Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan


  • This topic is locked This topic is locked
20 replies to this topic

#1 jaybird52

jaybird52

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 10 February 2010 - 05:19 PM

Hello and thanks in advance.
I'm new to this so bear with me. I have basic comptuer knowledge but not much more.

My problem is at least one trojan and several other malware trackers according to pc doctor.
I am trying to take an online real estate course and the adobe AIR player which the course requires me to run causes the explorer.exe to max out at 100% cpu usage after a short time open. I noticed that trying to watch videos on you tube has the same result, 100% usage.
Once again thanks and I'll check this often to try and remidy the problem. Dell wanted $129 to fix it for me. I don't have the money right now, that's why I'm trying to get the real estate license. Ha!


DDS (Ver_09-12-01.01) - NTFSx86
Run by jay at 15:32:58.40 on Wed 02/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.117 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus C120 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticca.exe /fu "c:\windows\temp\E_SB8.tmp" /EF "HKCU"
uRun: [Aprr] "c:\docume~1\jay~1.jay\applic~1\asks~1\javaw.exe" -vt yazb
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [UMonit] c:\windows\system32\umonit.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [{803F4E73-0958-1033-1018-040305130001}] "c:\program files\common files\{803f4e73-0958-1033-1018-040305130001}\Update.exe" te-110-12-0000213
mRun: [{803F4E73-0957-1033-1018-040305130001}] "c:\program files\common files\{803f4e73-0957-1033-1018-040305130001}\Update.exe" te-110-12-0000213
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9d.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264652207206
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-6 207792]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-4-27 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-4-27 108552]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-6 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-6 359624]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-6 1141712]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-4-27 335240]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys --> c:\windows\system32\drivers\fixustor.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 332928]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-9 908056]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-9 297752]
S4 COM+ Messages;COM+ Messages;"c:\windows\system32\svchosts.exe" -e te-110-12-0000213 --> c:\windows\system32\svchosts.exe [?]

=============== Created Last 30 ================

2010-02-06 15:27:24 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-02-06 15:27:24 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-06 15:27:22 882 ----a-w- c:\windows\RegSDImport.xml
2010-02-06 15:27:22 879 ----a-w- c:\windows\RegISSImport.xml
2010-02-06 15:27:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-06 15:27:21 131 ----a-w- c:\windows\IDB.zip
2010-02-06 15:27:18 1152444 ----a-w- c:\windows\UDB.zip
2010-02-06 15:27:17 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-06 15:27:17 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-02-06 15:27:17 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-02-06 15:19:52 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-02-06 15:19:52 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-06 15:19:31 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-02-06 15:19:30 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-06 15:19:30 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-02-06 15:19:30 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-06 15:19:12 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-02-06 15:19:12 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-06 15:18:47 0 d-----w- c:\program files\common files\PC Tools
2010-02-06 15:18:46 0 d-----w- c:\program files\Spyware Doctor
2010-02-06 15:18:46 0 d-----w- c:\docume~1\jay~1.jay\applic~1\PC Tools
2010-02-06 15:18:46 0 d-----w- c:\docume~1\alluse~1.win\applic~1\PC Tools
2010-02-06 15:13:35 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Citrix
2010-02-06 15:13:02 0 d-----w- c:\program files\Citrix
2010-02-05 03:59:58 1790504 ----a-w- C:\WindowsXP-KB884534-x86-ENU.exe
2010-02-05 02:06:55 0 d-----w- c:\program files\Trend Micro
2010-02-05 01:36:26 0 d-----w- c:\program files\TrendMicro
2010-02-05 00:44:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-05 00:44:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-05 00:44:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-05 00:44:56 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-05 00:44:55 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-05 00:44:49 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-05 00:41:44 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-04 04:50:01 0 d-----w- c:\windows\system32\scripting
2010-02-04 04:49:58 0 d-----w- c:\windows\l2schemas
2010-02-04 04:49:57 0 d-----w- c:\windows\system32\en
2010-02-04 04:01:17 0 d-----w- c:\docume~1\alluse~1.win\applic~1\RegCure
2010-02-04 03:49:05 0 d-----w- c:\windows\PCTEL
2010-02-04 03:12:14 0 d-----w- c:\program files\Modem Helper
2010-02-02 03:34:54 0 d-----w- c:\windows\system32\NtmsData
2010-01-28 04:53:34 0 d-sh--w- c:\documents and settings\jay.jay-laptop\IECompatCache
2010-01-27 07:55:32 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-27 06:35:35 0 d-----w- c:\windows\network diagnostic
2010-01-26 00:23:45 68336 ----a-w- C:\WindowsXP-KB903737-x86-Symbols-ENU.exe
2010-01-26 00:23:45 519920 ----a-w- C:\WindowsXP-KB903737-x86-ENU.exe
2010-01-25 03:24:56 0 d-----w- c:\docume~1\jay~1.jay\applic~1\Malwarebytes
2010-01-25 03:24:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 03:24:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 03:24:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-25 03:24:47 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-01-25 02:42:24 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-25 02:23:37 0 d-----w- c:\docume~1\alluse~1.win\applic~1\AVG Security Toolbar
2010-01-25 02:23:29 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-25 02:23:28 0 d--h--w- C:\$AVG8.VAULT$
2010-01-25 02:23:28 0 d-----w- c:\docume~1\jay~1.jay\applic~1\AVGTOOLBAR
2010-01-25 02:23:28 0 d-----w- c:\docume~1\alluse~1.win\applic~1\avg8
2010-01-25 00:18:10 0 d-----w- c:\windows\ie8updates
2010-01-25 00:14:52 0 dc-h--w- c:\windows\ie8
2010-01-14 00:11:33 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2010-01-13 20:32:06 0 d-----w- c:\program files\WebEx
2010-01-13 20:32:05 0 ----a-w- c:\documents and settings\jay.jay-laptop\webex.tmp
2010-01-13 17:14:34 0 d-----w- c:\program files\Showcase 5

