Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help with a virus/spyware; I have post HiJackThis log.


  • This topic is locked This topic is locked
13 replies to this topic

#1 Jason60288

Jason60288

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 26 December 2009 - 12:33 AM

Hello,
I have run SpyBot S&D and it comes up with some threats titled virtumonde and win32.agent.pz. Every time I run Spybot it tells me to reboot and it will run again on restart to re-scan. I have done this 3 times and I'm still having problems. Also, I don't know if it is relavent or not, but each time my computer starts up I get a message saying it windows couldn't find "Logon.exe". I have run HiJackThis and this is the corrosponding log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:18 PM, on 12/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {c60eeda0-5d94-440a-9614-9f9027133e99} - sutuyape.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [lezejezin] Rundll32.exe "c:\windows\system32\huginoke.dll",a
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-21-2291239907-3609024981-2430390567-1007 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'postgres')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Jason\Start Menu\Programs\UB\UB.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Jason\Start Menu\Programs\UB\UB.lnk (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O15 - Trusted Zone: http://*.cinemanow.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ystem32\ c:\windows\system32\wogidiji.dll c:\windows\system32\ c:\windows\system32\ c:\windows\system32\huginoke.dll,fikomake.dll c:\windows\system32\piseraho.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: lefekodav - {6b9e6f13-b777-46e9-b008-cd244c0a56a8} - (no file)
O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
O21 - SSODL: yohivobaw - {f332a094-d8dd-472c-9e03-40b376aa46f3} - c:\windows\system32\huginoke.dll
O22 - SharedTaskScheduler: mujuzedij - {6b9e6f13-b777-46e9-b008-cd244c0a56a8} - (no file)
O22 - SharedTaskScheduler: jugezatag - {f332a094-d8dd-472c-9e03-40b376aa46f3} - c:\windows\system32\huginoke.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: B-Service - Unknown owner - C:\Documents and Settings\Jason\Application Data\Mikogo\B-Service.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

Please let me know if you can help me with my problem as soon as possible. Thank you.

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 26 December 2009 - 03:31 AM

Hello, my name is fenzodahl512 and welcome to the forum.. Please do the following....


Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..



NEXT


Please download OTL by OldTimer and save it to your desktop.

Under the Custom Scans/Fixes box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Don't change any setting... Just click on the Run Scan button.. Let it scan till finish..

Then a log will pop-up at your Desktop. Post the content of the log here



NEXT


We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Post me these logs in your next reply.. Post each log in separate post..

1. OTL
2. GMER

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Jason60288

Jason60288
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 26 December 2009 - 07:54 PM

Here is the OTL logfile that was generated:

OTL logfile created on: 12/26/2009 6:48:17 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.50 Gb Total Space | 43.48 Gb Free Space | 54.01% Space Free | Partition Type: NTFS
Drive D: | 11.62 Gb Total Space | 1.35 Gb Free Space | 11.63% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC110012138911
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/26 18:47:52 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
PRC - [2009/12/26 06:30:18 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/25 22:27:39 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/25 22:27:35 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/12/11 10:12:36 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/11 10:12:32 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/11 10:12:32 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/10 20:05:15 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/10 20:05:13 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/10 20:05:06 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/22 05:49:23 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
PRC - [2009/06/22 05:49:04 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/19 06:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 02:03:58 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008/04/13 18:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/06 17:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/06/19 12:33:12 | 00,163,840 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2006/06/16 23:22:46 | 00,794,713 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/05/18 17:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/05/03 23:58:26 | 00,458,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2006/03/22 14:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/03/22 14:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006/03/15 22:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2009/12/26 18:47:52 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
MOD - [2007/02/06 17:45:14 | 00,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/25 22:27:35 | 01,181,328 | ---- | M] (Lavasoft) [On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/17 12:42:12 | 00,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Documents and Settings\Jason\Application Data\Mikogo\B-Service.exe -- (B-Service)
SRV - [2009/11/10 20:05:06 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/08 20:09:30 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/20 11:28:10 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/06/22 05:49:23 | 00,117,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers)
SRV - [2009/06/22 05:49:04 | 00,004,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/09/19 02:03:58 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2007/02/06 17:47:12 | 00,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/06 17:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/06/12 14:27:28 | 00,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/18 17:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/07/25 15:25:18 | 00,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device)
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/12/02 07:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/13 18:49:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/11/10 20:05:46 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/10 20:05:40 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/10 20:05:39 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/06/22 05:48:44 | 00,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2009/06/17 10:56:16 | 00,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 00,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 10:55:34 | 00,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/05/08 08:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/02/06 17:45:04 | 00,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/06 17:44:36 | 01,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 17:42:40 | 01,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/02/03 12:32:34 | 00,041,504 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 12:27:27 | 00,938,272 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/02/03 12:27:15 | 00,014,240 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/06/16 22:40:56 | 00,193,120 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/06/02 09:02:36 | 00,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 14:05:02 | 00,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/28 11:12:00 | 00,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/04/21 11:06:24 | 01,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/04/20 10:03:20 | 00,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 10:02:40 | 00,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 10:02:36 | 00,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/04/11 04:35:18 | 00,163,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2006/03/22 14:47:06 | 01,166,972 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2006/03/15 22:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/02/15 05:57:46 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/12/22 11:02:22 | 00,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 14:28:32 | 00,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 12:08:00 | 00,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/13 03:07:12 | 00,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/19 15:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 15:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 15:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED F1 40 84 64 83 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: bejeweledblitz3cheat@thecybershadow.net:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/26 06:30:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/26 06:30:26 | 00,000,000 | ---D | M]

