies)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Gigabyte\EasyTune4\ET4.exe" = C:\Program Files\Gigabyte\EasyTune4\ET4.exe:*:Enabled:et4 -- ()
"C:\WINDOWS\system32\wbem\wmiprvse.exe" = C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Lavasoft\Ad-Aware\threatwork.exe" = C:\Program Files\Lavasoft\Ad-Aware\threatwork.exe:*:Enabled:ThreatWork -- (Lavasoft)
"C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" = C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe:*:Enabled:AAWTray -- (Lavasoft)
"C:\WINDOWS\system32\wbem\unsecapp.exe" = C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:unsecapp -- (Microsoft Corporation)
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware -- (Lavasoft)
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:GoogleToolbarNotifier -- (Google Inc.)
"C:\WINDOWS\RTHDCPL.exe" = C:\WINDOWS\RTHDCPL.exe:*:Enabled:RTHDCPL -- (Realtek Semiconductor Corp.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{52CAD7C7-1E41-43FE-8613-AB9D79B2DBBC}" = NETGEAR GA511 Gigabit Cardbus Adapter
"{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta)
"{6515FE5E-9F36-448F-934E-10CD94821807}" = AMD OverDrive
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B41069C7-7E24-473F-B400-BF48B82D9948}" = AMD OverDrive
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C6783FB4-2E95-4ED0-8A32-1BF32821689F}" = AMD CPUInfo
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2606C7-63AF-40F4-8919-F2EC654ACC91}" = Napster for Windows Media Player
"{D593C72C-435B-4171-8106-9CA8AA34D716}" = Belkin Wireless G USB Adapter Software
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.1
"AAA PDF Password Remover_is1" = AAA PDF Password Remover V2.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"AVG9Uninstall" = AVG Free 9.0
"Canon MP460 User Registration" = Canon MP460 User Registration
"CanonMyPrinter" = Canon My Printer
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EasyTune4" = EasyTune4
"Easy-WebPrint" = Easy-WebPrint
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Glary Utilities_is1" = Glary Utilities 2.17.0.776
"Google Updater" = Google Updater
"Hardware sensors monitor 4.3_is1" = Hardware sensors monitor 4.3
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{52CAD7C7-1E41-43FE-8613-AB9D79B2DBBC}" = NETGEAR GA511 Smart Wizard Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motherboard Monitor 5_is1" = Motherboard Monitor 5
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC Wizard 2008_is1" = PC Wizard 2008.1.871
"PDF Password Remover v3.0_is1" = PDF Password Remover v3.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMX" = WinMX
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/14/2009 11:58:12 AM | Computer Name = JASE | Source = nview_info | ID = 11141121
Description =

Error - 8/14/2009 11:58:12 AM | Computer Name = JASE | Source = nview_info | ID = 11141121
Description =

Error - 8/14/2009 11:58:13 AM | Computer Name = JASE | Source = nview_info | ID = 11141121
Description =

Error - 8/14/2009 11:58:16 AM | Computer Name = JASE | Source = nview_info | ID = 11141121
Description =

Error - 8/26/2009 1:56:37 AM | Computer Name = JASE | Source = nview_info | ID = 11141121
Description =

Error - 8/26/2009 1:59:47 AM | Computer Name = JASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/12/2009 2:04:48 AM | Computer Name = JASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/12/2009 2:04:52 AM | Computer Name = JASE | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 10/12/2009 9:18:21 PM | Computer Name = JASE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/12/2009 9:18:22 PM | Computer Name = JASE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 11/16/2009 9:30:47 PM | Computer Name = JASE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 11/16/2009 9:31:17 PM | Computer Name = JASE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 11/16/2009 10:00:06 PM | Computer Name = JASE | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/16/2009 10:00:18 PM | Computer Name = JASE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 11/16/2009 10:00:48 PM | Computer Name = JASE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 11/16/2009 10:01:18 PM | Computer Name = JASE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 11/16/2009 10:04:07 PM | Computer Name = JASE | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/16/2009 10:22:22 PM | Computer Name = JASE | Source = Service Control Manager | ID = 7000
Description = The Realtek LANPkt Protocol service failed to start due to the following
error: %%19

Error - 11/16/2009 10:38:36 PM | Computer Name = JASE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 AvgLdx86 AvgMfx86 Fips hmonitor mbmiodrvr

