Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Searches redirecting to other sites


  • This topic is locked This topic is locked
12 replies to this topic

#1 Ari87

Ari87

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 19 January 2010 - 05:31 AM

Hi there,

I'v been having problems for quite a while with web pages redirecting me to pages such as blinkx. Usualy happens when I first go on to google.com and search, it redirects or the first link that I click on from google.

AVG hasnt found anything and im sure I havnt installed anything dodgey in the last few weeks. My internet explorer also has been causing problems and saying its not responding and asking to shut down. But I can just click the x at the top of the box and it goes away leaving internet explorer open and usable. It also sometimes shows a tab on my desktop saying internet explorer tab has been been recovered. Something that has nothing to do with what im doing myself.

I also get sound clips playing in the background which sound like its a radio or video stream playing, but I have nothing open that would be doing that.
If I go into Task Manager and look at what is running, I find loads of iexplorer open even if I am not on the net. When I get sounds playing and I shut down ieplorer from the task manager one by one, it does stop. Which leads me to thing I have iexplorer running all the time but I cant physicaly see them open. In the Processes log you see there are over 10 iexplorer running, but I only have one open myself.

Below is the log that is asked for and attached is the file that dds made.
Hope I can get this fixed this time round.
Thanks


DDS (Ver_09-12-01.01) - NTFSx86
Run by Ari at 10:24:03.30 on 19/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2046.1098 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\OEM13Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ari\Documents\Fix\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: D: {d52e2fc0-94d8-3904-b4f6-e208073da690} - c:\windows\system32\tb12505.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: google.com\maps
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
IFEO: ctfmon.exe - c:\windows\system32\ctfmon_dv.exe

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-13 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-13 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-25 360584]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-5-23 77824]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-25 285392]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-5-23 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-5-23 43480]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2008-5-23 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-5-28 235840]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-9 135664]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-1 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2010-01-01 19:30:04 0 d-----w- c:\program files\common files\DivX Shared
2009-12-25 11:59:37 0 d-----w- c:\program files\E Zanga Removal Tool
2009-12-25 00:43:12 0 d--h--w- C:\$AVG
2009-12-25 00:42:56 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-25 00:42:37 0 d-----w- c:\programdata\avg9
2009-12-24 15:56:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-24 01:26:34 233472 ----a-w- c:\windows\system32\tb12505.dll
2009-12-21 18:13:25 0 d-----w- c:\program files\common files\xing shared
2009-12-21 18:13:02 0 d-----w- c:\program files\common files\Real
2009-12-21 18:13:01 0 d-----w- c:\programdata\Real

==================== Find3M ====================

2010-01-16 11:06:46 27649 ----a-w- c:\programdata\nvModes.dat
2009-12-25 00:42:58 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-25 00:42:56 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-02-04 23:35:10 51200 ----a-w- c:\windows\inf\infpub.dat
2009-02-04 23:35:10 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-02-04 23:35:08 86016 ----a-w- c:\windows\inf\infstor.dat
2008-08-15 00:35:00 174 --sha-w- c:\program files\desktop.ini
2008-06-15 19:05:35 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-05-23 00:11:36 76 --sh--r- c:\windows\CT4CET.bin
2009-05-16 16:52:51 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-05-16 16:52:51 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-05-16 16:52:51 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-05-16 16:52:51 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-05-17 11:06:51 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-09-04 16:20:52 16384 --sha-w- c:\windows\temp\cookies\index.dat
2008-09-04 16:20:52 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-09-04 16:20:52 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2008-05-23 04:26:56 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:24:55.53 ===============



Attached File  Attach_Ari87.zip   2.18KB   7 downloads



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:40 PM

Posted 19 January 2010 - 08:07 AM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Ari87

Ari87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 19 January 2010 - 11:38 AM

Thanks Sam for the quick response. I have used the programs you requested and below are the logs.