==================== Find3M ====================

2009-12-22 05:42:49 662016 ----a-w- c:\windows\system32\wininet(4).dll
2009-12-22 05:42:49 662016 ----a-w- c:\windows\system32\wininet(3).dll
2009-12-22 05:42:49 624640 ----a-w- c:\windows\system32\urlmon(4).dll
2009-12-22 05:42:49 624640 ----a-w- c:\windows\system32\urlmon(3).dll
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2005-07-29 22:24:26 472 --sha-r- c:\windows\amf5\uAIc.vbs

============= FINISH: 15:34:20.22 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:02 PM

Posted 11 February 2010 - 08:42 AM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  • Click the "Run Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 jaybird52

jaybird52
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 11 February 2010 - 10:05 AM

Hello Sam and Thank you for you're help!

otl.txt
OTL logfile created on: 2/11/2010 8:07:32 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\jay.JAY-LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 192.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 27.01 Gb Free Space | 72.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 39.02 Mb Total Space | 39.02 Mb Free Space | 100.00% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAY-LAPTOP
Current User Name: jay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/11 08:06:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\OTL.exe
PRC - [2010/01/21 17:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/18 12:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 18:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/11/07 21:00:00 | 000,294,912 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2002/10/11 12:30:44 | 000,126,976 | R--- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002/10/11 12:29:46 | 000,561,152 | R--- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


========== Modules (SafeList) ==========

MOD - [2010/02/11 08:06:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\OTL.exe
MOD - [2009/11/21 09:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\aclayers.dll
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 000,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2008/04/13 18:12:05 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll
MOD - [2002/10/11 12:30:26 | 000,065,536 | R--- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (COM+ Messages)
SRV - [2010/02/06 09:13:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/01/21 17:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/21 15:14:22 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/21 15:14:09 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2004/10/25 15:01:52 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2002/11/07 22:22:10 | 000,147,456 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)