Error - 11/16/2009 10:38:55 PM | Computer Name = JASE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:24 PM

Posted 17 November 2009 - 09:37 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2009/08/16 18:11:28 | 00,091,136 | -HS- | M] () -- C:\WINDOWS\system32\jigefuwi.dll
    O4 - HKLM..\Run: [megetevaj] C:\WINDOWS\System32\jigefuwi.DLL ()
    O20 - AppInit_DLLs: (\system32\rujudagu.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\mosanugo.dll) - C:\WINDOWS\System32\mosanugo.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\huwuniva.dll) - C:\WINDOWS\System32\huwuniva.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\hubobazi.dll) - C:\WINDOWS\System32\hubobazi.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\tarozole.dll) - C:\WINDOWS\System32\tarozole.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\janufini.dll) - C:\WINDOWS\System32\janufini.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\juvokose.dll) - C:\WINDOWS\System32\juvokose.dll File not found
    O20 - AppInit_DLLs: (kotafeka.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\fifusili.dll) - C:\WINDOWS\System32\fifusili.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\japadesu.dll) - C:\WINDOWS\System32\japadesu.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\yunukino.dll) - C:\WINDOWS\System32\yunukino.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\jigefuwi.dll) - C:\WINDOWS\system32\jigefuwi.dll ()
    O21 - SSODL: bahukimog - {2c98225f-6288-4308-95fe-a9fbfc5eaecd} - CLSID or File not found.
    O21 - SSODL: dowabeson - {9c1d0b1f-41a4-4549-9963-46343d95158b} - CLSID or File not found.
    O21 - SSODL: hofonebiz - {04d69d45-772e-4209-8d98-a81d3a3102b3} - C:\WINDOWS\System32\yunukino.dll File not found
    O21 - SSODL: lekapeyil - {85d4933d-9344-4406-8aca-e1508b402a23} - CLSID or File not found.
    O21 - SSODL: muyefudaz - {763c6c66-f9ab-431e-8695-5bb5b20fe9c0} - CLSID or File not found.
    O21 - SSODL: selabonaj - {c7e1ee57-83fb-4108-b75f-0f6cac707668} - CLSID or File not found.
    O21 - SSODL: vogeyereg - {333ad59f-48b9-4b67-9c69-1c6647b40daa} - CLSID or File not found.
    O21 - SSODL: vohuruhew - {993120e3-8a5c-4b8a-8e8c-196a6bf1f129} - C:\WINDOWS\system32\jigefuwi.dll ()
    O21 - SSODL: vorejuwov - {83d50d62-109e-4e16-80e2-679234a89192} - CLSID or File not found.
    O21 - SSODL: yulileloz - {1ea3a6e3-dc9d-40aa-b6da-879e68022fd2} - CLSID or File not found.
    O21 - SSODL: zowojaged - {549376ba-267c-4139-a807-b3fd86ff2ff6} - CLSID or File not found.
    O22 - SharedTaskScheduler: {04d69d45-772e-4209-8d98-a81d3a3102b3} - jugezatag - C:\WINDOWS\System32\yunukino.dll File not found
    O22 - SharedTaskScheduler: {1ea3a6e3-dc9d-40aa-b6da-879e68022fd2} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {2c98225f-6288-4308-95fe-a9fbfc5eaecd} - tokatiluy - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {333ad59f-48b9-4b67-9c69-1c6647b40daa} - jugezatag - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {549376ba-267c-4139-a807-b3fd86ff2ff6} - jugezatag - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {763c6c66-f9ab-431e-8695-5bb5b20fe9c0} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {83d50d62-109e-4e16-80e2-679234a89192} - jugezatag - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {85d4933d-9344-4406-8aca-e1508b402a23} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {993120e3-8a5c-4b8a-8e8c-196a6bf1f129} - jugezatag - C:\WINDOWS\system32\jigefuwi.dll ()
    O22 - SharedTaskScheduler: {9c1d0b1f-41a4-4549-9963-46343d95158b} - jugezatag - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {c7e1ee57-83fb-4108-b75f-0f6cac707668} - mujuzedij - Reg Error: Key error. File not found
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
    [2009/08/16 18:11:28 | 00,091,136 | -HS- | C] () -- C:\WINDOWS\System32\jigefuwi.dll
    [2009/08/16 18:11:28 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\vasidifu.dll
    [2009/08/16 05:43:59 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\kirasahi.dll
    [2009/08/15 15:14:15 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\fepabavi.dll
    [2009/08/14 23:19:14 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\piyiliwa.dll
    [2009/08/14 11:20:51 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\hadohiyo.dll
    [2009/08/13 14:19:21 | 00,051,200 | -HS- | C] () -- C:\WINDOWS\System32\zudeyuwi.dll
    [2009/11/16 18:10:59 | 00,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\apohfojc.job
    [2009/11/16 18:10:59 | 00,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\sjrudquv.job
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