[2009/10/28 16:56:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions
[2009/12/26 01:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ei1am8tj.default\extensions
[2009/11/24 09:05:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ei1am8tj.default\extensions\bejeweledblitz3cheat@thecybershadow.net
[2009/12/26 01:48:21 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/30 11:28:50 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de680400}
[2008/06/27 04:57:01 | 00,126,976 | ---- | M] (Texthelp Systems Ltd) -- C:\Program Files\Mozilla Firefox\components\XPBrowsealoudPlugin.dll
[2007/03/02 07:17:24 | 00,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
[2007/01/17 05:18:04 | 00,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2007/07/02 09:42:20 | 00,103,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {c60eeda0-5d94-440a-9614-9f9027133e99} - File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Jason\Start Menu\Programs\StartUp\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (ystem32\ c:\windows\system32\wogidiji.dll c:\windows\system32\ c:\windows\system32\) - File not found
O20 - AppInit_DLLs: (fikomake.dll c:\windows\system32\) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: lefekodav - {6b9e6f13-b777-46e9-b008-cd244c0a56a8} - CLSID or File not found.
O22 - SharedTaskScheduler: {6b9e6f13-b777-46e9-b008-cd244c0a56a8} - mujuzedij - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/09/17 15:37:44 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54891125151891456)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/26 18:47:52 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2009/12/26 18:43:35 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/26 18:41:53 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Jason\Desktop\erunt-setup.exe
[2009/12/26 17:39:38 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2009/12/26 17:39:38 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/12/26 06:31:08 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/26 06:31:06 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/26 01:54:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/25 23:18:27 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/25 22:29:37 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/12/25 22:25:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/12/25 22:22:46 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Jason\Recent
[2009/12/25 15:56:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/12/19 14:13:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\DivX
[2009/12/19 14:12:25 | 01,628,920 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2009/12/19 14:12:25 | 00,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2009/12/19 14:12:25 | 00,120,056 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2009/12/19 14:12:25 | 00,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2009/12/19 14:12:25 | 00,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2009/12/19 14:12:25 | 00,066,296 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2009/12/19 14:12:25 | 00,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2009/12/19 14:12:25 | 00,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2009/12/19 14:12:25 | 00,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2009/12/19 01:29:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Graboid_Inc
[2009/12/19 01:29:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\MozillaControl
[2009/12/19 01:29:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Graboid
[2009/12/19 01:25:40 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2009/12/17 17:30:42 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2009/12/17 17:30:39 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2009/12/17 17:30:34 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2009/12/17 17:30:34 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2009/12/17 17:30:34 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2009/12/17 17:30:32 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2009/12/17 17:30:30 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2009/12/17 17:30:29 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2009/12/17 17:30:26 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2009/12/17 17:30:20 | 00,014,240 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lv302af.sys
[2009/12/17 17:30:19 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2009/12/17 17:30:19 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/12/17 17:30:09 | 00,527,136 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2RC.dll
[2009/12/17 17:30:09 | 00,264,992 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcodec2.dll
[2009/12/17 17:30:09 | 00,215,840 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2.dll
[2009/12/17 17:30:09 | 00,129,824 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci1051.dll
[2009/12/17 17:30:09 | 00,041,504 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2009/12/17 17:30:08 | 00,938,272 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LV302V32.SYS
[2009/12/17 17:30:08 | 00,348,160 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System\msvcr71.dll
[2009/12/17 17:30:06 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/12/17 17:30:06 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2009/12/17 17:30:06 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/12/17 17:30:06 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2009/12/17 17:30:06 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2009/12/17 17:30:06 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2009/12/17 17:30:06 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/12/17 17:30:06 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2009/12/17 13:08:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\Malwarebytes
[2009/12/17 12:29:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\skypePM
[2009/12/17 12:27:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\Mikogo
[2009/12/17 12:27:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\Mikogo
[2009/12/17 12:24:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\Skype
[2009/12/17 12:24:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/12/17 12:24:14 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/12/15 22:12:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\My Documents\Final Tables HHs
[2009/12/15 21:45:11 | 00,045,056 | ---- | C] (Stardust Software) -- C:\WINDOWS\System32\sstunst3.exe
[2009/12/13 13:15:55 | 00,000,000 | ---D | C] -- C:\Program Files\UB
[2009/12/13 13:15:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\UB
[2009/12/07 20:46:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\Uniblue
[2009/12/07 20:46:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/12/07 20:27:46 | 00,000,000 | ---D | C] -- C:\ATI
[2009/11/27 05:47:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\vghd
[2009/11/21 13:08:11 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
[2009/11/21 13:08:11 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll
[2009/11/21 13:08:11 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