========== Driver Services (SafeList) ==========

DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/21 15:14:33 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/21 15:14:33 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/05/07 12:01:48 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/06/27 01:39:42 | 000,332,928 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2008/02/24 16:26:27 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/11/15 19:39:45 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2006/11/15 19:39:45 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2006/11/15 19:39:45 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2006/11/15 19:39:45 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2002/12/17 12:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/12/17 12:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/12/17 11:41:36 | 000,042,368 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/11 17:57:16 | 000,193,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2002/11/07 22:31:36 | 000,539,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/10/11 12:21:36 | 000,264,528 | R--- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2002/09/24 10:53:06 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2002/09/03 10:53:10 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\S-1-5-21-789336058-2146703087-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/01/13 21:52:34 | 000,373,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12872 more lines...
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [{803F4E73-0957-1033-1018-040305130001}] C:\Program Files\Common Files\{803F4E73-0957-1033-1018-040305130001}\Update.exe File not found
O4 - HKLM..\Run: [{803F4E73-0958-1033-1018-040305130001}] C:\Program Files\Common Files\{803F4E73-0958-1033-1018-040305130001}\Update.exe File not found
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe File not found
O4 - HKU\S-1-5-21-789336058-2146703087-1060284298-1004..\Run: [Aprr] C:\DOCUME~1\JAY~1.JAY\APPLIC~1\ASKS~1\javaw.exe File not found
O4 - HKU\S-1-5-21-789336058-2146703087-1060284298-1004..\Run: [EPSON Stylus C120 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9d.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9d.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1264652207206 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto.com/upload/activex/v3_...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/12 19:49:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/11/14 20:21:37 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (57987238226558976)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/11 08:06:27 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\OTL.exe
[2010/02/10 15:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\gmer
[2010/02/08 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\08 SHERCO
[2010/02/08 16:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\duncanville
[2010/02/06 09:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\Threat Expert
[2010/02/06 09:27:21 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/02/06 09:27:17 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/02/06 09:27:17 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/02/06 09:27:17 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/02/06 09:19:52 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/06 09:19:30 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/02/06 09:19:30 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/02/06 09:19:12 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/06 09:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/02/06 09:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/02/06 09:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\PC Tools
[2010/02/06 09:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
[2010/02/06 09:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Citrix
[2010/02/06 09:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/02/06 09:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\Citrix
[2010/02/04 21:59:58 | 001,790,504 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB884534-x86-ENU.exe
[2010/02/04 20:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/04 19:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/04 18:44:57 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/02/04 18:44:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/02/04 18:44:55 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/02/04 18:44:49 | 011,070,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/02/04 05:16:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/02/03 22:50:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/02/03 22:49:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/02/03 22:49:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/02/03 22:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegCure
[2010/02/03 21:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCTEL
[2010/02/03 21:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Helper
[2010/02/01 21:34:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/01/27 22:53:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\IECompatCache
[2010/01/27 22:49:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/01/27 22:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\Showcase 5
[2010/01/27 22:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\New Folder
[2010/01/27 00:35:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/01/25 18:23:45 | 000,519,920 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB903737-x86-ENU.exe
[2010/01/25 18:23:45 | 000,068,336 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB903737-x86-Symbols-ENU.exe
[2010/01/24 21:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\Malwarebytes
[2010/01/24 21:24:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/24 21:24:47 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/24 21:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/24 21:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/01/24 20:50:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\Unused Desktop Shortcuts
[2010/01/24 20:42:24 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/24 20:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
[2010/01/24 20:23:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/01/24 20:23:28 | 000,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2010/01/24 20:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\AVGTOOLBAR
[2010/01/24 20:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
[2010/01/24 18:18:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/24 18:14:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/15 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\1009 country club
[2010/01/15 09:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\8309 quail
[2010/01/13 18:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2010/01/13 14:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2010/01/13 11:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/01/13 11:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Showcase 5
[2006/11/12 20:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/11/12 20:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/11/12 19:49:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/11/12 19:49:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\jay.JAY-LAPTOP\*.tmp files -> C:\Documents and Settings\jay.JAY-LAPTOP\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/11 08:06:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\OTL.exe
[2010/02/10 16:20:27 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\ntuser.dat
[2010/02/10 15:56:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/10 15:56:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/10 15:54:41 | 000,013,698 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/10 15:38:19 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\gmer.zip
[2010/02/10 15:32:49 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\dds.scr
[2010/02/09 19:30:44 | 000,018,936 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/06 09:19:20 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk
[2010/02/04 22:26:01 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\ntuser.ini
[2010/02/04 20:25:35 | 000,000,583 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/04 20:25:35 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/04 20:25:35 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/02/04 18:56:23 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/04 18:56:23 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/04 18:56:23 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/04 18:54:32 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/04 18:50:29 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/04 05:20:26 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\ntuser.dat
[2010/02/04 05:17:15 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/03 22:42:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/02/03 22:13:20 | 005,884,218 | -H-- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\IconCache.db
[2010/02/03 21:56:56 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\Shortcut to Showcase 5.lnk
[2010/02/03 21:51:34 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Modem Helper.lnk
[2010/02/03 21:48:01 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/01/29 15:38:43 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 21:24:52 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/21 17:21:07 | 000,165,840 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/01/21 17:21:07 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/01/21 17:21:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\RegSDImport.xml
[2010/01/21 17:21:07 | 000,000,879 | ---- | M] () -- C:\WINDOWS\RegISSImport.xml
[2010/01/21 17:21:06 | 001,652,688 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/01/21 17:21:05 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/13 21:52:34 | 000,373,451 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/13 17:28:46 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\housecall.guid.cache
[2010/01/13 14:00:38 | 000,380,089 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\showcaseloader.air
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\jay.JAY-LAPTOP\*.tmp files -> C:\Documents and Settings\jay.JAY-LAPTOP\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/10 15:37:56 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\gmer.zip
[2010/02/10 15:31:48 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\dds.scr
[2010/02/06 09:27:24 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/02/06 09:27:24 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/02/06 09:27:22 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/02/06 09:27:22 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/02/06 09:27:21 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/02/06 09:27:18 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/02/06 09:19:52 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/02/06 09:19:31 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/02/06 09:19:30 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/02/06 09:19:20 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk
[2010/02/06 09:19:12 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/02/03 21:56:56 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\Shortcut to Showcase 5.lnk
[2010/02/03 21:48:00 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/02/03 21:12:16 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Modem Helper.lnk
[2010/01/27 00:35:26 | 003,932,160 | ---- | C] () -- C:\Documents and Settings\jay.JAY-LAPTOP\ntuser.dat
[2010/01/24 21:24:52 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/13 17:28:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\housecall.guid.cache
[2010/01/13 14:00:37 | 000,380,089 | ---- | C] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\showcaseloader.air
[2008/03/02 15:48:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/02 15:48:26 | 000,000,077 | ---- | C] () -- C:\WINDOWS\EPSC120.ini
[2007/08/21 21:12:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ktdll.dll
[2007/08/09 12:08:04 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/03/08 15:09:14 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/17 09:03:06 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2007/01/17 09:03:05 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2007/01/17 09:03:05 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2007/01/17 09:03:05 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2007/01/17 09:03:05 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/11/27 18:17:45 | 000,000,596 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/11/15 19:46:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI
[2006/11/15 19:45:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/14 20:56:08 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/08/31 11:43:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2004/11/09 12:11:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/11/09 12:10:28 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/11/09 12:05:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/11/09 11:59:26 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2003/10/08 08:09:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/09/12 10:04:04 | 001,790,504 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB884534-x86-ENU.exe
[2005/07/08 21:16:42 | 000,519,920 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB903737-x86-ENU.exe
[2005/07/08 21:16:26 | 000,068,336 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB903737-x86-Symbols-ENU.exe