Thanks


Malwarebytes' Anti-Malware 1.44
Database version: 3598
Windows 6.0.6000
Internet Explorer 8.0.6001.18702

19/01/2010 16:23:29
mbam-log-2010-01-19 (16-23-29).txt

Scan type: Quick Scan
Objects scanned: 105515
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\tb12505.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3f27be0c-6c11-374d-b024-ec32da4a37cf} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{803698bc-2d7f-3565-9d3b-10cd32c6c90c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d52e2fc0-94d8-3904-b4f6-e208073da690} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d52e2fc0-94d8-3904-b4f6-e208073da690} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d52e2fc0-94d8-3904-b4f6-e208073da690} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d52e2fc0-94d8-3904-b4f6-e208073da690} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\tb12505.dll (Trojan.BHO) -> Delete on reboot.
C:\Users\Ari\AppData\Local\Temp\iee3600.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Ari\AppData\Local\Temp\93.exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Windows\System32\ctfmon_dv.exe (Trojan.Agent) -> Quarantined and deleted successfully.

______________________


OTL logfile created on: 19/01/2010 16:30:57 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Ari\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.95 Gb Total Space | 75.62 Gb Free Space | 54.42% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.74 Gb Free Space | 57.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ARI-PC
Current User Name: Ari
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/19 16:29:46 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe
PRC - [2010/01/01 11:49:56 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/25 00:42:44 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/25 00:42:44 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/25 00:42:44 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/25 00:42:43 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/25 00:42:40 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/24 15:56:06 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/22 01:57:28 | 00,035,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2009/12/21 18:13:03 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/13 11:31:14 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 11:31:12 | 00,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/11/09 23:32:05 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/07/18 03:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/05/21 10:13:58 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/08 21:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/08/13 23:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/20 06:37:00 | 01,316,136 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/05/23 04:18:49 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/22 16:01:38 | 01,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/22 05:57:10 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM13Mon.exe
PRC - [2008/02/22 05:25:06 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/02/22 05:24:56 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/02/22 05:24:54 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/02/22 05:24:54 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/02/22 05:14:22 | 04,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/22 05:14:18 | 00,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/08/24 06:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/07/27 15:43:34 | 00,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/07/25 15:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 15:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/11/02 09:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2010/01/19 16:29:46 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe
MOD - [2009/12/25 00:42:58 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2006/11/02 09:38:57 | 01,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/25 00:42:40 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/13 11:31:14 | 00,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/11/09 23:32:05 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/08/05 21:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/08/13 23:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/05/23 04:20:43 | 00,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/02/22 05:14:18 | 00,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/08/24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/07/25 15:41:42 | 00,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 15:22:44 | 00,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/07/11 08:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-977133856-3146212173-2201167782-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKU\S-1-5-21-977133856-3146212173-2201167782-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKU\S-1-5-21-977133856-3146212173-2201167782-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-977133856-3146212173-2201167782-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-977133856-3146212173-2201167782-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-977133856-3146212173-2201167782-1000\S-1-5-21-977133856-3146212173-2201167782-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/04/17 21:58:26 | 00,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Mozilla\Extensions
[2008/11/26 20:01:57 | 00,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/04/17 21:58:26 | 00,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006/09/18 21:41:30 | 00,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-977133856-3146212173-2201167782-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-977133856-3146212173-2201167782-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-977133856-3146212173-2201167782-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-977133856-3146212173-2201167782-1000\..Trusted Domains: google.com ([maps] http in Trusted sites)
O15 - HKU\S-1-5-21-977133856-3146212173-2201167782-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ari\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ari\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5009f015-bbf4-11dd-8f0a-001c2353688c}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 11:18:47 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/01/19 16:29:33 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe
[2010/01/19 16:16:31 | 00,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Malwarebytes
[2010/01/19 16:16:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/19 16:16:26 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/19 16:16:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/19 16:16:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/17 23:15:55 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/13 15:49:20 | 00,000,000 | -H-D | C] -- C:\Users\Ari\Desktop\le
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/19 16:31:14 | 03,670,016 | -HS- | M] () -- C:\Users\Ari\NTUSER.DAT
[2010/01/19 16:29:46 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe
[2010/01/19 16:26:00 | 00,027,649 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/19 16:25:49 | 00,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/19 16:25:49 | 00,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/19 16:25:46 | 00,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/19 16:25:44 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/19 16:25:42 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/19 16:24:07 | 06,291,456 | -H-- | M] () -- C:\Users\Ari\AppData\Local\IconCache.db
