Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google trouble, and redirecting issues


  • This topic is locked This topic is locked
14 replies to this topic

#1 toxickisses224

toxickisses224

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:08 PM

Posted 02 January 2010 - 12:57 PM

Hello, to start off Id like to say I just recently got rid of a very nasty virus from a pop up t hat said my firewall was down and said all my protection settings where gone and completely infected my computer so I completely shut down my computer and to my surprise all my computer did was restart its self when the windows xp screen loaded up...so to be completely honest I messed with a lot of files in doing so I used my installing disk for windows xp to fix this problem it allowed me to get past the windows xp and do a system restore ever since then I have ran it on safe mode and ran all my anti virus's that I had at the time it didnt find anything but some little bugs but when I ran it normally I noticed that my google was a different language so I thought Id just change it back to english so I did and google'd something basic that I use like hulu and it redirected to some random website so I went back to google tried it again and it worked after closing google I opened it again and found it doing the same thing over and over again I have checked the language and made sure everything is set to english which it is I have ran all different anti virus things I have upgraded everything, I have a feeling what I got rid of before is still way deep into my computer because when I tried to run internet explorer it wouldnt let me and just say send error report so I installed the new and it works fine but everything is acting very slow then usual, what I have ran on safe mode that found something was spybot it said that something was located in my "C:\windows\system32\drivers\etc\hosts" (this file was called redirecting and there was 12 total of them) but spybot could not access this because it was denied I read up that spybot DOES do this so I tried unhackme it found some stuff and fixed it, BUT give or take an hour went by and it came right back I have turned off my system restore and ran everything on safe mode networking but most programs dont find anything or they do but it does not fix it, I have don hijackthis which also found some stuff and said to delete I do and it comes right on back (Sorry for this being so long I just want to get to the bottom of this) I have the avg, super antispyware, malwarebytes,unhackme and adware...Some of these programs pick up stuff others dont like I said so I dont know if its the programs tricking me and its a common setting adjust thing or its really something seriously deep in my computer
Sorry that this is so long I just wanna settle this any help I would love it any programs you need me to run I will gladly do thanks :]
Oh yeah I HAVE CHANGED MY GOOGLE SETTING TO ENGLISH so please dont tell me to its already set but still in a different language thanks :]

DDS (Ver_09-12-01.01) - NTFSx86
Run by Victoria at 9:44:13.54 on Sat 01/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.567 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\Program Files\UnHackMe\gwebupdate.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Victoria\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Aim6]
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [AudioDeck] c:\program files\via\viaudioi\sbadeck\ADeck.exe 1
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb600n\WUSB600N.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 67.215.245.21 www.google-analytics.com
Hosts: 93.174.89.9 google.ae
Hosts: 93.174.89.9 google.as
Hosts: 93.174.89.9 google.at
Hosts: 93.174.89.9 google.az

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\victoria\applic~1\mozilla\firefox\profiles\n67gdkbz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys [2009-11-16 71680]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-25 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-9 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-9 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-9 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-1 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-1 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-14 551680]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-12-27 34760]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2009-12-27 24416]

=============== Created Last 30 ================

2009-12-31 00:19:17 0 d-sh--w- c:\documents and settings\victoria\PrivacIE
2009-12-31 00:13:20 0 d-sh--w- c:\documents and settings\victoria\IETldCache
2009-12-31 00:05:07 0 d-----w- c:\windows\ie8updates
2009-12-31 00:02:22 0 dc-h--w- c:\windows\ie8
2009-12-30 23:57:53 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-30 23:57:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-30 23:57:51 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-30 23:57:51 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-30 23:57:50 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-30 23:57:46 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-30 23:57:28 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-29 22:10:47 0 d-----w- c:\program files\Trend Micro
2009-12-28 05:26:19 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2009-12-28 05:23:47 35040 ----a-w- c:\windows\system32\Partizan.exe
2009-12-28 05:23:47 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-12-28 05:23:21 2 --shatr- c:\windows\winstart.bat
2009-12-28 05:22:37 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-12-28 05:22:26 0 d-----w- c:\program files\UnHackMe
2009-12-27 15:14:52 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-27 15:13:03 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-27 15:13:02 0 d-----w- c:\docume~1\victoria\applic~1\SUPERAntiSpyware.com
2009-12-26 20:48:30 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 20:48:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-26 13:33:32 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-26 07:10:47 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-26 07:05:05 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-18 08:52:03 0 d-----w- c:\documents and settings\victoria\Untitled
2009-12-13 19:38:30 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2009-12-13 19:38:10 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-13 19:38:10 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-13 19:38:10 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-12-13 01:48:43 0 d-----w- c:\program files\MSXML 6.0
2009-12-13 01:15:58 97117 -c----w- c:\windows\system32\dllcache\mplayer2.hlp
2009-12-13 00:59:43 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-13 00:59:01 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-13 00:58:59 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-13 00:58:59 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-13 00:58:11 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-12-13 00:58:11 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-12-13 00:57:41 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-13 00:57:40 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-13 00:57:40 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-13 00:57:39 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-13 00:57:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-13 00:57:38 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-13 00:57:38 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-13 00:57:38 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-13 00:57:37 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-13 00:56:40 916480 -c----w- c:\windows\system32\dllcache\wininet.dll
2009-12-13 00:56:39 1208832 -c----w- c:\windows\system32\dllcache\urlmon.dll
2009-12-13 00:56:38 1509888 -c----w- c:\windows\system32\dllcache\shdocvw.dll
2009-12-13 00:56:36 5940736 -c----w- c:\windows\system32\dllcache\mshtml.dll
2009-12-13 00:56:32 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-13 00:56:24 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-13 00:56:13 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-13 00:56:04 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-13 00:55:54 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-13 00:55:49 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-12-13 00:54:52 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-12 19:51:26 28160 ----a-w- c:\windows\system32\irmon.dll
2009-12-12 19:51:25 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-12-12 19:51:25 151552 ----a-w- c:\windows\system32\irftp.exe
2009-12-12 15:41:10 28288 -c--a-w- c:\windows\system32\dllcache\xjis.nls
2009-12-12 15:39:59 83748 -c--a-w- c:\windows\system32\dllcache\prc.nls
2009-12-12 15:38:55 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-12-12 15:37:59 82172 -c--a-w- c:\windows\system32\dllcache\bopomofo.nls
2009-12-12 15:37:59 66728 -c--a-w- c:\windows\system32\dllcache\big5.nls
2009-12-12 15:37:46 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-12-12 15:37:38 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-12-12 15:35:40 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-12-12 15:35:31 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-12-12 15:35:31 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-12-12 15:35:31 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-12-12 15:35:31 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-12-12 15:35:09 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-12 00:19:22 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-12 00:14:16 0 d-----w- c:\program files\World of Warcraft Public Test
2009-12-12 00:14:15 0 d-----w- c:\program files\Lionhead Studios Ltd
2009-12-12 00:14:14 0 d-----w- c:\program files\Activision
2009-12-12 00:14:12 0 d-----w- c:\program files\Redbana
2009-12-12 00:07:01 19997 ----a-w- c:\windows\setupapi.old
2009-12-10 06:44:24 0 d-----w- C:\9b66c8b0ec211aea982805a8
2009-12-08 19:32:35 0 d-----w- c:\program files\Rhapsody
2009-12-07 04:33:56 0 d-----w- c:\windows\SxsCaPendDel
2009-12-06 18:55:41 174 ----a-w- c:\windows\game.ini
2009-12-06 18:09:28 0 d-----w- c:\program files\DivX