< MD5 for: AGP440.SYS >
[2008/04/27 11:22:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/02/03 22:33:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/27 11:22:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/02/03 22:33:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/02/03 22:33:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/03 11:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/04/27 11:22:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/02/03 22:33:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/27 11:22:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/02/03 22:33:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/02/03 22:33:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2002/09/03 10:27:33 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Files - Unicode (All) ==========
[2007/10/19 06:14:27 | 000,000,000 | ---D | M](C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\?asks) -- C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\Тasks
[2007/10/19 06:14:27 | 000,000,000 | ---D | M](C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\?asks) -- C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\Тasks
[2007/09/08 09:33:21 | 000,000,000 | ---D | M](C:\Documents and Settings\jay.JAY-LAPTOP\My Documents\s?stem32) -- C:\Documents and Settings\jay.JAY-LAPTOP\My Documents\sуstem32
[2007/08/27 14:46:28 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fοnts
[2007/08/27 14:46:28 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fοnts
[2007/08/26 13:47:17 | 000,000,000 | ---D | C](C:\Documents and Settings\jay.JAY-LAPTOP\My Documents\s?stem32) -- C:\Documents and Settings\jay.JAY-LAPTOP\My Documents\sуstem32
[2006/12/26 22:37:01 | 000,000,000 | ---D | M](C:\Documents and Settings\jay.JAY-LAPTOP\My Documents\?dobe) -- C:\Documents and Settings\jay.JAY-LAPTOP\My Documents\Αdobe
[2006/12/11 21:15:06 | 000,000,000 | ---D | M](C:\WINDOWS\S?mantec) -- C:\WINDOWS\Sуmantec
[2006/12/11 21:15:06 | 000,000,000 | ---D | C](C:\WINDOWS\S?mantec) -- C:\WINDOWS\Sуmantec
[2006/12/06 10:11:28 | 000,000,000 | ---D | M](C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
[2006/12/06 10:11:28 | 000,000,000 | ---D | M](C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
[2006/12/02 10:44:56 | 000,000,000 | ---D | M](C:\WINDOWS\A?pPatch) -- C:\WINDOWS\AрpPatch
[2006/12/02 10:44:56 | 000,000,000 | ---D | C](C:\Documents and Settings\jay.JAY-LAPTOP\My Documents\?dobe) -- C:\Documents and Settings\jay.JAY-LAPTOP\My Documents\Αdobe
[2006/11/29 16:47:24 | 000,000,000 | ---D | M](C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\?ystem) -- C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\ѕystem
[2006/11/29 16:47:24 | 000,000,000 | ---D | M](C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\?ystem) -- C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\ѕystem
[2006/11/28 14:25:21 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fοnts
[2006/11/28 14:25:21 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fοnts
[2006/11/19 00:23:51 | 000,000,000 | ---D | C](C:\WINDOWS\A?pPatch) -- C:\WINDOWS\AрpPatch
(C:\Program Files\F?nts) -- C:\Program Files\Fοnts
(C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fοnts
(C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
(C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\?ystem) -- C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\ѕystem
(C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\?asks) -- C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\Тasks

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
< End of report >


extras.txt
OTL Extras logfile created on: 2/11/2010 8:07:32 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\jay.JAY-LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 192.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 27.01 Gb Free Space | 72.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 39.02 Mb Total Space | 39.02 Mb Free Space | 100.00% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAY-LAPTOP
Current User Name: jay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{417B79C9-CDB4-477F-952D-840CEFC57A6C}" = AccessDirect
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = B44Inst
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{862C5690-945A-7B56-B20E-1DCC31D43FA0}" = Showcase 5
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.5
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"CompuCram Appraisal" = CompuCram Appraisal
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"EPSON Printer and Utilities" = EPSON Printer Software
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x Driver Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Showcase5.020F14101B17C697C75DF967A6D0AD909BCFBD44.1" = Showcase 5
"Silent Package Run-Time Sample" = EPSON C120 User's Guide
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics TouchPad
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/1/2009 12:10:08 PM | Computer Name = JAY-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/1/2009 12:20:48 PM | Computer Name = JAY-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/24/2009 9:14:48 PM | Computer Name = JAY-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/3/2009 10:15:08 PM | Computer Name = JAY-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/4/2009 1:37:41 PM | Computer Name = JAY-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x0063006f.