[2010/01/19 16:16:30 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/19 13:13:19 | 00,205,312 | ---- | M] () -- C:\Users\Ari\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/19 12:37:00 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/19 09:52:01 | 48,043,716 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/19 09:51:33 | 00,142,471 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/18 13:29:40 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/18 13:29:40 | 00,623,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/18 13:29:40 | 00,108,526 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/16 11:06:46 | 00,027,649 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/01/15 22:06:49 | 00,019,035 | ---- | M] () -- C:\Users\Ari\Desktop\mycar.jpg
[2010/01/13 23:40:32 | 00,000,000 | ---- | M] () -- C:\Windows\System32\null
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/19 16:16:30 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/15 22:05:01 | 00,019,035 | ---- | C] () -- C:\Users\Ari\Desktop\mycar.jpg
[2009/09/16 23:07:47 | 00,000,189 | ---- | C] () -- C:\Windows\sc.INI
[2009/06/14 14:27:27 | 00,000,023 | ---- | C] () -- C:\Windows\System32\sysmwwod.dll
[2009/01/03 16:13:14 | 00,000,552 | ---- | C] () -- C:\Users\Ari\AppData\Local\d3d8caps.dat
[2008/10/25 15:07:35 | 00,040,960 | R--- | C] () -- C:\Windows\System32\wh2robo.dll
[2008/09/22 22:33:38 | 00,034,308 | ---- | C] () -- C:\Windows\System32\Chip.dll
[2008/09/19 21:57:34 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/19 21:55:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/09/19 21:55:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/09/19 21:54:18 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/09/14 22:56:16 | 00,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/07/04 21:50:12 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/07/04 21:47:40 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/06/22 11:10:10 | 00,000,680 | ---- | C] () -- C:\Users\Ari\AppData\Local\d3d9caps.dat
[2008/06/12 21:29:40 | 00,676,224 | ---- | C] () -- C:\Windows\System32\ogacheckcontrol.dll
[2008/06/12 21:12:09 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/06/09 22:53:47 | 00,000,000 | ---- | C] () -- C:\Users\Ari\AppData\Roaming\wklnhst.dat
[2008/06/03 21:01:39 | 00,027,649 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/06/02 23:00:16 | 00,205,312 | ---- | C] () -- C:\Users\Ari\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/02 22:55:09 | 00,027,649 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/05/24 09:55:00 | 03,614,208 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/05/24 09:55:00 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/05/24 09:55:00 | 00,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2008/05/24 09:55:00 | 00,692,224 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008/05/24 09:55:00 | 00,455,680 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/05/24 09:55:00 | 00,211,968 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2008/05/24 09:55:00 | 00,204,800 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008/05/24 09:55:00 | 00,204,800 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2008/05/24 09:55:00 | 00,147,456 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2008/05/24 09:55:00 | 00,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008/05/24 09:55:00 | 00,115,200 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2008/05/24 09:55:00 | 00,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008/05/24 09:55:00 | 00,114,688 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2008/05/24 09:55:00 | 00,113,152 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2008/05/24 09:55:00 | 00,099,840 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2008/05/24 09:55:00 | 00,040,448 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2008/05/24 09:55:00 | 00,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2008/05/24 09:55:00 | 00,023,552 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008/05/24 09:55:00 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/03/29 15:42:22 | 00,245,248 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2008/03/29 15:42:20 | 00,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/03/29 15:42:14 | 00,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2008/03/29 15:42:08 | 00,148,992 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2008/03/29 15:42:04 | 00,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2008/03/29 15:42:04 | 00,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2008/03/29 15:42:02 | 00,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2008/03/29 15:42:00 | 00,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2008/03/29 15:41:54 | 00,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2008/03/29 15:41:52 | 00,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2008/03/29 15:41:52 | 00,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2007/10/13 09:30:20 | 00,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/07/25 15:40:02 | 00,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/06/28 18:54:10 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/08 23:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/11/14 23:06:28 | 00,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/11/23 00:11:14 | 00,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/06/12 21:12:02 | 00,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\DAEMON Tools
[2009/12/22 11:12:50 | 00,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\LimeWire
[2008/07/04 21:50:38 | 00,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Samsung
[2008/06/09 22:53:48 | 00,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Template
[2009/02/01 15:41:41 | 00,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\tmp
[2008/11/26 20:01:55 | 00,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\TomTom
[2008/10/25 15:52:29 | 00,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Watchtower
[2009/03/23 01:19:47 | 00,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Windows Live Writer
[2010/01/19 16:24:46 | 00,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/05/23 04:14:47 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2008/05/23 04:14:47 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008/05/23 04:14:47 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008/05/23 04:14:47 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/05/23 04:15:28 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_e6b2949c\atapi.sys
[2008/05/23 04:15:28 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20544_none_dbb443eb3d9db847\atapi.sys
[2006/11/02 09:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/05/23 04:15:16 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2008/05/23 04:32:37 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2008/05/23 04:32:37 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2008/05/23 04:32:37 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2008/05/23 04:32:37 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2008/05/23 04:14:45 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2008/05/23 04:14:45 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2008/05/23 04:15:16 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2008/05/23 04:15:16 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/05/23 04:26:55 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/05/23 04:26:55 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/05/23 04:26:55 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\drivers\atapi.sys
[2008/05/23 04:26:55 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/05/23 04:26:55 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/03/18 13:59:36 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Drivers\storage\R179638\iastor.sys
[2008/03/18 13:59:36 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2008/03/18 13:59:36 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2008/03/18 13:59:36 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys

< MD5 for: IASTORV.SYS >
[2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 09:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 09:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

< MD5 for: SCECLI.DLL >
[2006/11/02 09:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 09:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 11:31:42 | 00,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 11:31:37 | 00,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2006/11/02 09:47:18 | 00,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/05/23 04:27:14 | 00,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

========== Files - Unicode (All) ==========
[2009/05/11 20:02:04 | 00,029,696 | ---- | M] ()(C:\Users\Ari\Documents\?µ???a 1.doc) -- C:\Users\Ari\Documents\Ομιλια 1.doc
[2009/05/11 20:02:03 | 00,029,696 | ---- | C] ()(C:\Users\Ari\Documents\?µ???a 1.doc) -- C:\Users\Ari\Documents\Ομιλια 1.doc
[2009/02/15 20:04:24 | 00,027,136 | ---- | M] ()(C:\Users\Ari\Documents\?µ???a 3.doc) -- C:\Users\Ari\Documents\Ομιλια 3.doc
[2009/02/15 14:21:01 | 00,027,136 | ---- | C] ()(C:\Users\Ari\Documents\?µ???a 3.doc) -- C:\Users\Ari\Documents\Ομιλια 3.doc
[2008/11/17 21:38:22 | 00,032,768 | ---- | M] ()(C:\Users\Ari\Documents\?µ???a 2.doc) -- C:\Users\Ari\Documents\Ομιλια 2.doc
[2008/11/16 23:21:13 | 00,032,768 | ---- | C] ()(C:\Users\Ari\Documents\?µ???a 2.doc) -- C:\Users\Ari\Documents\Ομιλια 2.doc
< End of report >