==================== Find3M ====================

2009-12-30 22:55:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 22:54:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-12 15:33:59 22748 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-29 17:04:44 65536 ----a-w- c:\windows\system32\GDPersns.dat
2009-11-23 04:52:21 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-14 15:41:36 16515072 ----a-w- c:\windows\fonts\ARIALUNI.TTF
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

============= FINISH: 9:44:44.40 ===============


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/02 09:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3558000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B2C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x872B5000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf762c87e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf762cbfe

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf447e0b0

==EOF==

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:08 PM

Posted 10 January 2010 - 09:07 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  • Click on the My Controls link at the top of the page to enter your control panel.
  • Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  • Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  • Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.
Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 toxickisses224

toxickisses224
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:08 PM

Posted 11 January 2010 - 11:15 PM

DDS (Ver_09-12-01.01) - NTFSx86
Run by Victoria at 20:11:13.15 on Mon 01/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.187 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\UnHackMe\gwebupdate.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Victoria\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Aim6]
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [AudioDeck] c:\program files\via\viaudioi\sbadeck\ADeck.exe 1
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb600n\WUSB600N.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 67.215.245.21 www.google-analytics.com
Hosts: 93.174.89.9 google.ae
Hosts: 93.174.89.9 google.as
Hosts: 93.174.89.9 google.at
Hosts: 93.174.89.9 google.az

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\victoria\applic~1\mozilla\firefox\profiles\n67gdkbz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys [2009-11-16 71680]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-25 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-9 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-9 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-9 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-1 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-1 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-14 551680]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-12-27 34760]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2009-12-27 24416]

=============== Created Last 30 ================

2010-01-08 01:28:26 0 d-sh--w- c:\documents and settings\victoria\IECompatCache
2010-01-02 17:46:17 0 ----a-w- c:\documents and settings\victoria\settings.dat
2009-12-31 00:19:17 0 d-sh--w- c:\documents and settings\victoria\PrivacIE
2009-12-31 00:13:20 0 d-sh--w- c:\documents and settings\victoria\IETldCache
2009-12-31 00:05:07 0 d-----w- c:\windows\ie8updates
2009-12-31 00:02:22 0 dc-h--w- c:\windows\ie8
2009-12-30 23:57:53 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-30 23:57:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-30 23:57:51 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-30 23:57:51 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-30 23:57:50 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-30 23:57:46 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-30 23:57:28 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-29 22:10:47 0 d-----w- c:\program files\Trend Micro
2009-12-28 05:26:19 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2009-12-28 05:23:47 35040 ----a-w- c:\windows\system32\Partizan.exe
2009-12-28 05:23:47 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-12-28 05:23:21 2 --shatr- c:\windows\winstart.bat
2009-12-28 05:22:37 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-12-28 05:22:26 0 d-----w- c:\program files\UnHackMe
2009-12-27 15:14:52 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-27 15:13:03 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-27 15:13:02 0 d-----w- c:\docume~1\victoria\applic~1\SUPERAntiSpyware.com
2009-12-26 20:48:30 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 20:48:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-26 13:33:32 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-26 07:10:47 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-26 07:05:05 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-18 08:52:03 0 d-----w- c:\documents and settings\victoria\Untitled
2009-12-13 19:38:30 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2009-12-13 19:38:10 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-13 19:38:10 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-13 19:38:10 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll

==================== Find3M ====================

2009-12-30 22:55:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 22:54:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-12 15:33:59 22748 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-29 17:04:44 65536 ----a-w- c:\windows\system32\GDPersns.dat
2009-11-23 04:52:21 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-14 15:41:36 16515072 ----a-w- c:\windows\fonts\ARIALUNI.TTF
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

============= FINISH: 20:11:51.75 ===============

Thank you for your time, I will run any further scans if needed thank you again

Attached Files



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:08 AM

Posted 13 January 2010 - 09:09 AM

Hi,

please run a rootkit scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 toxickisses224

toxickisses224
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:08 PM

Posted 13 January 2010 - 11:05 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-13 20:04:15
Windows 5.1.2600 Service Pack 3
Running: emqcriuu.exe; Driver: C:\DOCUME~1\Victoria\LOCALS~1\Temp\ffqyqpoc.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF762C87E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF762CBFE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF48540B0]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6E09360, 0x240F7E, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:540] F3A28D40
Thread System [4:544] F3A171C0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002760c0d92
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x72 0x9D 0x6F 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE0 0xE7 0x1D 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x74 0xD5 0x67 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0xEC 0xFE 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0xEC 0xFE 0x57 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0xEC 0xFE 0x57 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x72 0x9D 0x6F 0xF6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE0 0xE7 0x1D 0x21 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x74 0xD5 0x67 0xD5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0xEC 0xFE 0x57 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x72 0x9D 0x6F 0xF6 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE0 0xE7 0x1D 0x21 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x74 0xD5 0x67 0xD5 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0xEC 0xFE 0x57 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\0002760c0d92 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x72 0x9D 0x6F 0xF6 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE0 0xE7 0x1D 0x21 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x74 0xD5 0x67 0xD5 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0xEC 0xFE 0x57 ...

---- EOF - GMER 1.0.15 ----

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:08 AM

Posted 14 January 2010 - 06:59 AM

Hi,

You may have a rootkit infection, to confirm please run mbr:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 toxickisses224

toxickisses224
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:08 PM

Posted 14 January 2010 - 06:32 PM

I typed that c:\mbr.exe -t >"C:\mbr.log" in and it just goes back to c:\documents and settings... it isnt saying its wrong I did save it to the c:\ drive i dont know if i saved it to the wrong location...the only thing that is there is a notepad is a mbr notepad saying
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

and thats it what am I doing wrong?