[2009/11/21 13:08:11 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
[2009/11/21 13:08:11 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
[2009/11/21 13:08:11 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
[2009/11/21 13:08:10 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
[2009/11/10 20:03:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/10 20:03:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/10 20:03:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/10 20:03:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/06/22 08:06:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\IsolatedStorage
[2008/06/20 16:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2008/03/01 11:47:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/08/26 15:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2007/08/26 15:43:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
[2007/04/13 17:55:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2007/04/13 17:54:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2005/09/24 09:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/26 18:47:52 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2009/12/26 18:47:10 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Jason\Start Menu\Programs\StartUp\ERUNT AutoBackup.lnk
[2009/12/26 18:47:08 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\NTREGOPT.lnk
[2009/12/26 18:47:08 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\ERUNT.lnk
[2009/12/26 18:42:19 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/26 18:42:19 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2009/12/26 18:42:19 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2009/12/26 18:42:19 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2009/12/26 18:42:19 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2009/12/26 18:41:53 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Jason\Desktop\erunt-setup.exe
[2009/12/26 18:41:32 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\The_Comedian.exe
[2009/12/26 18:26:53 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/26 18:01:00 | 00,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/12/26 17:55:59 | 47,100,714 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/26 17:14:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/26 17:14:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/26 17:13:58 | 21,370,51136 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/26 17:12:35 | 04,718,592 | -H-- | M] () -- C:\Documents and Settings\Jason\NTUSER.DAT
[2009/12/26 17:12:35 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Jason\ntuser.ini
[2009/12/26 08:32:40 | 00,127,917 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/26 06:31:11 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/26 06:24:15 | 00,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ghyxt.sys
[2009/12/26 06:16:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2009/12/26 05:56:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2009/12/26 05:36:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2009/12/26 05:16:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2009/12/26 04:56:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2009/12/26 04:36:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2009/12/26 04:16:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2009/12/26 03:56:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2009/12/26 03:36:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2009/12/26 03:16:41 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2009/12/26 02:56:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2009/12/26 02:36:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/12/26 02:16:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/12/26 01:56:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/12/25 23:18:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\HijackThis.lnk
[2009/12/25 22:25:42 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/12/25 21:44:51 | 00,000,315 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/12/25 16:18:33 | 00,049,043 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\n1306820_31301682_9526.jpg
[2009/12/25 15:16:51 | 00,159,152 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\52406920.jpg
[2009/12/24 18:35:22 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\Goals for 2010.doc
[2009/12/24 18:14:47 | 00,214,147 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\52118511.jpg
[2009/12/24 15:48:08 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/24 13:09:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/22 22:45:47 | 00,001,812 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\SitNGo Wizard.lnk
[2009/12/21 21:50:13 | 00,222,558 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\4054288884_31c21b90e0.jpg
[2009/12/21 21:49:58 | 00,101,759 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\4053596061_92cf198134.jpg
[2009/12/21 21:49:52 | 00,087,412 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\4054338442_d51af56874.jpg
[2009/12/21 21:49:41 | 00,162,594 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\3292015780_21249e1775.jpg
[2009/12/21 21:34:31 | 00,351,054 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\fav.bmp
[2009/12/21 17:25:24 | 00,108,530 | ---- | M] () -- C:\Documents and Settings\Jason\My Documents\Example of the problem.jpg
[2009/12/18 00:10:52 | 00,000,650 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\PokerStove.lnk
[2009/12/17 12:55:24 | 00,000,007 | ---- | M] () -- C:\WINDOWS\sbacknt.bin
[2009/12/17 12:29:24 | 00,000,048 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/17 12:27:13 | 00,001,891 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\Mikogo.lnk
[2009/12/17 12:24:18 | 00,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/12/15 21:45:11 | 00,045,056 | ---- | M] (Stardust Software) -- C:\WINDOWS\System32\sstunst3.exe
[2009/12/14 21:16:09 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\Internet.lnk
[2009/12/13 13:23:55 | 00,000,644 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\UB.lnk
[2009/12/08 15:20:54 | 00,485,370 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/08 15:20:54 | 00,412,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/08 15:20:54 | 00,065,186 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/02 14:48:37 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/02 14:48:37 | 00,000,256 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/02 14:48:37 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/12/02 12:12:57 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\CCleaner.lnk
[2009/12/02 07:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/12/02 07:19:04 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/28 13:40:56 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/27 09:17:11 | 00,152,904 | ---- | M] () -- C:\WINDOWS\System32\vghd.scr
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/26 18:47:08 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\NTREGOPT.lnk
[2009/12/26 18:47:08 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\ERUNT.lnk