=======================



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 jgnowuckenfurries

jgnowuckenfurries
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 17 November 2009 - 09:37 PM

As Requested:



This Came up when I restarted after the OTL fix.
Error Loading c:\windows\system32\jigefuwi.dll


OTL Log


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\megetevaj deleted successfully.
C:\WINDOWS\system32\jigefuwi.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:\system32\rujudagu.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\mosanugo.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\huwuniva.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\hubobazi.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\tarozole.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\janufini.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\juvokose.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:kotafeka.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\fifusili.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\japadesu.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\yunukino.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\jigefuwi.dll deleted successfully.
File C:\WINDOWS\system32\jigefuwi.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\bahukimog deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c98225f-6288-4308-95fe-a9fbfc5eaecd}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\dowabeson deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c1d0b1f-41a4-4549-9963-46343d95158b}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\hofonebiz deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04d69d45-772e-4209-8d98-a81d3a3102b3}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\lekapeyil deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85d4933d-9344-4406-8aca-e1508b402a23}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\muyefudaz deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{763c6c66-f9ab-431e-8695-5bb5b20fe9c0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\selabonaj deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7e1ee57-83fb-4108-b75f-0f6cac707668}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vogeyereg deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{333ad59f-48b9-4b67-9c69-1c6647b40daa}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vohuruhew deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{993120e3-8a5c-4b8a-8e8c-196a6bf1f129}\ deleted successfully.
File C:\WINDOWS\system32\jigefuwi.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vorejuwov deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83d50d62-109e-4e16-80e2-679234a89192}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\yulileloz deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ea3a6e3-dc9d-40aa-b6da-879e68022fd2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\zowojaged deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549376ba-267c-4139-a807-b3fd86ff2ff6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{04d69d45-772e-4209-8d98-a81d3a3102b3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04d69d45-772e-4209-8d98-a81d3a3102b3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{1ea3a6e3-dc9d-40aa-b6da-879e68022fd2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ea3a6e3-dc9d-40aa-b6da-879e68022fd2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{2c98225f-6288-4308-95fe-a9fbfc5eaecd} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c98225f-6288-4308-95fe-a9fbfc5eaecd}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{333ad59f-48b9-4b67-9c69-1c6647b40daa} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{333ad59f-48b9-4b67-9c69-1c6647b40daa}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{549376ba-267c-4139-a807-b3fd86ff2ff6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549376ba-267c-4139-a807-b3fd86ff2ff6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{763c6c66-f9ab-431e-8695-5bb5b20fe9c0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{763c6c66-f9ab-431e-8695-5bb5b20fe9c0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{83d50d62-109e-4e16-80e2-679234a89192} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83d50d62-109e-4e16-80e2-679234a89192}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{85d4933d-9344-4406-8aca-e1508b402a23} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85d4933d-9344-4406-8aca-e1508b402a23}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{993120e3-8a5c-4b8a-8e8c-196a6bf1f129} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{993120e3-8a5c-4b8a-8e8c-196a6bf1f129}\ not found.
File C:\WINDOWS\system32\jigefuwi.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{9c1d0b1f-41a4-4549-9963-46343d95158b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c1d0b1f-41a4-4549-9963-46343d95158b}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{c7e1ee57-83fb-4108-b75f-0f6cac707668} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7e1ee57-83fb-4108-b75f-0f6cac707668}\ not found.
C:\WINDOWS\002181_.tmp deleted successfully.
C:\WINDOWS\005500_.tmp deleted successfully.
C:\WINDOWS\NV1408884.TMP\nvtcp.sys deleted successfully.
C:\WINDOWS\NV1408884.TMP folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SETA.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET10.tmp deleted successfully.
C:\WINDOWS\System32\SET12.tmp deleted successfully.
C:\WINDOWS\System32\SET13.tmp deleted successfully.
C:\WINDOWS\System32\SET18.tmp deleted successfully.
C:\WINDOWS\System32\SET19.tmp deleted successfully.
C:\WINDOWS\System32\SET1A.tmp deleted successfully.
C:\WINDOWS\System32\SET1E.tmp deleted successfully.
C:\WINDOWS\System32\SET20.tmp deleted successfully.
C:\WINDOWS\System32\SET22.tmp deleted successfully.
C:\WINDOWS\System32\SET27.tmp deleted successfully.
C:\WINDOWS\System32\SET29.tmp deleted successfully.
C:\WINDOWS\System32\SET38.tmp deleted successfully.
C:\WINDOWS\System32\SET3A.tmp deleted successfully.
C:\WINDOWS\System32\SET3F.tmp deleted successfully.
C:\WINDOWS\System32\SET46.tmp deleted successfully.
C:\WINDOWS\System32\SET4F.tmp deleted successfully.
C:\WINDOWS\System32\SET51.tmp deleted successfully.
C:\WINDOWS\System32\SET54.tmp deleted successfully.
C:\WINDOWS\System32\SET67.tmp deleted successfully.
C:\WINDOWS\System32\SET68.tmp deleted successfully.
C:\WINDOWS\System32\drivers\SET8.tmp deleted successfully.
C:\WINDOWS\System32\drivers\SET9.tmp deleted successfully.
C:\pcwtest.tmp deleted successfully.
File C:\WINDOWS\System32\jigefuwi.dll not found.
C:\WINDOWS\system32\vasidifu.dll moved successfully.
C:\WINDOWS\system32\kirasahi.dll moved successfully.
C:\WINDOWS\system32\fepabavi.dll moved successfully.
C:\WINDOWS\system32\piyiliwa.dll moved successfully.
C:\WINDOWS\system32\hadohiyo.dll moved successfully.
C:\WINDOWS\system32\zudeyuwi.dll moved successfully.
C:\WINDOWS\Tasks\apohfojc.job moved successfully.
C:\WINDOWS\Tasks\sjrudquv.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 603994 bytes
->Temporary Internet Files folder emptied: 4378335 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 116706218 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10075796 bytes