Error - 12/20/2009 9:37:47 PM | Computer Name = JAY-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/20/2009 10:18:19 PM | Computer Name = JAY-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/20/2009 10:18:20 PM | Computer Name = JAY-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/20/2009 10:20:28 PM | Computer Name = JAY-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/20/2009 10:20:38 PM | Computer Name = JAY-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/4/2010 11:48:37 PM | Computer Name = JAY-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/4/2010 11:48:38 PM | Computer Name = JAY-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/5/2010 12:11:50 AM | Computer Name = JAY-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86

Error - 2/5/2010 1:22:36 AM | Computer Name = JAY-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86

Error - 2/8/2010 1:10:04 PM | Computer Name = JAY-LAPTOP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 76.185.58.150 on
the Network Card with network address 000D56AEA17D.

Error - 2/8/2010 1:10:08 PM | Computer Name = JAY-LAPTOP | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/8/2010 1:10:08 PM | Computer Name = JAY-LAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/8/2010 1:10:08 PM | Computer Name = JAY-LAPTOP | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/8/2010 1:10:08 PM | Computer Name = JAY-LAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/10/2010 5:58:02 PM | Computer Name = JAY-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86


< End of report >


#4 jaybird52

jaybird52
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 11 February 2010 - 01:44 PM

The internet is running slower than usual at this point. Could be the snow.
Jay

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:02 PM

Posted 11 February 2010 - 04:35 PM

It looks AVG is not loading properly. Have you noticed that?

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O4 - HKLM..\Run: [{803F4E73-0957-1033-1018-040305130001}] C:\Program Files\Common Files\{803F4E73-0957-1033-1018-040305130001}\Update.exe File not found
    O4 - HKLM..\Run: [{803F4E73-0958-1033-1018-040305130001}] C:\Program Files\Common Files\{803F4E73-0958-1033-1018-040305130001}\Update.exe File not found
    O4 - HKLM..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe File not found
    O4 - HKU\S-1-5-21-789336058-2146703087-1060284298-1004..\Run: [Aprr] C:\DOCUME~1\JAY~1.JAY\APPLIC~1\ASKS~1\javaw.exe File not found
    O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9d.exe File not found
    O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9d.exe File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    @Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\jay.JAY-LAPTOP\*.tmp files -> C:\Documents and Settings\jay.JAY-LAPTOP\*.tmp -> ]

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.



Let me know how your computer is behaving after this step.



Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 jaybird52

jaybird52
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 11 February 2010 - 05:35 PM

Hello Sam,
Computer is still processing slow, even as I'm typing this. Adobe AIR player is still maxing out cpu usage at 100%. Icon images are still missing on the desktop and I sometimes see black icon images. I'm now getting an hourglass as I'm typing. I attempted to remove AVG from my computer several days agoand was not successful. Typing this is extremely delayed now.
Here are the logs you asked for.
Thanks
Jay

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\{803F4E73-0957-1033-1018-040305130001} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{803F4E73-0957-1033-1018-040305130001}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\{803F4E73-0958-1033-1018-040305130001} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{803F4E73-0958-1033-1018-040305130001}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UMonit deleted successfully.
Registry value HKEY_USERS\S-1-5-21-789336058-2146703087-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Aprr deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-789336058-2146703087-1060284298-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-789336058-2146703087-1060284298-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8 deleted successfully.
C:\WINDOWS\002173_.tmp deleted successfully.
C:\WINDOWS\005299_.tmp deleted successfully.
C:\WINDOWS\SET14.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SETA.tmp deleted successfully.
C:\WINDOWS\system.tmp deleted successfully.
C:\WINDOWS\win.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\jay.JAY-LAPTOP\webex.tmp deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\AрpPatch folder moved successfully.
C:\WINDOWS\Sуmantec folder moved successfully.
C:\Program Files\Fοnts folder moved successfully.
C:\Program Files\Ѕуmantec folder moved successfully.
C:\Program Files\Common Files\Fοnts folder moved successfully.
C:\Documents and Settings\jay.JAY-LAPTOP\My Documents\Αdobe folder moved successfully.
C:\Documents and Settings\jay.JAY-LAPTOP\My Documents\sуstem32 folder moved successfully.
C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\ѕystem folder moved successfully.
C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\Тasks folder moved successfully.