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:08 AM

Posted 14 January 2010 - 06:36 PM

Hi,

you're doing nothing wrong! :( This was exactly what I wanted to see. :(

And the log also shows that you are not infected by rootkits! :) (this is really good news! :) )

Please run a log with OTL:

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 toxickisses224

toxickisses224
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:08 PM

Posted 14 January 2010 - 06:48 PM

OTL Extras logfile created on: 1/14/2010 3:38:14 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Victoria\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 206.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 13.94 Gb Free Space | 20.01% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.56 Gb Free Space | 11.52% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VICTORIA-BF8F90
Current User Name: Victoria
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"21777:TCP" = 21777:TCP:*:Enabled:BitComet 21777 TCP
"21777:UDP" = 21777:UDP:*:Enabled:BitComet 21777 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\softnyx\RakionIS\Bin\rakion.bin" = C:\Program Files\softnyx\RakionIS\Bin\rakion.bin:*:Enabled:rakion -- File not found
"C:\Program Files\softnyx\RakionIS-bdrs\bin\rakion.bin" = C:\Program Files\softnyx\RakionIS-bdrs\bin\rakion.bin:*:Enabled:rakion -- File not found
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Disabled:Xfire -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft Public Test\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe" = C:\Program Files\World of Warcraft Public Test\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Softnyx\EdaIS\EDA.exe" = C:\Program Files\Softnyx\EdaIS\EDA.exe:*:Enabled:EDA -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\World of Warcraft Public Test\WoW-0.3.0.10522-enUS-ptr-downloader.exe" = C:\World of Warcraft Public Test\WoW-0.3.0.10522-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\World of Warcraft Public Test\WoW-0.3.0.10522-to-0.3.0.10554-enUS-ptr-downloader.exe" = C:\World of Warcraft Public Test\WoW-0.3.0.10522-to-0.3.0.10554-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\World of Warcraft Public Test\Launcher.exe" = C:\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\World of Warcraft Public Test\WoW-0.3.0.10554-to-0.3.0.10571-enUS-ptr-downloader.exe" = C:\World of Warcraft Public Test\WoW-0.3.0.10554-to-0.3.0.10571-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\World of Warcraft Public Test\WoW-0.3.0.10571-to-0.3.0.10596-enUS-ptr-downloader.exe" = C:\World of Warcraft Public Test\WoW-0.3.0.10571-to-0.3.0.10596-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"Ask Toolbar_is1" = Ask Toolbar
"AVG8Uninstall" = AVG Free 8.5
"Best Buy Digital Music Store" = Best Buy Digital Music Store
"CCleaner" = CCleaner (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty® 4 - Modern Warfare™ 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Rhapsody" = Rhapsody
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"UnHackMe_is1" = UnHackMe 5.70 release
"ViewpointMediaPlayer" = Viewpoint Media Player
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2009 4:46:32 PM | Computer Name = VICTORIA-BF8F90 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/30/2009 12:17:23 AM | Computer Name = VICTORIA-BF8F90 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.42.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/30/2009 1:45:34 AM | Computer Name = VICTORIA-BF8F90 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module urlmon.dll, version 6.0.2900.5897, fault address 0x0003e55b.

Error - 12/30/2009 1:45:58 AM | Computer Name = VICTORIA-BF8F90 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module urlmon.dll, version 6.0.2900.5897, fault address 0x0003e55b.

Error - 12/30/2009 7:31:50 PM | Computer Name = VICTORIA-BF8F90 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module urlmon.dll, version 6.0.2900.5897, fault address 0x0003e55b.

Error - 12/30/2009 7:31:55 PM | Computer Name = VICTORIA-BF8F90 | Source = Application Error | ID = 1001
Description = Fault bucket 1595730989.

Error - 12/30/2009 7:41:26 PM | Computer Name = VICTORIA-BF8F90 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module urlmon.dll, version 6.0.2900.5897, fault address 0x0003e55b.

Error - 12/30/2009 7:42:46 PM | Computer Name = VICTORIA-BF8F90 | Source = Application Error | ID = 1001
Description = Fault bucket 1595730989.

Error - 1/1/2010 5:55:53 PM | Computer Name = VICTORIA-BF8F90 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.4.26, faulting module
teatimer.exe, version 1.6.4.26, fault address 0x0006e60e.

Error - 1/4/2010 6:42:25 PM | Computer Name = VICTORIA-BF8F90 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.4.26, faulting module
teatimer.exe, version 1.6.4.26, fault address 0x0006e60e.

[ System Events ]
Error - 1/11/2010 11:42:11 PM | Computer Name = VICTORIA-BF8F90 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 1/12/2010 11:11:41 PM | Computer Name = VICTORIA-BF8F90 | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/12/2010 11:11:56 PM | Computer Name = VICTORIA-BF8F90 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 1/12/2010 11:11:58 PM | Computer Name = VICTORIA-BF8F90 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 1/13/2010 4:29:19 PM | Computer Name = VICTORIA-BF8F90 | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/13/2010 4:29:37 PM | Computer Name = VICTORIA-BF8F90 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 1/13/2010 4:29:38 PM | Computer Name = VICTORIA-BF8F90 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 1/14/2010 7:13:26 PM | Computer Name = VICTORIA-BF8F90 | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/14/2010 7:13:48 PM | Computer Name = VICTORIA-BF8F90 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 1/14/2010 7:13:50 PM | Computer Name = VICTORIA-BF8F90 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd


< End of report >


OTL logfile created on: 1/14/2010 3:38:14 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Victoria\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 206.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 13.94 Gb Free Space | 20.01% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.56 Gb Free Space | 11.52% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VICTORIA-BF8F90
Current User Name: Victoria
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/14 15:37:51 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Victoria\Desktop\OTL.exe
PRC - [2010/01/06 13:20:52 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/28 08:44:12 | 00,761,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe
PRC - [2009/12/25 23:08:14 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/25 23:08:12 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/12/22 14:39:06 | 01,186,016 | ---- | M] (Greais Software) -- C:\Program Files\UnHackMe\GWebUpdate.exe
PRC - [2009/12/22 14:38:24 | 00,594,144 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe
PRC - [2009/12/16 16:26:56 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/12/12 11:48:41 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/11/12 14:24:53 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/08/25 09:12:07 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/25 09:12:06 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/25 09:12:03 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/25 09:12:00 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/25 09:11:47 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/23 17:41:42 | 00,189,104 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2009/06/16 16:19:30 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/19 15:22:19 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/11/12 18:43:06 | 00,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/11/12 18:43:06 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/11/12 18:43:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/09 05:44:20 | 06,922,240 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
PRC - [2007/08/09 15:48:40 | 00,528,384 | R--- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
PRC - [2007/02/27 17:43:30 | 00,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/27 17:41:50 | 01,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/02/27 17:35:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/06/01 17:22:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2004/08/04 04:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2010/01/14 15:37:51 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Victoria\Desktop\OTL.exe
MOD - [2007/02/27 17:48:08 | 00,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/25 23:08:12 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/25 09:12:00 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/25 09:11:47 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/23 17:41:42 | 00,189,104 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/06/16 16:19:30 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/06/02 10:56:10 | 02,862,428 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/04/18 20:42:01 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/12 18:43:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2007/02/27 17:35:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/06/01 17:22:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/12/28 07:10:04 | 00,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2009/12/27 21:23:47 | 00,034,760 | ---- | M] (Greatis Software) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2009/12/16 16:27:00 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 16:26:58 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 16:26:56 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/02 05:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/22 20:52:21 | 00,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/25 09:12:06 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/25 09:12:06 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/26 17:41:13 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/05/10 08:22:47 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/11/20 11:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/11/09 17:43:32 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/04/13 08:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/12/14 18:04:24 | 00,551,680 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/08/15 07:27:18 | 00,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/06/27 14:42:00 | 00,207,488 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2007/04/17 11:58:56 | 00,042,496 | R--- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FET5X86V)
DRV - [2007/02/27 02:02:38 | 00,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/01/24 02:33:36 | 00,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/01/24 02:27:28 | 00,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/11/28 21:46:20 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/11/27 23:48:10 | 00,047,907 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/11/08 14:23:52 | 00,102,912 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid)
DRV - [2006/10/17 20:22:26 | 00,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006/10/14 23:01:54 | 00,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/10/09 07:00:24 | 00,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/08/05 06:20:36 | 00,071,680 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fgxscsi.sys -- (FGXSCSI)
DRV - [2006/07/12 06:17:06 | 00,011,520 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fgdxbus.sys -- (fgdxbus)
DRV - [2006/06/01 17:22:00 | 03,925,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/03/09 15:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: *{03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 12:14:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/29 15:11:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 13:21:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 13:21:00 | 00,000,000 | ---D | M]