[2009/12/26 18:43:41 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Jason\Start Menu\Programs\StartUp\ERUNT AutoBackup.lnk
[2009/12/26 18:41:28 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\The_Comedian.exe
[2009/12/26 09:46:34 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/12/26 06:31:11 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/26 06:24:15 | 00,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ghyxt.sys
[2009/12/26 06:16:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2009/12/26 05:56:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2009/12/26 05:36:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2009/12/26 05:16:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2009/12/26 04:56:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2009/12/26 04:36:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2009/12/26 04:16:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2009/12/26 03:56:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2009/12/26 03:36:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2009/12/26 03:16:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/12/26 02:56:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/12/26 02:36:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/12/26 02:16:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/12/26 01:56:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/12/25 23:18:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\HijackThis.lnk
[2009/12/25 22:30:07 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/25 22:30:07 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2009/12/25 22:30:07 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2009/12/25 22:30:07 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2009/12/25 22:30:06 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2009/12/25 22:25:42 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/12/25 16:18:33 | 00,049,043 | ---- | C] () -- C:\Documents and Settings\Jason\My Documents\n1306820_31301682_9526.jpg
[2009/12/25 15:16:51 | 00,159,152 | ---- | C] () -- C:\Documents and Settings\Jason\My Documents\52406920.jpg
[2009/12/24 18:14:45 | 00,214,147 | ---- | C] () -- C:\Documents and Settings\Jason\My Documents\52118511.jpg
[2009/12/21 21:50:13 | 00,222,558 | ---- | C] () -- C:\Documents and Settings\Jason\My Documents\4054288884_31c21b90e0.jpg
[2009/12/21 21:49:58 | 00,101,759 | ---- | C] () -- C:\Documents and Settings\Jason\My Documents\4053596061_92cf198134.jpg
[2009/12/21 21:49:52 | 00,087,412 | ---- | C] () -- C:\Documents and Settings\Jason\My Documents\4054338442_d51af56874.jpg
[2009/12/21 21:49:41 | 00,162,594 | ---- | C] () -- C:\Documents and Settings\Jason\My Documents\3292015780_21249e1775.jpg
[2009/12/21 21:34:31 | 00,351,054 | ---- | C] () -- C:\Documents and Settings\Jason\My Documents\fav.bmp
[2009/12/21 17:25:23 | 00,108,530 | ---- | C] () -- C:\Documents and Settings\Jason\My Documents\Example of the problem.jpg
[2009/12/18 00:10:52 | 00,000,650 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\PokerStove.lnk
[2009/12/17 17:30:09 | 00,050,127 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/12/17 17:30:09 | 00,013,398 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg
[2009/12/17 12:29:24 | 00,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/17 12:27:13 | 00,001,891 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\Mikogo.lnk
[2009/12/17 12:24:18 | 00,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/12/14 21:16:09 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\Internet.lnk
[2009/12/13 13:23:55 | 00,000,644 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\UB.lnk
[2009/12/01 14:15:03 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Jason\My Documents\Goals for 2010.doc
[2009/11/27 05:47:10 | 00,152,904 | ---- | C] () -- C:\WINDOWS\System32\vghd.scr
[2009/11/21 13:08:11 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2009/11/11 03:13:09 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\FnF4.txt
[2009/10/13 22:53:42 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/08 03:05:31 | 00,000,199 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2009/09/30 11:52:43 | 00,004,985 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
[2009/09/17 15:59:57 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/17 15:53:33 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\fusioncache.dat
[2009/09/17 15:53:33 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DSwitch.txt
[2009/09/17 15:53:33 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\AtStart.txt
[2009/09/17 15:53:31 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\QSwitch.txt
[2009/05/31 20:45:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2008/11/13 01:58:36 | 00,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2008/03/06 13:16:54 | 00,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/02/11 22:30:23 | 00,000,145 | ---- | C] () -- C:\WINDOWS\StarryNight.ini
[2008/01/02 02:31:28 | 00,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/25 13:47:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/06/12 00:06:50 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/08 20:54:03 | 03,655,608 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe
[2007/03/08 00:54:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/02/06 17:45:04 | 00,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 17:42:40 | 01,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006/12/26 13:54:28 | 00,032,768 | ---- | C] () -- C:\WINDOWS\DIV_IYUV.DLL
[2006/12/26 13:54:27 | 00,036,864 | ---- | C] () -- C:\WINDOWS\JPGL.DLL
[2006/12/26 13:54:26 | 00,015,542 | ---- | C] () -- C:\WINDOWS\cccp106.ini
[2006/12/26 13:54:26 | 00,000,321 | ---- | C] () -- C:\WINDOWS\DC2110a.ini
[2006/08/09 06:42:15 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/09 06:38:20 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/09 06:25:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/09 06:15:11 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/29 13:18:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 12:49:18 | 00,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/29 12:46:56 | 00,000,315 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 12:43:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/04 01:07:34 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/06 12:06:32 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 14:24:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 08:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/03/15 22:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/13 03:07:12 | 00,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SWSetup\HDD\iastor.sys
[2005/10/13 03:07:12 | 00,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/15 22:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/03/15 22:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C05A8628
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5E4BCD5
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0766416E
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 26 December 2009 - 08:42 PM