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 204550 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: jay
->Temp folder emptied: 393273 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: jay.JAY-LAPTOP
->Temp folder emptied: 331117806 bytes
->Temporary Internet Files folder emptied: 14653785 bytes

User: JAY~1~JAY

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 639673 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 989281 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49240 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2413367 bytes
RecycleBin emptied: 1796658715 bytes

Total Files Cleaned = 2,048.00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02112010_160202

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



OTL.TXT LOG




OTL logfile created on: 2/11/2010 4:08:33 PM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\jay.JAY-LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 231.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 27.39 Gb Free Space | 73.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 39.02 Mb Total Space | 39.02 Mb Free Space | 99.99% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAY-LAPTOP
Current User Name: jay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/11 08:06:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\OTL.exe
PRC - [2010/01/21 17:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/18 12:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 18:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/11/07 21:00:00 | 000,294,912 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2002/10/11 12:30:44 | 000,126,976 | R--- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002/10/11 12:29:46 | 000,561,152 | R--- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


========== Modules (SafeList) ==========

MOD - [2010/02/11 08:06:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\OTL.exe
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 000,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2002/10/11 12:30:26 | 000,065,536 | R--- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (COM+ Messages)
SRV - [2010/02/06 09:13:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/01/21 17:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/21 15:14:22 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/21 15:14:09 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2004/10/25 15:01:52 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2002/11/07 22:22:10 | 000,147,456 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)


========== Driver Services (SafeList) ==========

DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/21 15:14:33 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/21 15:14:33 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/05/07 12:01:48 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/06/27 01:39:42 | 000,332,928 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2008/02/24 16:26:27 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/11/15 19:39:45 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2006/11/15 19:39:45 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2006/11/15 19:39:45 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2006/11/15 19:39:45 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2002/12/17 12:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/12/17 12:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/12/17 11:41:36 | 000,042,368 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/11 17:57:16 | 000,193,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2002/11/07 22:31:36 | 000,539,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/10/11 12:21:36 | 000,264,528 | R--- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2002/09/24 10:53:06 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2002/09/03 10:53:10 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\S-1-5-21-789336058-2146703087-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/01/13 21:52:34 | 000,373,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12872 more lines...
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-789336058-2146703087-1060284298-1004..\Run: [EPSON Stylus C120 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCA.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-2146703087-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1264652207206 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto.com/upload/activex/v3_...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/12 19:49:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/11/14 20:21:37 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (66431487527878656)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/11 16:02:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/11 08:06:27 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\OTL.exe
[2010/02/10 15:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\gmer
[2010/02/08 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\08 SHERCO
[2010/02/08 16:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\duncanville
[2010/02/06 09:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\Threat Expert
[2010/02/06 09:27:21 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/02/06 09:27:17 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/02/06 09:27:17 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/02/06 09:27:17 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/02/06 09:19:52 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/06 09:19:30 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/02/06 09:19:30 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/02/06 09:19:12 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/06 09:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/02/06 09:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/02/06 09:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\PC Tools
[2010/02/06 09:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
[2010/02/06 09:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Citrix
[2010/02/06 09:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/02/06 09:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\Citrix
[2010/02/04 21:59:58 | 001,790,504 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB884534-x86-ENU.exe
[2010/02/04 20:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/04 19:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/04 18:44:57 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/02/04 18:44:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/02/04 18:44:55 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/02/04 18:44:49 | 011,070,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/02/04 05:16:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/02/03 22:50:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/02/03 22:49:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/02/03 22:49:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/02/03 22:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegCure
[2010/02/03 21:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCTEL
[2010/02/03 21:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Helper
[2010/02/01 21:34:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/01/27 22:53:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\IECompatCache
[2010/01/27 22:49:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/01/27 22:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\Showcase 5
[2010/01/27 22:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\New Folder
[2010/01/27 00:35:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/01/25 18:23:45 | 000,519,920 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB903737-x86-ENU.exe
[2010/01/25 18:23:45 | 000,068,336 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB903737-x86-Symbols-ENU.exe
[2010/01/24 21:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\Malwarebytes
[2010/01/24 21:24:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/24 21:24:47 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/24 21:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/24 21:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/01/24 20:50:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\Unused Desktop Shortcuts
[2010/01/24 20:42:24 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/24 20:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
[2010/01/24 20:23:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/01/24 20:23:28 | 000,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2010/01/24 20:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Application Data\AVGTOOLBAR
[2010/01/24 20:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
[2010/01/24 18:18:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/24 18:14:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/15 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\1009 country club
[2010/01/15 09:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\8309 quail
[2010/01/13 18:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2010/01/13 14:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2010/01/13 11:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/01/13 11:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Showcase 5
[2006/11/12 20:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/11/12 20:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/11/12 19:49:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/11/12 19:49:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/02/11 16:03:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/11 16:03:43 | 000,013,698 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/11 16:03:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/11 16:02:55 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\ntuser.dat
[2010/02/11 16:02:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\ntuser.ini
[2010/02/11 08:06:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\OTL.exe
[2010/02/10 15:38:19 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\gmer.zip
[2010/02/10 15:32:49 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\dds.scr
[2010/02/09 19:30:44 | 000,018,936 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/06 09:19:20 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk
[2010/02/04 20:25:35 | 000,000,583 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/04 20:25:35 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/04 20:25:35 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/02/04 18:56:23 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/04 18:56:23 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/04 18:56:23 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/04 18:54:32 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/04 18:50:29 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/04 05:20:26 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\ntuser.dat
[2010/02/04 05:17:15 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/03 22:42:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/02/03 22:13:20 | 005,884,218 | -H-- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\IconCache.db
[2010/02/03 21:56:56 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\Shortcut to Showcase 5.lnk
[2010/02/03 21:51:34 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Modem Helper.lnk
[2010/02/03 21:48:01 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/01/29 15:38:43 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 21:24:52 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/21 17:21:07 | 000,165,840 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/01/21 17:21:07 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/01/21 17:21:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\RegSDImport.xml
[2010/01/21 17:21:07 | 000,000,879 | ---- | M] () -- C:\WINDOWS\RegISSImport.xml
[2010/01/21 17:21:06 | 001,652,688 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/01/21 17:21:05 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/13 21:52:34 | 000,373,451 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/13 17:28:46 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\housecall.guid.cache
[2010/01/13 14:00:38 | 000,380,089 | ---- | M] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\showcaseloader.air