[2009/12/26 12:24:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Victoria\Application Data\Mozilla\Extensions
[2009/04/06 21:04:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Victoria\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/12/26 12:24:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Victoria\Application Data\Mozilla\Firefox\Profiles\n67gdkbz.default\extensions
[2010/01/10 08:57:45 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/10 23:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/06/07 18:58:14 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 09:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (6400 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 67.215.245.21 www.google-analytics.com
O1 - Hosts: 93.174.89.9 google.ae
O1 - Hosts: 93.174.89.9 google.as
O1 - Hosts: 93.174.89.9 google.at
O1 - Hosts: 93.174.89.9 google.az
O1 - Hosts: 93.174.89.9 google.ba
O1 - Hosts: 93.174.89.9 google.be
O1 - Hosts: 93.174.89.9 google.bg
O1 - Hosts: 93.174.89.9 google.bs
O1 - Hosts: 93.174.89.9 google.ca
O1 - Hosts: 93.174.89.9 google.cd
O1 - Hosts: 93.174.89.9 google.com.gh
O1 - Hosts: 93.174.89.9 google.com.hk
O1 - Hosts: 93.174.89.9 google.com.jm
O1 - Hosts: 93.174.89.9 google.com.mx
O1 - Hosts: 93.174.89.9 google.com.my
O1 - Hosts: 93.174.89.9 google.com.na
O1 - Hosts: 93.174.89.9 google.com.nf
O1 - Hosts: 93.174.89.9 google.com.ng
O1 - Hosts: 93.174.89.9 google.ch
O1 - Hosts: 93.174.89.9 google.com.np
O1 - Hosts: 93.174.89.9 google.com.pr
O1 - Hosts: 93.174.89.9 google.com.qa
O1 - Hosts: 93.174.89.9 google.com.sg
O1 - Hosts: 190 more lines...
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe (Linksys)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 192
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Victoria\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Victoria\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/09 17:31:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (e settings...) - File not found
O34 - HKLM BootExecute: (ountPoints2\H\Shell) - C:\WINDOWS\System32\Shell.dll (Microsoft Corporation)
O34 - HKLM BootExecute: (nt) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/14 15:37:46 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Victoria\Desktop\OTL.exe
[2010/01/12 19:19:38 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/07 17:28:26 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Victoria\IECompatCache
[2010/01/07 17:27:45 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Victoria\Recent
[2010/01/02 09:46:01 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Victoria\Desktop\RootRepeal.exe
[2009/12/30 16:19:17 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Victoria\PrivacIE
[2009/12/30 16:13:20 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Victoria\IETldCache
[2009/12/30 16:05:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/12/30 16:02:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/12/30 15:57:53 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/12/30 15:57:52 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/12/30 15:57:50 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/12/30 15:57:46 | 11,069,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/12/30 15:55:58 | 16,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Victoria\Desktop\IE8-WindowsXP-x86-ENU.exe
[2009/12/29 14:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/29 14:10:40 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Victoria\Desktop\HJTInstall.exe
[2009/12/27 21:26:19 | 00,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2009/12/27 21:23:47 | 00,035,040 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2009/12/27 21:23:47 | 00,034,760 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2009/12/27 21:22:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Victoria\My Documents\RegRun2
[2009/12/27 21:22:37 | 00,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2009/12/27 21:22:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\regruninfo
[2009/12/27 21:22:26 | 00,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2009/12/27 07:14:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/12/27 07:13:03 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/27 07:13:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Victoria\Application Data\SUPERAntiSpyware.com
[2009/12/26 12:48:30 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/26 12:48:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/12/26 12:45:46 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Victoria\Desktop\spybotsd162.exe
[2009/12/25 23:10:47 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/12/25 23:05:05 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/12/25 22:47:38 | 91,338,304 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Victoria\Desktop\Ad-AwareInstallation.exe
[2009/12/25 21:50:58 | 01,211,482 | ---- | C] (Mozilla) -- C:\Documents and Settings\Victoria\Desktop\Firefox Setup 3.5.6.exe
[2009/12/18 00:52:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Victoria\Untitled
[2009/07/01 08:32:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2009/04/17 11:24:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/07 15:47:39 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/12/07 15:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/12/07 15:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/12/07 15:47:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/11/24 12:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/11/24 12:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/11/23 03:47:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xfire
[2008/11/23 02:21:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/14 15:37:51 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Victoria\Desktop\OTL.exe
[2010/01/14 15:26:29 | 00,077,312 | ---- | M] () -- C:\mbr.exe
[2010/01/14 15:17:18 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/14 15:17:17 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/14 15:17:16 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/14 15:17:15 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/14 15:17:14 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/14 15:14:44 | 00,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/14 15:13:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/14 15:13:22 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/14 15:13:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/13 21:22:17 | 03,407,872 | -H-- | M] () -- C:\Documents and Settings\Victoria\ntuser.dat
[2010/01/13 21:22:17 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Victoria\ntuser.ini
[2010/01/13 21:21:56 | 04,828,762 | -H-- | M] () -- C:\Documents and Settings\Victoria\Local Settings\Application Data\IconCache.db
[2010/01/13 20:08:08 | 00,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/01/13 12:39:14 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\emqcriuu.exe
[2010/01/12 21:25:57 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 21:17:58 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\Work Cited 2.doc
[2010/01/12 20:48:03 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\ffff.doc
[2010/01/12 19:18:47 | 00,138,938 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/12 19:18:46 | 47,748,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/03 19:53:54 | 00,870,128 | ---- | M] () -- C:\Documents and Settings\Victoria\Application Data\mcs.rma
[2010/01/03 19:53:54 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\Victoria\Application Data\050514
[2010/01/02 09:46:17 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Victoria\settings.dat
[2010/01/02 09:46:01 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Victoria\Desktop\RootRepeal.exe
[2010/01/02 09:43:14 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\dds.scr
[2009/12/30 15:56:12 | 16,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Victoria\Desktop\IE8-WindowsXP-x86-ENU.exe
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/29 15:15:48 | 00,006,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/29 14:10:48 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\HijackThis.lnk
[2009/12/29 14:10:40 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Victoria\Desktop\HJTInstall.exe
[2009/12/28 07:10:04 | 00,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2009/12/27 21:23:47 | 00,035,040 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2009/12/27 21:23:47 | 00,034,760 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2009/12/27 21:23:21 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/27 21:23:21 | 00,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/12/27 21:23:21 | 00,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2009/12/27 21:22:42 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\UnHackMe.lnk
[2009/12/27 21:19:29 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\host_new
[2009/12/27 21:18:30 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-232615.backup
[2009/12/27 21:18:26 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-232616.backup
[2009/12/27 21:18:21 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-232617.backup
[2009/12/27 21:18:17 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-232618.backup
[2009/12/27 21:18:03 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231941.backup
[2009/12/27 21:17:58 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231942.backup
[2009/12/27 21:17:53 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231943.backup
[2009/12/27 21:17:47 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231944.backup
[2009/12/27 21:17:43 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231945.backup
[2009/12/27 21:17:38 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-232510.backup
[2009/12/27 21:17:33 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-232614.backup
[2009/12/27 21:17:16 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231302.backup
[2009/12/27 21:17:10 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231303.backup
[2009/12/27 21:17:05 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231733.backup
[2009/12/27 21:17:00 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231935.backup
[2009/12/27 21:16:56 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231936.backup
[2009/12/27 21:16:50 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231937.backup
[2009/12/27 21:16:45 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231939.backup
[2009/12/27 21:16:32 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230926.backup
[2009/12/27 21:16:25 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230927.backup
[2009/12/27 21:16:20 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230928.backup
[2009/12/27 21:16:15 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231219.backup
[2009/12/27 21:16:10 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231259.backup
[2009/12/27 21:16:05 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231300.backup
[2009/12/27 21:16:00 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231301.backup
[2009/12/27 21:15:46 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230803.backup
[2009/12/27 21:15:41 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230804.backup
[2009/12/27 21:15:35 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230805.backup
[2009/12/27 21:15:27 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230818.backup
[2009/12/27 21:15:22 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230921.backup
[2009/12/27 21:15:10 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230922.backup
[2009/12/27 21:15:06 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230923.backup
[2009/12/27 21:14:39 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230625.backup
[2009/12/27 21:14:34 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230626.backup
[2009/12/27 21:14:29 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230627.backup
[2009/12/27 21:14:24 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230759.backup
[2009/12/27 21:14:19 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230800.backup
[2009/12/27 21:14:12 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230801.backup
[2009/12/27 21:14:08 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230802.backup
[2009/12/27 21:13:51 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230428.backup
[2009/12/27 21:13:45 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230621.backup
[2009/12/27 21:13:40 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230622.backup
[2009/12/27 21:13:35 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230623.backup
[2009/12/27 21:13:28 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230624.backup
[2009/12/27 21:13:12 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230427.backup
[2009/12/27 21:13:06 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230426.backup
[2009/12/27 21:13:00 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230425.backup
[2009/12/27 21:12:55 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230424.backup
[2009/12/27 21:12:48 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230419.backup
[2009/12/27 21:12:39 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213112.backup
[2009/12/27 21:12:32 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213111.backup
[2009/12/27 21:12:25 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213110.backup
[2009/12/27 21:12:17 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213109.backup
[2009/12/27 21:12:12 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213108.backup
[2009/12/27 21:12:07 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213107.backup
[2009/12/27 21:12:01 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213106.backup
[2009/12/27 21:11:49 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213105.backup
[2009/12/27 21:11:43 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213050.backup
[2009/12/27 21:11:36 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213049.backup
[2009/12/27 21:11:24 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213047.backup
[2009/12/27 21:11:18 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213046.backup
[2009/12/27 21:11:11 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213045.backup
[2009/12/27 21:10:08 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213043.backup
[2009/12/27 21:10:01 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213042.backup
[2009/12/27 21:09:36 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213041.backup
[2009/12/27 07:13:15 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/27 07:12:35 | 07,451,168 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\SUPERAntiSpyware.exe
[2009/12/26 12:48:44 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\Spybot - Search & Destroy.lnk
[2009/12/26 12:46:15 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Victoria\Desktop\spybotsd162.exe
[2009/12/26 12:24:42 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/25 23:04:37 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/12/25 22:49:45 | 91,338,304 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Victoria\Desktop\Ad-AwareInstallation.exe
[2009/12/25 21:51:06 | 01,211,482 | ---- | M] (Mozilla) -- C:\Documents and Settings\Victoria\Desktop\Firefox Setup 3.5.6.exe
[2009/12/22 16:44:49 | 00,053,075 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\fish.jpg
[2009/12/22 14:38:34 | 00,012,752 | ---- | M] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2009/12/15 20:36:33 | 00,036,866 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\excuses.png
[2009/12/15 20:35:11 | 00,031,942 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\Hey,-wasnt-Black-Friday-yester-SHUT-UP-I-DONT-CARE.png
[2009/12/15 20:33:48 | 00,043,725 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\nomore.png
[2009/12/15 20:32:44 | 00,024,084 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\I-rate-that-pun-an-STD-minus.png
[2009/12/15 20:25:51 | 00,022,500 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\beastieboys.png
[2009/12/15 20:11:44 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\Work Cited.doc
[2009/12/15 20:05:48 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\therapist.doc
[2009/12/15 18:43:14 | 00,030,286 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\a-crime-of-passion.png
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/14 15:19:13 | 00,077,312 | ---- | C] () -- C:\mbr.exe
[2010/01/13 12:39:14 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\emqcriuu.exe
[2010/01/12 21:25:56 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 21:17:58 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\Work Cited 2.doc
[2010/01/02 09:46:17 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Victoria\settings.dat
[2010/01/02 09:43:13 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\dds.scr
[2009/12/29 14:10:48 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\HijackThis.lnk
[2009/12/27 21:23:21 | 00,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2009/12/27 21:22:42 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\UnHackMe.lnk
[2009/12/27 07:13:15 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/27 07:12:14 | 07,451,168 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\SUPERAntiSpyware.exe
[2009/12/26 12:48:44 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\Spybot - Search & Destroy.lnk
[2009/12/26 12:24:42 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/26 05:33:32 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/12/25 23:14:35 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/25 23:14:33 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2009/12/25 23:14:32 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2009/12/25 23:14:31 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2009/12/25 23:14:27 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2009/12/25 23:04:37 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/12/22 16:44:46 | 00,053,075 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\fish.jpg
[2009/12/15 20:36:32 | 00,036,866 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\excuses.png
[2009/12/15 20:35:11 | 00,031,942 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\Hey,-wasnt-Black-Friday-yester-SHUT-UP-I-DONT-CARE.png
[2009/12/15 20:33:47 | 00,043,725 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\nomore.png
[2009/12/15 20:32:43 | 00,024,084 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\I-rate-that-pun-an-STD-minus.png
[2009/12/15 20:25:50 | 00,022,500 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\beastieboys.png
[2009/12/15 20:11:20 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\Work Cited.doc
[2009/12/15 19:39:16 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\therapist.doc
[2009/12/15 19:29:22 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\ffff.doc
[2009/12/15 18:43:11 | 00,030,286 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\a-crime-of-passion.png
[2009/12/06 10:55:41 | 00,000,174 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/11/14 09:05:35 | 00,000,022 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009/08/30 08:51:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/05/11 15:16:38 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/05 19:27:14 | 00,139,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/11/23 02:16:19 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\Victoria\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/13 17:41:15 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/12 18:40:16 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\Victoria\Application Data\mcs.rma
[2008/11/12 18:40:16 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Victoria\Application Data\050514
[2008/11/09 14:56:55 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007/08/15 07:27:18 | 00,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/02/27 17:48:38 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/27 17:29:32 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/06/01 17:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/01 17:22:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/01 17:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/01 17:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/01 17:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/01 17:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/01 17:22:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/02/17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/12/10 04:35:06 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1997/06/13 17:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE2C623F
@Alternate Data Stream - 489 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:08 AM