___________________________

OTL Extras logfile created on: 19/01/2010 16:30:57 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Ari\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.95 Gb Total Space | 75.62 Gb Free Space | 54.42% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.74 Gb Free Space | 57.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ARI-PC
Current User Name: Ari
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2576F0E6-4E07-420B-8E78-D9F27BD18E71}" = lport=445 | protocol=6 | dir=in | app=system |
"{35199EB8-DBF2-4AC7-A913-2DF28E78EF1D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39321716-D0CC-4907-9140-051B791A113F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4661CEAF-6616-4606-AB00-FFCAC857B149}" = lport=139 | protocol=6 | dir=in | app=system |
"{58F56E26-940E-41F8-9C1C-76B3DD5E260B}" = lport=138 | protocol=17 | dir=in | app=system |
"{596D2307-4E46-4270-ADC6-CFE3359A3DF7}" = rport=445 | protocol=6 | dir=out | app=system |
"{733C0FF4-9CC1-48A4-AB6D-8C8DE67CC792}" = rport=137 | protocol=17 | dir=out | app=system |
"{955E460C-58C1-4FD5-88E9-612C64C410A9}" = lport=137 | protocol=17 | dir=in | app=system |
"{B9FEEA8C-7703-47D2-8330-4E31C6DF9B40}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CDC629C2-B95E-4334-A7FA-C888B6D6A644}" = rport=139 | protocol=6 | dir=out | app=system |
"{E166D335-E681-49AB-B56D-DE9236346715}" = rport=138 | protocol=17 | dir=out | app=system |
"{E5F72EE2-29F7-43E1-BFE8-E1F1E9E0F34A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F5F76C02-6AB7-498D-8DAA-8740CEE2358B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1034F899-63D8-471C-AF5B-E9B41955A0B2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2187D05E-C24C-43BD-84ED-9F1293F86557}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{26D2701B-62AD-4CB9-B865-6D26A829A991}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{41D5AEC3-180E-47A8-ABFB-A6A7F7E9902F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4EE6BC49-EF5C-4687-A0AA-46731A715E91}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{50413C43-009B-4817-BE59-C6783543FE3B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{876AD100-BB8A-425E-AE44-3AF56B2AB806}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{8E15CA0F-DF6F-4FD4-93B6-A21362687626}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8E5FF97E-F033-4940-9CA8-05D98ADE6EF2}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{93C44D87-527E-431A-A69E-4B6480C61743}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{96BA0563-D45B-4882-8C85-279B96BAD134}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{97B92A2B-98FB-4C3F-AD05-B98B66ED2F36}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AD8E946D-337D-4DC2-A006-04BB8CF0B5A4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B3F125A6-6362-400E-956E-9BF2B6A20872}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D21D4E84-FE8E-4050-8F98-DDAFD0705FDD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E1FDCD69-CC72-4902-8E71-C4023C828216}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{06C78EEF-5568-473E-83E4-7EF15FB102B7}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{07BD7ED7-49E4-4806-A08F-0AD15D18D878}C:\program files\burst\core-new1.1.3\btdownloadheadless.exe" = protocol=6 | dir=in | app=c:\program files\burst\core-new1.1.3\btdownloadheadless.exe |
"TCP Query User{0DC3804F-540F-49EA-B401-72C215045F04}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{0FF29784-E13C-4DD1-876F-DA40E27BBA39}C:\program files\burst\core-new1.1.3\btdownloadheadless.exe" = protocol=6 | dir=in | app=c:\program files\burst\core-new1.1.3\btdownloadheadless.exe |
"TCP Query User{2FC827CA-7D96-4248-9F77-A87B2DABB9C4}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E1838A53-466D-4124-B437-9D3736A02679}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1A35DB66-59A8-4AC4-957F-444E9909427E}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{4035EE6C-407A-4B56-8F3D-1E5B2D980661}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{4DFCEA4B-A230-4E92-B5BA-5B70437DB53D}C:\program files\burst\core-new1.1.3\btdownloadheadless.exe" = protocol=17 | dir=in | app=c:\program files\burst\core-new1.1.3\btdownloadheadless.exe |
"UDP Query User{66ADBA9D-51AA-46D8-8FC4-0415BC1A83DE}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{9C6E05C1-8E6E-47DA-A67E-ACE93A460026}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C7263333-9443-46A5-A006-D1A2BC55F58F}C:\program files\burst\core-new1.1.3\btdownloadheadless.exe" = protocol=17 | dir=in | app=c:\program files\burst\core-new1.1.3\btdownloadheadless.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0B568EF0-5280-4E27-BE21-74D15F0BD8AF}" = Samsung PC Studio 3
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{42EED331-936C-446E-9374-077F7B028518}" = Watchtower Library 2006 - English Edition
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C994D98C-293D-4825-958E-EB684B4D413F}" = MSN Toolbar
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"ACE-HIGH MP3 WAV WMA OGG Converter" = ACE-HIGH MP3 WAV WMA OGG Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AVG9Uninstall" = AVG Free 9.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"LimeWire" = LimeWire PRO 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.2.0
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-977133856-3146212173-2201167782-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"burst" = burst! v3.1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/01/2010 07:15:38 | Computer Name = Ari-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, time stamp
0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0xaa0, application
start time 0x01ca950a831763f6.