waiting for GMER result :(

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Jason60288

Jason60288
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 26 December 2009 - 11:04 PM

Sorry for the delay, I started the GMER scan right after my last post. I didn't realize it would take nearly this long. Here is the GMER logfile:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-26 22:02:37
Windows 5.1.2600 Service Pack 3
Running: qwr2w6wv.exe; Driver: C:\DOCUME~1\Jason\LOCALS~1\Temp\awtyrkoc.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF74F787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF74F7BFE]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003A2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003A2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003A2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003A2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Jason\Desktop\qwr2w6wv.exe[384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Jason\Desktop\qwr2w6wv.exe[384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Jason\Desktop\qwr2w6wv.exe[384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Jason\Desktop\qwr2w6wv.exe[384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01EC2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01EC2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01EC2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01EC2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [041F2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [041F2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [041F2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [041F2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\NOTEPAD.EXE[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\NOTEPAD.EXE[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\NOTEPAD.EXE[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\NOTEPAD.EXE[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008F2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008F2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008F2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008F2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[3312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[3312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[3312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[3312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[3512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009A2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[3512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009A2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[3512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009A2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[3512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009A2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AE2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AE2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AE2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AE2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Jason\Local Settings\Application Data\Apple Computer\Safari\History\_eoh.cfs 34203 bytes
File C:\Documents and Settings\Jason\Local Settings\Application Data\Apple Computer\Safari\Webpage Previews\E19C6C6C1D7763EFC6297AE11A2259B3.jpeg 106949 bytes
File C:\Documents and Settings\Jason\Local Settings\Application Data\Apple Computer\Safari\Webpage Previews\E19C6C6C1D7763EFC6297AE11A2259B3.png 622042 bytes

---- EOF - GMER 1.0.15 ----

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 27 December 2009 - 12:04 AM

OTL Fix step

Open OTL then do below..

Copy/paste the following into the Costum Scans/Fixes box and then click on Run Fix button.

:processes
explorer.exe

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {c60eeda0-5d94-440a-9614-9f9027133e99} - File not found
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O20 - AppInit_DLLs: (ystem32\ c:\windows\system32\wogidiji.dll c:\windows\system32\ c:\windows\system32\) - File not found
O20 - AppInit_DLLs: (fikomake.dll c:\windows\system32\) - File not found
O21 - SSODL: lefekodav - {6b9e6f13-b777-46e9-b008-cd244c0a56a8} - CLSID or File not found.
O22 - SharedTaskScheduler: {6b9e6f13-b777-46e9-b008-cd244c0a56a8} - mujuzedij - Reg Error: Key error. File not found
[2009/12/26 06:24:15 | 00,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ghyxt.sys
[2009/12/26 06:16:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2009/12/26 05:56:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2009/12/26 05:36:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2009/12/26 05:16:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2009/12/26 04:56:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2009/12/26 04:36:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2009/12/26 04:16:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2009/12/26 03:56:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2009/12/26 03:36:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2009/12/26 03:16:41 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2009/12/26 02:56:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2009/12/26 02:36:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/12/26 02:16:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/12/26 01:56:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/12/26 06:24:15 | 00,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ghyxt.sys
[2009/12/26 06:16:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2009/12/26 05:56:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2009/12/26 05:36:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2009/12/26 05:16:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2009/12/26 04:56:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2009/12/26 04:36:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2009/12/26 04:16:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2009/12/26 03:56:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2009/12/26 03:36:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2009/12/26 03:16:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/12/26 02:56:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/12/26 02:36:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/12/26 02:16:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/12/26 01:56:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C05A8628
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5E4BCD5
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0766416E
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Let it run the fix. A log will then pop-up to your screen after the fix finish.. If it needs a reboot, just let it.. Post that log in your next reply...




Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Jason60288

Jason60288
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 27 December 2009 - 12:36 AM

Here is the Logfile generated after the OTL fix:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c60eeda0-5d94-440a-9614-9f9027133e99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c60eeda0-5d94-440a-9614-9f9027133e99}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:ystem32\ c:\windows\system32\wogidiji.dll c:\windows\system32\ c:\windows\system32\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:fikomake.dll c:\windows\system32\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\lefekodav deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b9e6f13-b777-46e9-b008-cd244c0a56a8}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{6b9e6f13-b777-46e9-b008-cd244c0a56a8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b9e6f13-b777-46e9-b008-cd244c0a56a8}\ not found.
C:\WINDOWS\system32\drivers\ghyxt.sys moved successfully.
C:\WINDOWS\system32\9961.exe moved successfully.
C:\WINDOWS\system32\16827.exe moved successfully.
C:\WINDOWS\system32\23281.exe moved successfully.
C:\WINDOWS\system32\28145.exe moved successfully.
C:\WINDOWS\system32\5705.exe moved successfully.
C:\WINDOWS\system32\24464.exe moved successfully.
C:\WINDOWS\system32\26962.exe moved successfully.
C:\WINDOWS\system32\29358.exe moved successfully.
C:\WINDOWS\system32\11478.exe moved successfully.
C:\WINDOWS\system32\15724.exe moved successfully.
C:\WINDOWS\system32\19169.exe moved successfully.
C:\WINDOWS\system32\26500.exe moved successfully.
C:\WINDOWS\system32\6334.exe moved successfully.
C:\WINDOWS\system32\18467.exe moved successfully.
File C:\WINDOWS\System32\drivers\ghyxt.sys not found.
File C:\WINDOWS\System32\9961.exe not found.
File C:\WINDOWS\System32\16827.exe not found.
File C:\WINDOWS\System32\23281.exe not found.
File C:\WINDOWS\System32\28145.exe not found.
File C:\WINDOWS\System32\5705.exe not found.
File C:\WINDOWS\System32\24464.exe not found.
File C:\WINDOWS\System32\26962.exe not found.
File C:\WINDOWS\System32\29358.exe not found.
File C:\WINDOWS\System32\11478.exe not found.
File C:\WINDOWS\System32\15724.exe not found.
File C:\WINDOWS\System32\19169.exe not found.
File C:\WINDOWS\System32\26500.exe not found.
File C:\WINDOWS\System32\6334.exe not found.
File C:\WINDOWS\System32\18467.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C05A8628 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F5E4BCD5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0766416E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 10907 bytes