User: NetworkService
->Temp folder emptied: 896 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 168408981 bytes
->Temporary Internet Files folder emptied: 60142252 bytes
->Java cache emptied: 23338407 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 49960 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23940774 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 61365 bytes
RecycleBin emptied: 33394 bytes

Total Files Cleaned = 388.91 mb


OTL by OldTimer - Version 3.1.5.0 log created on 11172009_171946

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\W36PLBDD\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=42554006[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\W36PLBDD\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=42554006[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\W36PLBDD\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=72427601[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\W36PLBDD\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=77297261[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\W36PLBDD\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=77297261[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\TKQMSAC8\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=42554006[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\TKQMSAC8\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=42554006[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\TKQMSAC8\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=77297261[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\TKQMSAC8\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=77297261[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JS5I3QGC\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=42554006[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JS5I3QGC\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=72427601[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JS5I3QGC\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=77297261[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\71KPSX0C\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=42554006[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\71KPSX0C\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=42554006[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\71KPSX0C\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=77297261[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\71KPSX0C\ssifieds,employment,cars,property,real,estate,business,investment,sports,technology,i,t,entertainment,finance,weather,community,interactive,limited,news,corporation;ord=77297261[2] not found!

Registry entries deleted on Reboot...






OTL logfile created on: 11/17/2009 5:34:30 PM - Run 2
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.19 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 44.24% Memory free
1.75 Gb Paging File | 1.31 Gb Available in Paging File | 74.82% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.48 Gb Total Space | 283.91 Gb Free Space | 95.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASE
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
< End of report >
[2009/11/17 17:33:51 | 01,048,576 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2009/11/17 17:31:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/17 17:29:40 | 00,002,291 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA511 Smart Wizard Utility.lnk
[2009/11/17 17:29:39 | 00,087,960 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/17 17:24:14 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/11/17 17:24:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/17 17:23:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/17 17:23:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/17 17:22:07 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2009/11/16 18:20:18 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tepafine
[2009/11/16 18:11:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/11/15 23:41:00 | 03,768,684 | -H-- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db
[2009/11/15 19:50:00 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/11/15 19:49:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/11/15 19:48:32 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/15 16:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Macromedia
[2009/11/15 16:05:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Admin\Application Data\Microsoft
[2009/11/15 16:05:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Adobe
[2009/11/15 16:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft
[2009/11/15 16:05:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google
[2009/11/15 16:04:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Google
[2009/11/15 16:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Roxio
[2009/11/15 16:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2009/11/15 16:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Identities
[2009/11/15 16:03:56 | 00,014,184 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/15 08:09:06 | 00,000,000 | ---D | M] -- C:\Program Files\Glary Utilities
[2009/11/14 21:40:07 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/11/13 18:52:25 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/13 18:04:28 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/11/13 18:02:05 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/13 13:30:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/12 23:00:38 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/12 23:00:38 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/12 23:00:19 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/11/12 23:00:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/12 23:00:11 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files\Microsoft Shared
[2009/11/10 21:57:12 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/10 21:57:09 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/10 21:51:52 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/10 21:51:48 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/10 21:51:32 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/11/10 21:51:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2007/07/10 22:02:32 | 00,001,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sowdp88.dat
[2007/05/08 03:42:21 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/05/08 03:42:21 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Admin\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< End of report >