Posted 14 January 2010 - 06:53 PM

Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    [2010/01/03 19:53:54 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\Victoria\Application Data\050514
    :commands
    [resethosts]
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
This will reset your hosts file, it should remove the redirects you have been experiencing, but also remove the protection you got by using the immunize-function of Spybot. You can restore the hosts-file protection, by running immunize again. Please so only after you ran both OTL scans.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 toxickisses224

toxickisses224
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:08 PM

Posted 14 January 2010 - 07:13 PM

OTL logfile created on: 1/14/2010 4:07:03 PM - Run 2
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Victoria\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 398.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 14.52 Gb Free Space | 20.85% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.56 Gb Free Space | 11.52% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VICTORIA-BF8F90
Current User Name: Victoria
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Victoria\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\UnHackMe\GWebUpdate.exe (Greais Software)
PRC - C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\PnkBstrB.exe ()
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Linksys\WUSB600N\WUSB600N.exe (Linksys)
PRC - C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Victoria\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PnkBstrB) -- C:\WINDOWS\system32\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (RegGuard) -- C:\WINDOWS\system32\drivers\regguard.sys (Greatis Software)
DRV - (Partizan) -- C:\WINDOWS\system32\drivers\Partizan.sys (Greatis Software)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (n558) -- C:\WINDOWS\system32\drivers\n558.sys ()
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (FET5X86V) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (viamraid) -- C:\WINDOWS\system32\DRIVERS\viamraid.sys (VIA Technologies inc,.ltd)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (FGXSCSI) -- C:\WINDOWS\system32\DRIVERS\fgxscsi.sys (FarStone Inc.)
DRV - (fgdxbus) -- C:\WINDOWS\system32\drivers\fgdxbus.sys (FarStone Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: *{03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 12:14:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/29 15:11:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 13:21:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 13:21:00 | 00,000,000 | ---D | M]