========== Files Created - No Company Name ==========

[2010/02/10 15:37:56 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\gmer.zip
[2010/02/10 15:31:48 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\dds.scr
[2010/02/06 09:27:24 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/02/06 09:27:24 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/02/06 09:27:22 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/02/06 09:27:22 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/02/06 09:27:21 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/02/06 09:27:18 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/02/06 09:19:52 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/02/06 09:19:31 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/02/06 09:19:30 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/02/06 09:19:20 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk
[2010/02/06 09:19:12 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/02/03 21:56:56 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\Shortcut to Showcase 5.lnk
[2010/02/03 21:48:00 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/02/03 21:12:16 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Modem Helper.lnk
[2010/01/27 00:35:26 | 003,932,160 | ---- | C] () -- C:\Documents and Settings\jay.JAY-LAPTOP\ntuser.dat
[2010/01/24 21:24:52 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/13 17:28:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\housecall.guid.cache
[2010/01/13 14:00:37 | 000,380,089 | ---- | C] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Desktop\showcaseloader.air
[2008/03/02 15:48:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/02 15:48:26 | 000,000,077 | ---- | C] () -- C:\WINDOWS\EPSC120.ini
[2007/08/21 21:12:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ktdll.dll
[2007/08/09 12:08:04 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/03/08 15:09:14 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\jay.JAY-LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/27 18:17:45 | 000,000,596 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/11/15 19:46:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI
[2006/11/15 19:45:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/14 20:56:08 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/08/31 11:43:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2004/11/09 12:11:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/11/09 12:10:28 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/11/09 12:05:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/11/09 11:59:26 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2003/10/08 08:09:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/09/12 10:04:04 | 001,790,504 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB884534-x86-ENU.exe
[2005/07/08 21:16:42 | 000,519,920 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB903737-x86-ENU.exe
[2005/07/08 21:16:26 | 000,068,336 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB903737-x86-Symbols-ENU.exe


< MD5 for: AGP440.SYS >
[2008/04/27 11:22:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/02/03 22:33:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/27 11:22:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/02/03 22:33:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/02/03 22:33:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/03 11:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/04/27 11:22:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/02/03 22:33:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/27 11:22:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/02/03 22:33:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/02/03 22:33:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2002/09/03 10:27:33 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
< End of report >


#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:02 PM

Posted 11 February 2010 - 05:47 PM

Download and run AVG Remover to get rid of AVG.
http://www.avg.com/us-en/download-tools



Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 jaybird52

jaybird52
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 11 February 2010 - 08:28 PM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:02 PM

Posted 12 February 2010 - 07:43 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 jaybird52

jaybird52
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 12 February 2010 - 05:36 PM

ComboFix 10-02-12.01 - jay 02/12/2010 16:07:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.289 [GMT -6:00]
Running from: c:\documents and settings\jay.JAY-LAPTOP\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\COMMON~1\{303F4~1
c:\progra~1\COMMON~1\{803F4~1
c:\progra~1\COMMON~1\{803F4~2
c:\recycler\S-1-5-21-1214440339-854245398-1343024091-1004
c:\windows\system32\tsuninst.exe
c:\windows\system32\wtstr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COM+_MESSAGES
-------\Service_COM+ Messages