Error - 14/01/2010 07:47:10 | Computer Name = Ari-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, time stamp
0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0x161c, application
start time 0x01ca950ed5dc4e86.

Error - 16/01/2010 05:36:48 | Computer Name = Ari-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, time stamp
0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0xb34, application
start time 0x01ca968f0772e360.

Error - 16/01/2010 07:16:17 | Computer Name = Ari-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18702 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: fbc Start Time: 01ca968e39d187e0 Termination Time: 31

Error - 16/01/2010 11:06:02 | Computer Name = Ari-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, time stamp
0x49b3ad2e, faulting module SRCHBXEX.dll, version 1.2.123.0, time stamp 0x496e977c,
exception code 0xc0000005, fault offset 0x0000ed38, process id 0x840, application
start time 0x01ca96bd5ca796c4.

Error - 17/01/2010 12:27:43 | Computer Name = Ari-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, time stamp
0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0x1730, application
start time 0x01ca9791922012a0.

Error - 19/01/2010 05:51:15 | Computer Name = Ari-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, time stamp
0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0x16fc, application
start time 0x01ca98ec8bced4d6.

Error - 19/01/2010 05:52:05 | Computer Name = Ari-PC | Source = VSS | ID = 8194
Description =

Error - 19/01/2010 06:07:37 | Computer Name = Ari-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, time stamp
0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0x9c0, application
start time 0x01ca98eebba8ca00.

Error - 19/01/2010 06:15:59 | Computer Name = Ari-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, time stamp
0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0x1544, application
start time 0x01ca98efebb2c600.

[ System Events ]
Error - 15/01/2010 17:21:13 | Computer Name = Ari-PC | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 16/01/2010 09:17:18 | Computer Name = Ari-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:15:51 on 16/01/2010 was unexpected.

Error - 16/01/2010 09:17:50 | Computer Name = Ari-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16/01/2010 20:34:18 | Computer Name = Ari-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17/01/2010 09:09:29 | Computer Name = Ari-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17/01/2010 19:12:10 | Computer Name = Ari-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17/01/2010 19:52:56 | Computer Name = Ari-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 17/01/2010 20:33:38 | Computer Name = Ari-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 18/01/2010 05:00:44 | Computer Name = Ari-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18/01/2010 12:21:51 | Computer Name = Ari-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.