[2009/12/26 12:24:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Victoria\Application Data\Mozilla\Extensions
[2009/04/06 21:04:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Victoria\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/12/26 12:24:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Victoria\Application Data\Mozilla\Firefox\Profiles\n67gdkbz.default\extensions
[2010/01/14 15:27:21 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/10 23:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/06/07 18:58:14 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 09:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe (Linksys)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 192
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Victoria\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Victoria\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/09 17:31:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (e settings...) - File not found
O34 - HKLM BootExecute: (ountPoints2\H\Shell) - C:\WINDOWS\System32\Shell.dll (Microsoft Corporation)
O34 - HKLM BootExecute: (nt) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/14 15:55:03 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/14 15:37:46 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Victoria\Desktop\OTL.exe
[2010/01/12 19:19:38 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/07 17:28:26 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Victoria\IECompatCache
[2010/01/07 17:27:45 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Victoria\Recent
[2010/01/02 09:46:01 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Victoria\Desktop\RootRepeal.exe
[2009/12/30 16:19:17 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Victoria\PrivacIE
[2009/12/30 16:13:20 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Victoria\IETldCache
[2009/12/30 16:05:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/12/30 16:02:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/12/30 15:57:53 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/12/30 15:57:52 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/12/30 15:57:50 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/12/30 15:57:46 | 11,069,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/12/30 15:55:58 | 16,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Victoria\Desktop\IE8-WindowsXP-x86-ENU.exe
[2009/12/29 14:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/29 14:10:40 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Victoria\Desktop\HJTInstall.exe
[2009/12/27 21:26:19 | 00,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2009/12/27 21:23:47 | 00,035,040 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2009/12/27 21:23:47 | 00,034,760 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2009/12/27 21:22:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Victoria\My Documents\RegRun2
[2009/12/27 21:22:37 | 00,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2009/12/27 21:22:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\regruninfo
[2009/12/27 21:22:26 | 00,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2009/12/27 07:14:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/12/27 07:13:03 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/27 07:13:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Victoria\Application Data\SUPERAntiSpyware.com
[2009/12/26 12:48:30 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/26 12:48:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/12/26 12:45:46 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Victoria\Desktop\spybotsd162.exe
[2009/12/25 23:10:47 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/12/25 23:05:05 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/12/25 22:47:38 | 91,338,304 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Victoria\Desktop\Ad-AwareInstallation.exe
[2009/12/25 21:50:58 | 01,211,482 | ---- | C] (Mozilla) -- C:\Documents and Settings\Victoria\Desktop\Firefox Setup 3.5.6.exe
[2009/12/18 00:52:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Victoria\Untitled
[2009/07/01 08:32:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2009/04/17 11:24:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/07 15:47:39 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/12/07 15:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/12/07 15:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/12/07 15:47:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/11/24 12:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/11/24 12:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/11/23 03:47:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xfire
[2008/11/23 02:21:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire

========== Files - Modified Within 30 Days ==========

[2010/01/14 15:59:07 | 00,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/14 15:57:48 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/14 15:57:48 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/14 15:57:48 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/14 15:57:48 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/14 15:57:48 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/14 15:57:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/14 15:57:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/14 15:56:29 | 03,407,872 | -H-- | M] () -- C:\Documents and Settings\Victoria\ntuser.dat
[2010/01/14 15:56:29 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Victoria\ntuser.ini
[2010/01/14 15:55:05 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/01/14 15:37:51 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Victoria\Desktop\OTL.exe
[2010/01/14 15:26:29 | 00,077,312 | ---- | M] () -- C:\mbr.exe
[2010/01/14 15:13:22 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/13 21:21:56 | 04,828,762 | -H-- | M] () -- C:\Documents and Settings\Victoria\Local Settings\Application Data\IconCache.db
[2010/01/13 20:08:08 | 00,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/01/13 12:39:14 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\emqcriuu.exe
[2010/01/12 21:25:57 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 21:17:58 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\Work Cited 2.doc
[2010/01/12 20:48:03 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\ffff.doc
[2010/01/12 19:18:47 | 00,138,938 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/12 19:18:46 | 47,748,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/03 19:53:54 | 00,870,128 | ---- | M] () -- C:\Documents and Settings\Victoria\Application Data\mcs.rma
[2010/01/02 09:46:17 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Victoria\settings.dat
[2010/01/02 09:46:01 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Victoria\Desktop\RootRepeal.exe
[2010/01/02 09:43:14 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\dds.scr
[2009/12/30 15:56:12 | 16,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Victoria\Desktop\IE8-WindowsXP-x86-ENU.exe
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/29 14:10:48 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\HijackThis.lnk
[2009/12/29 14:10:40 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Victoria\Desktop\HJTInstall.exe
[2009/12/28 07:10:04 | 00,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2009/12/27 21:23:47 | 00,035,040 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2009/12/27 21:23:47 | 00,034,760 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2009/12/27 21:23:21 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/27 21:23:21 | 00,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/12/27 21:23:21 | 00,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2009/12/27 21:22:42 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\UnHackMe.lnk
[2009/12/27 21:19:29 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\host_new
[2009/12/27 21:18:30 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-232615.backup
[2009/12/27 21:18:26 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-232616.backup
[2009/12/27 21:18:21 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-232617.backup
[2009/12/27 21:18:17 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-232618.backup
[2009/12/27 21:18:03 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231941.backup
[2009/12/27 21:17:58 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231942.backup
[2009/12/27 21:17:53 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231943.backup
[2009/12/27 21:17:47 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231944.backup
[2009/12/27 21:17:43 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231945.backup
[2009/12/27 21:17:38 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-232510.backup
[2009/12/27 21:17:33 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-232614.backup
[2009/12/27 21:17:16 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231302.backup
[2009/12/27 21:17:10 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231303.backup
[2009/12/27 21:17:05 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231733.backup
[2009/12/27 21:17:00 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231935.backup
[2009/12/27 21:16:56 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231936.backup
[2009/12/27 21:16:50 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231937.backup
[2009/12/27 21:16:45 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231939.backup
[2009/12/27 21:16:32 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230926.backup
[2009/12/27 21:16:25 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230927.backup
[2009/12/27 21:16:20 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230928.backup
[2009/12/27 21:16:15 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231219.backup
[2009/12/27 21:16:10 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231259.backup
[2009/12/27 21:16:05 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231300.backup
[2009/12/27 21:16:00 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-231301.backup
[2009/12/27 21:15:46 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230803.backup
[2009/12/27 21:15:41 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230804.backup
[2009/12/27 21:15:35 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230805.backup
[2009/12/27 21:15:27 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230818.backup
[2009/12/27 21:15:22 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230921.backup
[2009/12/27 21:15:10 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230922.backup
[2009/12/27 21:15:06 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230923.backup
[2009/12/27 21:14:39 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230625.backup
[2009/12/27 21:14:34 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230626.backup
[2009/12/27 21:14:29 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230627.backup
[2009/12/27 21:14:24 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230759.backup
[2009/12/27 21:14:19 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230800.backup
[2009/12/27 21:14:12 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230801.backup
[2009/12/27 21:14:08 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230802.backup
[2009/12/27 21:13:51 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230428.backup
[2009/12/27 21:13:45 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230621.backup
[2009/12/27 21:13:40 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230622.backup
[2009/12/27 21:13:35 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230623.backup
[2009/12/27 21:13:28 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230624.backup
[2009/12/27 21:13:12 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230427.backup
[2009/12/27 21:13:06 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230426.backup
[2009/12/27 21:13:00 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230425.backup
[2009/12/27 21:12:55 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230424.backup
[2009/12/27 21:12:48 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-230419.backup
[2009/12/27 21:12:39 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213112.backup
[2009/12/27 21:12:32 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213111.backup
[2009/12/27 21:12:25 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213110.backup
[2009/12/27 21:12:17 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213109.backup
[2009/12/27 21:12:12 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213108.backup
[2009/12/27 21:12:07 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213107.backup
[2009/12/27 21:12:01 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213106.backup
[2009/12/27 21:11:49 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213105.backup
[2009/12/27 21:11:43 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213050.backup
[2009/12/27 21:11:36 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213049.backup
[2009/12/27 21:11:24 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213047.backup
[2009/12/27 21:11:18 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213046.backup
[2009/12/27 21:11:11 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213045.backup
[2009/12/27 21:10:08 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213043.backup
[2009/12/27 21:10:01 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213042.backup
[2009/12/27 21:09:36 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091226-213041.backup
[2009/12/27 07:13:15 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/27 07:12:35 | 07,451,168 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\SUPERAntiSpyware.exe
[2009/12/26 12:48:44 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\Spybot - Search & Destroy.lnk
[2009/12/26 12:46:15 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Victoria\Desktop\spybotsd162.exe
[2009/12/26 12:24:42 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/25 23:04:37 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/12/25 22:49:45 | 91,338,304 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Victoria\Desktop\Ad-AwareInstallation.exe
[2009/12/25 21:51:06 | 01,211,482 | ---- | M] (Mozilla) -- C:\Documents and Settings\Victoria\Desktop\Firefox Setup 3.5.6.exe
[2009/12/22 16:44:49 | 00,053,075 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\fish.jpg
[2009/12/22 14:38:34 | 00,012,752 | ---- | M] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2009/12/15 20:36:33 | 00,036,866 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\excuses.png
[2009/12/15 20:35:11 | 00,031,942 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\Hey,-wasnt-Black-Friday-yester-SHUT-UP-I-DONT-CARE.png
[2009/12/15 20:33:48 | 00,043,725 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\nomore.png
[2009/12/15 20:32:44 | 00,024,084 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\I-rate-that-pun-an-STD-minus.png
[2009/12/15 20:25:51 | 00,022,500 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\beastieboys.png
[2009/12/15 20:11:44 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\Work Cited.doc
[2009/12/15 20:05:48 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\therapist.doc
[2009/12/15 18:43:14 | 00,030,286 | ---- | M] () -- C:\Documents and Settings\Victoria\Desktop\a-crime-of-passion.png