[2009/11/17 17:34:50 | 45,353,170 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/17 17:34:26 | 00,095,123 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/17 17:33:51 | 01,048,576 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2009/11/17 17:31:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/17 17:29:40 | 00,002,291 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA511 Smart Wizard Utility.lnk
[2009/11/17 17:29:39 | 00,087,960 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/17 17:24:14 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/11/17 17:24:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/17 17:23:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/17 17:23:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/17 17:22:07 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2009/11/16 18:20:18 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tepafine
[2009/11/16 18:11:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/11/15 23:41:00 | 03,768,684 | -H-- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db
[2009/11/15 19:50:00 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/11/15 19:49:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/11/15 19:48:32 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/15 16:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Macromedia
[2009/11/15 16:05:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Admin\Application Data\Microsoft
[2009/11/15 16:05:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Adobe
[2009/11/15 16:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft
[2009/11/15 16:05:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google
[2009/11/15 16:04:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Google
[2009/11/15 16:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Roxio
[2009/11/15 16:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2009/11/15 16:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Identities
[2009/11/15 16:03:56 | 00,014,184 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/15 08:09:06 | 00,000,000 | ---D | M] -- C:\Program Files\Glary Utilities
[2009/11/14 21:40:07 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/11/13 18:52:25 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/13 18:04:28 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/11/13 18:02:05 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/13 13:30:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/12 23:00:38 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/12 23:00:38 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/12 23:00:38 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/12 23:00:32 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/12 23:00:31 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/12 23:00:31 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/12 23:00:28 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/12 23:00:28 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/12 23:00:19 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/11/12 23:00:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/12 23:00:11 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files\Microsoft Shared
[2009/11/10 21:57:12 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/10 21:57:09 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/10 21:51:52 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/10 21:51:48 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/10 21:51:32 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/11/10 21:51:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/11/01 08:27:05 | 00,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 08:27:05 | 00,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 08:27:04 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/22 01:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 01:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2007/07/10 22:02:32 | 00,001,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sowdp88.dat
[2007/05/08 03:42:21 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/05/08 03:42:21 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Admin\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

========== Files - Modified Within 14 Days ==========

[2009/11/17 17:34:50 | 45,353,170 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/17 17:34:26 | 00,095,123 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/17 17:33:51 | 01,048,576 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2009/11/17 17:31:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/17 17:29:40 | 00,002,291 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA511 Smart Wizard Utility.lnk
[2009/11/17 17:29:39 | 00,087,960 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/17 17:24:14 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/11/17 17:24:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/17 17:23:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/17 17:23:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/17 17:22:07 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2009/11/16 18:20:18 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tepafine
[2009/11/15 23:41:00 | 03,768,684 | -H-- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db
[2009/11/15 19:48:32 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/15 16:03:56 | 00,014,184 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/13 18:02:05 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/12 23:00:38 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/12 23:00:38 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/12 23:00:38 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/12 23:00:32 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/12 23:00:31 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/12 23:00:31 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/12 23:00:28 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/12 23:00:28 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/10 21:57:12 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/10 21:57:09 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/10 21:51:48 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/01 08:27:05 | 00,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 08:27:05 | 00,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 08:27:04 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/22 01:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 01:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