< End of report >

Edited by Ari87, 19 January 2010 - 12:52 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:40 PM

Posted 19 January 2010 - 06:45 PM


Download Kenco.exe to your desktop
  • Close all windows and run the program
  • It wont take long to run. Post the log it gives you ( it will also be saved in the same place as Kenco.exe

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Ari87

Ari87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 19 January 2010 - 07:35 PM

Kenco by jpshortstuff (31.12.09.1)
Log created at 00:35 on 20/01/2010 (Ari)

========== Task Unlocker ==========

========== KencoScan ==========
C:\Windows\system32\bcdsrv.dll -> Error setting security information [5]!
C:\Windows\system32\scksp.dll -> Error setting security information [5]!

========== C:\Windows\Tasks ==========
GoogleUpdateTaskMachineCore.job -> [23:32 09/11/2009] 876 bytes
GoogleUpdateTaskMachineUA.job -> [23:32 09/11/2009] 880 bytes

-=E.O.F=-

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:40 PM

Posted 20 January 2010 - 08:12 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Ari87

Ari87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 20 January 2010 - 08:45 PM

ComboFix 10-01-20.04 - Ari 21/01/2010 1:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2046.920 [GMT 0:00]
Running from: c:\users\Ari\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-977133856-3146212173-2201167782-500
c:\program files\Java\jre6\bin\jucheck.exe
c:\windows\system32\Chip.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 01:41 . 2010-01-21 01:41 -------- d-----w- c:\users\Ari\AppData\Local\temp
2010-01-21 01:30 . 2010-01-21 01:32 -------- d-----w- C:\32788R22FWJFW
2010-01-19 16:16 . 2010-01-19 16:16 -------- d-----w- c:\users\Ari\AppData\Roaming\Malwarebytes
2010-01-19 16:16 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 16:16 . 2010-01-19 16:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 16:16 . 2010-01-19 16:16 -------- d-----w- c:\programdata\Malwarebytes
2010-01-19 16:16 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 09:52 . 2009-12-25 00:42 1260312 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-01-01 19:30 . 2010-01-01 19:30 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-01 11:50 . 2009-12-25 00:42 2033432 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2009-12-25 11:59 . 2009-12-25 23:43 -------- d-----w- c:\program files\E Zanga Removal Tool
2009-12-25 11:01 . 2009-12-25 11:01 4043544 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2009-12-25 11:01 . 2009-12-25 11:01 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2009-12-25 11:01 . 2009-12-25 00:42 916248 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2009-12-25 11:01 . 2009-12-25 00:42 2352920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2009-12-25 11:01 . 2010-01-01 11:49 3966744 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-12-25 00:43 . 2009-12-25 00:43 -------- d-----w- C:\$AVG
2009-12-25 00:42 . 2009-12-25 00:42 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-25 00:42 . 2009-12-25 00:42 -------- d-----w- c:\programdata\avg9
2009-12-24 15:56 . 2009-12-24 15:56 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 23:16 . 2008-06-12 22:07 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-16 11:06 . 2008-06-02 22:55 27649 ----a-w- c:\programdata\nvModes.dat
2010-01-01 19:30 . 2008-07-03 16:10 -------- d-----w- c:\program files\DivX
2009-12-25 00:42 . 2009-01-27 23:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-25 00:42 . 2008-06-13 18:47 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-25 00:42 . 2008-06-13 18:47 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-25 00:42 . 2008-06-13 18:46 -------- d-----w- c:\program files\AVG
2009-12-24 15:55 . 2008-05-23 00:09 -------- d-----w- c:\program files\Java
2009-12-22 11:12 . 2008-06-08 15:04 -------- d-----w- c:\users\Ari\AppData\Roaming\LimeWire
2009-12-21 18:13 . 2009-12-21 18:13 -------- d-----w- c:\program files\Common Files\Real
2009-12-21 18:13 . 2009-12-21 18:13 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-21 18:13 . 2009-12-21 18:13 -------- d-----w- c:\program files\Real
2009-12-20 00:07 . 2008-05-23 00:13 -------- d-----w- c:\program files\Google
2009-12-04 23:25 . 2009-12-04 23:25 -------- d-----w- c:\program files\Essentials Codec Pack
2009-11-23 00:11 . 2009-11-23 00:11 -------- d-----w- c:\users\Ari\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-11-14 23:05 . 2009-11-14 23:06 38208 ----a-w- c:\users\Ari\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-14 23:05 . 2009-11-14 23:06 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2008-05-23 00:11 . 2008-05-23 00:11 76 --sh--r- c:\windows\CT4CET.bin
2008-05-23 04:26 . 2008-05-23 04:14 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-05-23 1006264]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-22 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-22 4907008]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-02-22 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-05 166432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-05 13515296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-05 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-03-05 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-24 149280]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-21 198160]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [13/06/2008 18:47 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [25/12/2009 00:42 360584]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [23/05/2008 04:32 77824]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [25/12/2009 00:42 285392]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 11:31 92008]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [23/05/2008 04:33 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [23/05/2008 04:33 43480]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\System32\drivers\OEM13Vfx.sys [23/05/2008 04:32 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\System32\drivers\OEM13Vid.sys [28/05/2008 16:01 235840]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [12/06/2008 21:12 717296]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/11/2009 23:32 135664]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [01/10/2009 22:41 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
.
Contents of the 'Scheduled Tasks' folder