========== Files Created - No Company Name ==========

[2010/01/14 15:19:13 | 00,077,312 | ---- | C] () -- C:\mbr.exe
[2010/01/13 12:39:14 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\emqcriuu.exe
[2010/01/12 21:25:56 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 21:17:58 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\Work Cited 2.doc
[2010/01/02 09:46:17 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Victoria\settings.dat
[2010/01/02 09:43:13 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\dds.scr
[2009/12/29 14:10:48 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\HijackThis.lnk
[2009/12/27 21:23:21 | 00,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2009/12/27 21:22:42 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\UnHackMe.lnk
[2009/12/27 07:13:15 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/27 07:12:14 | 07,451,168 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\SUPERAntiSpyware.exe
[2009/12/26 12:48:44 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\Spybot - Search & Destroy.lnk
[2009/12/26 12:24:42 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/26 05:33:32 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/12/25 23:14:35 | 00,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/25 23:14:33 | 00,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2009/12/25 23:14:32 | 00,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2009/12/25 23:14:31 | 00,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2009/12/25 23:14:27 | 00,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2009/12/25 23:04:37 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/12/22 16:44:46 | 00,053,075 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\fish.jpg
[2009/12/15 20:36:32 | 00,036,866 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\excuses.png
[2009/12/15 20:35:11 | 00,031,942 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\Hey,-wasnt-Black-Friday-yester-SHUT-UP-I-DONT-CARE.png
[2009/12/15 20:33:47 | 00,043,725 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\nomore.png
[2009/12/15 20:32:43 | 00,024,084 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\I-rate-that-pun-an-STD-minus.png
[2009/12/15 20:25:50 | 00,022,500 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\beastieboys.png
[2009/12/15 20:11:20 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\Work Cited.doc
[2009/12/15 19:39:16 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\therapist.doc
[2009/12/15 19:29:22 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\ffff.doc
[2009/12/15 18:43:11 | 00,030,286 | ---- | C] () -- C:\Documents and Settings\Victoria\Desktop\a-crime-of-passion.png
[2009/12/06 10:55:41 | 00,000,174 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/11/14 09:05:35 | 00,000,022 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009/08/30 08:51:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/05/11 15:16:38 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/05 19:27:14 | 00,139,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/11/23 02:16:19 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\Victoria\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/13 17:41:15 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/12 18:40:16 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\Victoria\Application Data\mcs.rma
[2008/11/09 14:56:55 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007/08/15 07:27:18 | 00,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/02/27 17:48:38 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/27 17:29:32 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/06/01 17:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/01 17:22:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/01 17:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/01 17:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/01 17:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/01 17:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/01 17:22:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/02/17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/12/10 04:35:06 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1997/06/13 17:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE2C623F
@Alternate Data Stream - 489 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >

All processes killed
========== OTL ==========
C:\Documents and Settings\Victoria\Application Data\050514 moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 311296 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator.VICTORIA-BF8F90
->Temp folder emptied: 622592 bytes
->Temporary Internet Files folder emptied: 35316 bytes
->FireFox cache emptied: 2941296 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: fddfssdf
->Temp folder emptied: 414486 bytes
->Temporary Internet Files folder emptied: 21276809 bytes
->FireFox cache emptied: 35273046 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2318787 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7803890 bytes

User: Test
->Temp folder emptied: 297990326 bytes
->Temporary Internet Files folder emptied: 616574 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 104124614 bytes

User: Victoria
->Temp folder emptied: 2377235 bytes
->Temporary Internet Files folder emptied: 1574354 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 98646512 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 58182522 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 726354 bytes
RecycleBin emptied: 77312 bytes

Total Files Cleaned = 606.00 mb


OTL by OldTimer - Version 3.1.24.0 log created on 01142010_155503

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:08 AM

Posted 14 January 2010 - 07:16 PM

Hi,

how are the redirects doing? Any improvements? Is google working normally?

Are you aware of a user account on your system called: fddfssdf?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 toxickisses224

toxickisses224
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:08 PM

Posted 14 January 2010 - 08:45 PM

Yeah I made that awhile ago when I first set up this computer because I just did...thank you so much it works perfectly finally <3

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:08 AM

Posted 14 January 2010 - 09:07 PM

Hi,

great. :( Just wanted to be sure that it was made by you. :(

It seems we removed the malware, to be sure I would like you to run an online scan with Eset:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:08 AM

Posted 20 January 2010 - 04:12 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users