< End of report >









Malwarebytes' Anti-Malware 1.41
Database version: 3192
Windows 5.1.2600 Service Pack 3

11/17/2009 6:32:07 PM
mbam-log-2009-11-17 (18-32-07).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 175651
Time elapsed: 39 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\megetevaj (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{C25168CC-F1F1-458E-B766-394DBD7384AF}\RP607\A0059797.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C25168CC-F1F1-458E-B766-394DBD7384AF}\RP607\A0059798.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C25168CC-F1F1-458E-B766-394DBD7384AF}\RP607\A0059799.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C25168CC-F1F1-458E-B766-394DBD7384AF}\RP607\A0059800.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C25168CC-F1F1-458E-B766-394DBD7384AF}\RP607\A0059801.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C25168CC-F1F1-458E-B766-394DBD7384AF}\RP610\A0061942.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C25168CC-F1F1-458E-B766-394DBD7384AF}\RP610\A0061943.dll (Trojan.Vundo) -> Quarantined and deleted successfully.



Thank You Jason.

Edited by jgnowuckenfurries, 17 November 2009 - 09:39 PM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:24 PM

Posted 18 November 2009 - 08:56 AM

Do you still get that error when you reboot now?

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 jgnowuckenfurries

jgnowuckenfurries
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 18 November 2009 - 09:21 AM

Good Morning.

It is not giving that error anymore. AVG is detecting many instances of Vundo.I*

Malware Bytes is not detecting anything now and adware is not constantly coming up. Overall the performance seems to be better, but the trojan doesn't know where it's not welcome.

Thanks Jason.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:24 PM

Posted 18 November 2009 - 05:31 PM

I'm willing to bet that AVG is just picking up on quarantined files or maybe files in system restore. Can you post the log from AVG so I can see exactly what it's detecting?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 jgnowuckenfurries

jgnowuckenfurries
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 19 November 2009 - 09:17 AM

Hi, I emptied the quarantine in both Malware bytes and AVG and disabled system restore and then rerun an AVG scan. It didn't pick up much but did pickup this one:



AVG

"Scan ""Scheduled scan"" was finished."
"Infections";"6";"6";"0"
"Warnings";"102";"102";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Wednesday, November 18, 2009, 12:00:00 PM"
"Scan finished:";"Wednesday, November 18, 2009, 1:25:03 PM (1 hour(s) 25 minute(s) 3 second(s))"
"Total object scanned:";"371786"
"User who launched the scan:";"SYSTEM"