User: holdemmanager
->Temp folder emptied: 0 bytes

User: Jason
->Temp folder emptied: 23921293 bytes
->Temporary Internet Files folder emptied: 515299 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45570183 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 797146429 bytes

User: Jason Taylor
->Temp folder emptied: 34305447 bytes
->Temporary Internet Files folder emptied: 89690089 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 31980182 bytes
->Apple Safari cache emptied: 303040999 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 634545 bytes
->FireFox cache emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes

User: postgres.PC110012138911
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2000211 bytes
%systemroot%\System32 .tmp files removed: 6372881 bytes
Windows Temp folder emptied: 437216 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23800316 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 273298 bytes
RecycleBin emptied: 1770878 bytes

Total Files Cleaned = 1,299.00 mb


OTL by OldTimer - Version 3.1.20.1 log created on 12262009_232841

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#8 Jason60288

Jason60288
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 27 December 2009 - 12:57 AM

Here is the ComboFix Logfile:

ComboFix 09-12-26.02 - Jason 12/26/2009 23:42:39.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1337 [GMT -6:00]
Running from: c:\documents and settings\Jason\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jason\Start Menu\Internet Security 2010.lnk
c:\recycler\S-1-5-21-1906455254-3870406977-1010873520-1005
c:\windows\kb913800.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-27 05:28 . 2009-12-27 05:28 -------- d-----w- C:\_OTL
2009-12-27 00:43 . 2009-12-27 00:47 -------- d-----w- c:\program files\ERUNT
2009-12-26 23:39 . 2009-12-26 23:39 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-26 23:39 . 2009-12-26 23:39 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-26 15:46 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-26 12:31 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 12:31 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 07:54 . 2009-12-26 12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-26 05:18 . 2009-12-26 05:18 -------- d-----w- c:\program files\Trend Micro
2009-12-26 04:29 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-26 04:25 . 2009-12-26 04:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-25 21:33 . 2009-12-25 21:33 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-19 20:13 . 2009-12-19 20:51 -------- d-----w- c:\documents and settings\Jason\Application Data\DivX
2009-12-19 20:12 . 2009-11-14 00:49 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-12-19 20:12 . 2009-11-14 00:49 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-12-19 20:12 . 2009-11-14 00:49 129784 ------w- c:\windows\system32\pxafs.dll
2009-12-19 20:12 . 2009-11-14 00:49 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-12-19 20:12 . 2009-11-14 00:49 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-12-19 07:29 . 2009-12-19 07:29 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Graboid_Inc
2009-12-19 07:29 . 2009-12-19 07:29 -------- d-----w- c:\documents and settings\Jason\Application Data\MozillaControl
2009-12-19 07:29 . 2009-12-19 07:29 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Graboid
2009-12-19 07:25 . 2009-12-19 07:25 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-12-17 19:08 . 2009-12-17 19:08 -------- d-----w- c:\documents and settings\Jason\Application Data\Malwarebytes
2009-12-17 18:29 . 2009-12-26 23:14 -------- d-----w- c:\documents and settings\Jason\Application Data\skypePM
2009-12-17 18:29 . 2009-12-17 18:29 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-17 18:27 . 2009-12-17 18:42 -------- d-----w- c:\documents and settings\Jason\Application Data\Mikogo
2009-12-17 18:24 . 2009-12-27 05:50 -------- d-----w- c:\documents and settings\Jason\Application Data\Skype
2009-12-17 18:24 . 2009-12-17 18:24 -------- d-----w- c:\program files\Common Files\Skype
2009-12-17 18:24 . 2009-12-17 18:24 -------- d-----r- c:\program files\Skype
2009-12-16 03:45 . 2009-12-16 03:45 45056 ----a-w- c:\windows\system32\sstunst3.exe
2009-12-13 19:15 . 2009-12-13 19:51 -------- d-----w- c:\program files\UB
2009-12-13 19:15 . 2009-12-13 19:21 -------- d-----w- c:\documents and settings\Jason\Application Data\UB
2009-12-08 02:46 . 2009-12-08 05:36 -------- d-----w- c:\documents and settings\Jason\Application Data\Uniblue
2009-12-08 02:46 . 2009-12-08 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-12-08 02:27 . 2009-12-08 02:27 -------- d-----w- C:\ATI
2009-11-27 11:47 . 2009-11-27 15:17 152904 ----a-w- c:\windows\system32\vghd.scr
2009-11-27 11:47 . 2009-11-27 15:17 -------- d-----w- c:\documents and settings\Jason\Application Data\vghd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 05:28 . 2007-11-18 03:52 -------- d-----w- c:\program files\Full Tilt Poker
2009-12-27 05:28 . 2008-01-20 05:41 -------- d-----w- c:\program files\PokerStars
2009-12-26 04:43 . 2007-04-03 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 04:29 . 2009-12-26 04:29 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-12-26 04:29 . 2009-12-26 04:29 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-12-26 04:29 . 2009-12-26 04:29 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-12-26 04:29 . 2009-12-26 04:29 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\aawapi.dll
2009-12-26 04:29 . 2009-12-26 04:29 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-12-26 04:29 . 2009-12-26 04:29 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Savapibridge.dll
2009-12-26 04:28 . 2009-12-26 04:28 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-12-26 04:27 . 2009-12-26 04:27 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-12-26 04:27 . 2009-12-26 04:27 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-12-26 04:27 . 2009-12-26 04:27 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-12-26 04:27 . 2009-12-26 04:27 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-12-26 04:27 . 2009-12-26 04:27 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-12-26 04:27 . 2009-12-26 04:27 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-12-24 20:34 . 2009-10-08 06:36 -------- d-----w- c:\documents and settings\Jason\Application Data\BitTorrent