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 23:32]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
Trusted Zone: google.com\maps
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 01:41
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Ari\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-21 01:42:50
ComboFix-quarantined-files.txt 2010-01-21 01:42

Pre-Run: 80,889,241,600 bytes free
Post-Run: 81,325,555,712 bytes free

- - End Of File - - DE3BD8220CAFE321C8CB9773C85B52FB

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:40 PM

Posted 21 January 2010 - 08:18 AM

How is your computer behaving now? Any change?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Ari87

Ari87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 21 January 2010 - 10:04 AM

Sam,

It has stopped redirecting which is good.
I have seen that it removed a good few viruses/trojans/adware from the computer.

Its all working fine, so it seems. But I dont know what all the logs mean exactly. Would you say it looks cleaned up and should run fine or are there any other stuff running in the background which need attention?

Thanks

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:40 PM

Posted 22 January 2010 - 08:53 AM

Your log looks clean to me. Malwarebytes cleaned up a few trojans and then Combofix cleaned out some more malware. It doesn't look you had anything that's real common right now, just general malware.

Here are some final steps and then some recommendations for you.

Now we'll remove OTL and some of the other tools we've used.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  2. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  3. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  4. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  5. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  6. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

thumbup.gif smile.gif





Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Ari87

Ari87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 24 January 2010 - 06:56 PM

Thanks sam for all your help in sorting out my problem.

I will try and secure myself a little better now I know what I need to do to minimise the risk of getting viruses etc.
Just a few more questions:

As noted in some of the logs, I do have AVG that is an antivirus, spyware protector and some more stuff on there. Also have windows firewall.
Are they any good?

Could I keep Malwarebytes program, Combo Fix and OTL on the PC and run them say once a month or so to keep things clean, or could you recomend software to stop/minimise the risk of such infections? Also could I use any of the above programs to try and remove a trojan that avg has found on another pc but it cant remove it?

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:40 PM

Posted 25 January 2010 - 08:13 AM

AVG is a decent antivirus and Windows firewall is adequate for most people. I do recommend keeping Malwarebytes and running it often.

You should not keep OTL or Combofix. Both of these tools are specialized and should only be used by or with the assistance of someone who has been trained in their use. They are not meant for normal public use.

If you have another computer with a similar problem I would first run Malwarebytes as that may clear it up for you. If it still persists then you can start a new topic here on the forum and someone will assist you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:40 PM

Posted 10 February 2010 - 08:00 AM


Now that your malware problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this topic in your request.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users