"Infections"
"File";"Infection";"Result"
"C:\System Volume Information\_restore{C25168CC-F1F1-458E-B766-394DBD7384AF}\RP611\A0063044.dll";"Trojan horse Vundo.IM";"Moved to Virus Vault"
"C:\System Volume Information\_restore{C25168CC-F1F1-458E-B766-394DBD7384AF}\RP611\A0063043.dll";"Trojan horse Vundo.IM";"Moved to Virus Vault"
"C:\System Volume Information\_restore{C25168CC-F1F1-458E-B766-394DBD7384AF}\RP611\A0063042.dll";"Trojan horse Vundo.IM";"Moved to Virus Vault"
"C:\System Volume Information\_restore{C25168CC-F1F1-458E-B766-394DBD7384AF}\RP611\A0063041.dll";"Trojan horse Vundo.IM";"Moved to Virus Vault"
"C:\System Volume Information\_restore{C25168CC-F1F1-458E-B766-394DBD7384AF}\RP611\A0063040.dll";"Trojan horse Vundo.IM";"Moved to Virus Vault"
"C:\System Volume Information\_restore{C25168CC-F1F1-458E-B766-394DBD7384AF}\RP611\A0063039.dll";"Trojan horse Vundo.IM";"Moved to Virus Vault"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.9890547d";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt";"Found Tracking cookie.Revsci";"Healed"
"C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Healed"
"C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Healed"
"C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt:\trafficmp.com.4570c3ec";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt";"Found Tracking cookie.Trafficmp";"Healed"
"C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt:\realmedia.com.ef906bac";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt:\realmedia.com.dc841856";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt:\realmedia.com.bf4a1fa7";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt:\realmedia.com.a2b49f1a";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt:\realmedia.com.9514c147";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt:\realmedia.com.855b46d";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt:\realmedia.com.752f13c3";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt:\realmedia.com.6b2e2a72";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt:\realmedia.com.3fbf2688";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt";"Found Tracking cookie.Realmedia";"Healed"
"C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt";"Found Tracking cookie.Questionmarket";"Healed"
"C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Healed"
"C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Healed"
"C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt";"Found Tracking cookie.Doubleclick";"Healed"
"C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Healed"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Healed"
"C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt:\247realmedia.com.125a868c";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt";"Found Tracking cookie.247realmedia";"Healed"
"C:\Documents and Settings\Admin\Cookies\admin@tribalfusion[2].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@tribalfusion[2].txt";"Found Tracking cookie.Tribalfusion";"Healed"
"C:\Documents and Settings\Admin\Cookies\admin@trafficmp[1].txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@trafficmp[1].txt:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@trafficmp[1].txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@trafficmp[1].txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@trafficmp[1].txt:\trafficmp.com.883dbaf5";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@trafficmp[1].txt:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@trafficmp[1].txt:\trafficmp.com.361d37e5";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@trafficmp[1].txt";"Found Tracking cookie.Trafficmp";"Healed"
"C:\Documents and Settings\Admin\Cookies\admin@serving-sys[1].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@serving-sys[1].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@serving-sys[1].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@serving-sys[1].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@serving-sys[1].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@serving-sys[1].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Healed"
"C:\Documents and Settings\Admin\Cookies\admin@realmedia[2].txt:\realmedia.com.ef906bac";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@realmedia[2].txt:\realmedia.com.855b46d";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@realmedia[2].txt";"Found Tracking cookie.Realmedia";"Healed"
"C:\Documents and Settings\Admin\Cookies\admin@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Healed"
"C:\Documents and Settings\Admin\Cookies\admin@mediaplex[2].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@mediaplex[2].txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@mediaplex[2].txt";"Found Tracking cookie.Mediaplex";"Healed"
"C:\Documents and Settings\Admin\Cookies\admin@fastclick[2].txt:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@fastclick[2].txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@fastclick[2].txt:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@fastclick[2].txt:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@fastclick[2].txt";"Found Tracking cookie.Fastclick";"Healed"
"C:\Documents and Settings\Admin\Cookies\admin@doubleclick[2].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@doubleclick[2].txt:\doubleclick.net.1d39bd48";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@doubleclick[2].txt";"Found Tracking cookie.Doubleclick";"Healed"
"C:\Documents and Settings\Admin\Cookies\admin@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@bs.serving-sys[2].txt";"Found Tracking cookie.Serving-sys";"Healed"
"C:\Documents and Settings\Admin\Cookies\admin@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@atdmt[1].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Healed"
"C:\Documents and Settings\Admin\Cookies\admin@advertising[2].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@advertising[2].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@advertising[2].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@advertising[2].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@advertising[2].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@advertising[2].txt";"Found Tracking cookie.Advertising";"Healed"
"C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Healed"
"C:\Documents and Settings\Admin\Cookies\admin@247realmedia[1].txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@247realmedia[1].txt";"Found Tracking cookie.247realmedia";"Healed"





AVG After Clean


"Scan ""Scan whole computer"" was finished."
"Infections";"1";"1";"0"
"Warnings";"2";"2";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Wednesday, November 18, 2009, 6:18:01 PM"
"Scan finished:";"Wednesday, November 18, 2009, 7:41:59 PM (1 hour(s) 23 minute(s) 57 second(s))"
"Total object scanned:";"368871"
"User who launched the scan:";"Admin"

"Infections"
"File";"Infection";"Result"
"C:\_OTL\MovedFiles\11172009_171946\C_WINDOWS\system32\jigefuwi.dll";"Trojan horse Generic15.BHIL";"Moved to Virus Vault"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Admin\Cookies\admin@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\Admin\Cookies\admin@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Healed"

Thank You.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:24 PM

Posted 19 November 2009 - 07:10 PM

Just quarantined items and cookies, which you're always going to have anytime your browse the net. From what I can see I'd say your good to go.

It's time to clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :(
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users