2009-12-23 01:11 . 2007-01-12 05:55 -------- d-----w- c:\program files\Lx_cats
2009-12-19 20:12 . 2006-08-09 12:41 -------- d-----w- c:\program files\DivX
2009-12-19 20:12 . 2009-03-13 02:33 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-19 07:33 . 2009-03-13 02:39 -------- d-----w- c:\program files\VideoLAN
2009-12-18 06:10 . 2009-02-20 13:13 -------- d-----w- c:\program files\PokerStove
2009-12-17 23:30 . 2009-10-24 16:11 -------- d-----w- c:\program files\Common Files\Logishrd
2009-12-17 23:28 . 2009-12-17 23:28 10134 ----a-r- c:\documents and settings\Jason\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-12-17 23:28 . 2009-12-17 23:28 10134 ----a-r- c:\documents and settings\Jason\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-12-17 23:28 . 2009-12-17 23:28 10134 ----a-r- c:\documents and settings\Jason\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-12-17 23:26 . 2009-10-24 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-12-17 23:26 . 2009-10-24 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-12-17 23:26 . 2009-10-24 16:11 -------- d-----w- c:\program files\Logitech
2009-12-17 18:55 . 2008-11-21 00:34 7 -c--a-w- c:\windows\sbacknt.bin
2009-12-17 18:42 . 2009-12-17 18:42 24576 ----a-w- c:\documents and settings\Jason\Application Data\Mikogo\B-Capture.exe
2009-12-17 18:42 . 2009-12-17 18:42 185640 ----a-w- c:\documents and settings\Jason\Application Data\Mikogo\B-Service.exe
2009-12-17 18:27 . 2009-12-17 18:27 1249280 ----a-w- c:\documents and settings\Jason\Application Data\Mikogo\SessionPlayer.exe
2009-12-17 18:27 . 2009-12-17 18:27 144688 ----a-w- c:\documents and settings\Jason\Application Data\Mikogo\remover.exe
2009-12-17 18:27 . 2009-12-17 18:27 2748416 ----a-w- c:\documents and settings\Jason\Application Data\Mikogo\Mikogo-Host.exe
2009-12-17 18:24 . 2009-03-01 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-13 19:23 . 2009-12-13 19:23 159744 ----a-w- c:\documents and settings\Jason\Application Data\UB\DownLoadInst\liveupdate.exe
2009-12-13 19:15 . 2008-02-10 21:15 -------- d-----w- c:\program files\_uninstallation_info
2009-12-07 14:10 . 2009-12-26 04:25 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-03 22:10 . 2009-11-02 17:45 -------- d-----w- c:\program files\TableNinja
2009-12-02 20:44 . 2009-09-03 13:55 -------- d-----w- c:\program files\vghd
2009-11-25 20:22 . 2007-01-12 05:54 -------- d-----w- c:\program files\Lexmark 2300 Series
2009-11-23 00:20 . 2008-09-28 20:12 -------- d-----w- c:\program files\QuickTime
2009-11-21 04:00 . 2009-11-21 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\CinemaNow
2009-11-18 17:39 . 2009-11-18 17:39 -------- d-----w- c:\documents and settings\Jason\Application Data\CyberLink
2009-11-16 08:55 . 2009-09-18 05:16 -------- d-----w- c:\documents and settings\Jason\Application Data\Apple Computer
2009-11-14 00:49 . 2005-04-25 17:03 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-13 07:07 . 2009-09-18 05:32 52656 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-13 06:11 . 2006-08-09 11:57 66248 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-13 06:07 . 2009-11-13 06:07 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-13 06:06 . 2008-03-02 17:01 -------- d-----w- c:\program files\Windows Live
2009-11-13 05:50 . 2009-11-13 05:50 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-11 05:19 . 2006-08-09 12:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-11 05:16 . 2009-11-11 05:16 -------- d-----w- c:\documents and settings\Jason\Application Data\VSRevoGroup
2009-11-11 04:55 . 2009-11-11 04:55 -------- d-----w- c:\program files\VS Revo Group
2009-11-11 02:05 . 2009-11-11 02:05 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-11 02:05 . 2009-11-11 02:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-11 02:05 . 2009-11-11 02:05 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-11 02:05 . 2009-11-11 02:05 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-11 02:05 . 2009-11-11 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-11 02:05 . 2008-11-11 20:33 -------- d-----w- c:\program files\AVG
2009-11-11 01:46 . 2006-08-09 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-09 11:21 . 2006-08-09 12:22 -------- d-----w- c:\program files\Microsoft Works
2009-11-06 20:04 . 2006-08-09 10:51 -------- d-----w- c:\program files\Java
2009-11-06 19:57 . 2009-11-06 19:57 152576 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-06 19:55 . 2009-11-06 19:55 79488 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-04 20:54 . 2009-09-30 17:51 -------- d-----w- c:\program files\PokerTracker 3
2009-11-04 02:31 . 2009-11-04 02:05 -------- d-----w- c:\documents and settings\Jason\Application Data\Symantec
2009-11-02 04:04 . 2009-11-02 04:04 -------- d-----w- c:\documents and settings\Jason\Application Data\HP
2009-10-29 07:45 . 2006-03-16 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-24 18:53 . 2009-10-24 18:53 29696 ----a-w- c:\windows\mickey32.dll
2009-10-24 18:53 . 2009-10-24 18:53 232784 ----a-w- c:\windows\Matrix Code.scr
2009-10-24 18:53 . 2009-10-24 18:53 2285222 ----a-w- c:\windows\Matrix Code.exe
2009-10-21 05:38 . 2006-03-16 04:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-03-16 04:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-16 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-03-16 04:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-03-16 04:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-03-16 04:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 10:17 . 2009-10-02 03:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-02 03:27 . 2009-10-02 03:27 152576 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2008-03-06 19:16 . 2008-03-06 19:16 0 -c--a-w- c:\program files\temp01
2007-06-09 02:55 . 2007-06-09 02:54 3655608 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-06-27 10:57 . 2008-09-30 05:04 126976 ----a-w- c:\program files\mozilla firefox\components\XPBrowsealoudPlugin.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-11 2033432]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]

c:\documents and settings\Jason\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-11 02:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^StartUp^DesktopVideoPlayer.LNK]
path=c:\documents and settings\Jason\Start Menu\Programs\StartUp\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-08-01 14:05 94208 -c--a-w- c:\program files\Lexmark 2300 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-02-08 07:12 488984 ----a-w- c:\program files\Common Files\Logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-02-08 07:13 774168 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCGCATS]
2005-07-20 19:48 73728 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\lxcgtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
2005-07-21 08:07 200704 ----a-w- c:\program files\Lexmark 2300 Series\lxcgmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
2009-06-25 18:36 177152 ----a-w- c:\windows\system32\mqrt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 02:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\PokerStars\\PokerStarsUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/25/2009 10:29 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/10/2009 8:05 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/10/2009 8:05 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/10/2009 8:05 PM 285392]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [10/24/2009 10:15 AM 10384]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 2:03 AM 65536]
S3 B-Service;B-Service;c:\documents and settings\Jason\Application Data\Mikogo\B-Service.exe [12/17/2009 12:42 PM 185640]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1181328]
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
Trusted Zone: cinemanow.com
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CinemaNowMediaManagerApp - c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
MSConfigStartUp-CTFMON - (no file)
MSConfigStartUp-kufomodono - variniti.dll
MSConfigStartUp-lezejezin - c:\windows\system32\mahogiwe.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 23:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???8P??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(6656)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-12-26 23:55:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-27 05:55

Pre-Run: 47,617,368,064 bytes free
Post-Run: 47,474,192,384 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 73005F7D17B8A5C4F837DB77C1D14678

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 27 December 2009 - 01:22 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
How's the computer now? :(

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 Jason60288

Jason60288
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 27 December 2009 - 03:37 AM

Here is the MBAM logfile:

Malwarebytes' Anti-Malware 1.42
Database version: 3437
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/27/2009 2:33:43 AM
mbam-log-2009-12-27 (02-33-43).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 270188
Time elapsed: 1 hour(s), 36 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




The computer seems a LOT better, thank you for your time in helping me. I really appreciate it. Also, thank you for getting me through this so quickly.

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 27 December 2009 - 03:40 AM

Glad to hear it.. Now waiting for the ESET result.. No need to hurry on this one.. Just run the scan when you're not using the computer.. If ESET scan looks good, we'll wrap this one :(

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 Jason60288

Jason60288
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 27 December 2009 - 06:43 AM

I couldn't figure out how to get the report for ESET, but it said "No Threats Found".

Thanks again for all your time and help. I really appreciate it.

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 27 December 2009 - 06:59 AM

That's good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :(



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 Jason60288

Jason60288
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 27 December 2009 - 07:21 AM

Everything seems to be back to normal as far as I can tell. Thanks again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users