((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 01:21 . 2010-02-12 01:21 77312 ----a-w- C:\mbr.exe
2010-02-11 22:02 . 2010-02-11 22:02 -------- d-----w- C:\_OTL
2010-02-06 15:54 . 2010-02-06 15:54 -------- d-----w- c:\documents and settings\jay.JAY-LAPTOP\Local Settings\Application Data\Threat Expert
2010-02-06 15:46 . 2010-02-06 15:46 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2010-02-06 15:27 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-06 15:27 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-06 15:27 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2010-02-06 15:27 . 2009-10-28 07:36 1152444 ----a-w- c:\windows\UDB.zip
2010-02-06 15:27 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-06 15:27 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-02-06 15:19 . 2009-10-30 17:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-06 15:19 . 2009-11-09 17:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-06 15:19 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-06 15:19 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-06 15:18 . 2010-02-06 15:28 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-06 15:18 . 2010-02-12 22:25 -------- d-----w- c:\program files\Spyware Doctor
2010-02-06 15:18 . 2010-02-06 15:18 -------- d-----w- c:\documents and settings\jay.JAY-LAPTOP\Application Data\PC Tools
2010-02-06 15:18 . 2010-02-06 15:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2010-02-06 15:13 . 2010-02-06 15:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Citrix
2010-02-06 15:13 . 2010-02-06 15:13 -------- d-----w- c:\program files\Citrix
2010-02-06 15:12 . 2010-02-06 15:12 -------- d-----w- c:\documents and settings\jay.JAY-LAPTOP\Local Settings\Application Data\Citrix
2010-02-05 03:59 . 2007-09-12 16:04 1790504 ----a-w- C:\WindowsXP-KB884534-x86-ENU.exe
2010-02-05 02:06 . 2010-02-05 02:06 -------- d-----w- c:\program files\Trend Micro
2010-02-05 01:36 . 2010-02-05 01:36 -------- d-----w- c:\program files\TrendMicro
2010-02-05 00:44 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-05 00:44 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-05 00:44 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-05 00:44 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-05 00:44 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-05 00:44 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-05 00:41 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-04 11:16 . 2010-02-04 11:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-26 00:23 . 2005-07-09 03:16 519920 ----a-w- C:\WindowsXP-KB903737-x86-ENU.exe
2010-01-26 00:23 . 2005-07-09 03:16 68336 ----a-w- C:\WindowsXP-KB903737-x86-Symbols-ENU.exe
2010-01-25 03:24 . 2010-01-25 03:24 -------- d-----w- c:\documents and settings\jay.JAY-LAPTOP\Application Data\Malwarebytes
2010-01-25 03:24 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 03:24 . 2010-01-25 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-25 03:24 . 2010-01-25 03:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-01-25 03:24 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 02:42 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-25 02:23 . 2010-02-12 01:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2010-01-25 02:23 . 2010-01-25 02:23 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\AVGTOOLBAR
2010-01-25 02:23 . 2010-02-12 01:16 -------- d-----w- c:\documents and settings\jay.JAY-LAPTOP\Application Data\AVGTOOLBAR
2010-01-25 02:23 . 2010-01-25 02:23 -------- d-----w- C:\$AVG8.VAULT$
2010-01-25 02:12 . 2010-01-25 02:12 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-01-25 02:11 . 2010-01-25 02:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-01-25 02:11 . 2010-01-25 02:14 -------- d-s---w- c:\documents and settings\Administrator
2010-01-25 00:18 . 2010-01-25 00:18 -------- d-----w- c:\windows\ie8updates
2010-01-25 00:14 . 2010-01-28 04:49 -------- dc-h--w- c:\windows\ie8
2010-01-14 00:11 . 2010-01-25 02:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 22:27 . 2006-12-27 03:33 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-02-10 01:30 . 2007-03-23 22:53 18936 ----a-w- c:\documents and settings\jay.JAY-LAPTOP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-06 15:12 . 2010-02-06 15:12 61224 ----a-w- c:\windows\java\GoToAssistDownloadHelper.exe
2010-02-05 03:49 . 2010-02-04 04:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\RegCure
2010-02-04 04:53 . 2006-11-15 02:21 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-02-04 03:51 . 2010-02-04 03:12 -------- d-----w- c:\program files\Modem Helper
2010-02-04 03:48 . 2006-11-13 02:18 -------- d-----w- c:\program files\Digital Line Detect
2010-02-04 03:12 . 2006-11-13 02:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-04 02:29 . 2006-11-13 02:25 -------- d-----w- c:\program files\Dell
2010-01-28 04:08 . 2010-01-28 04:10 38784 ----a-w- c:\documents and settings\jay.JAY-LAPTOP\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-28 04:08 . 2010-01-28 04:10 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-25 02:22 . 2010-01-13 20:32 -------- d-----w- c:\program files\WebEx
2010-01-13 17:15 . 2010-01-13 17:14 -------- d-----w- c:\program files\Showcase 5
2010-01-13 17:15 . 2010-01-13 17:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-22 05:42 . 2006-08-31 02:42 624640 ----a-w- c:\windows\system32\urlmon(4).dll
2009-12-22 05:42 . 2006-08-31 02:42 624640 ----a-w- c:\windows\system32\urlmon(3).dll
2009-12-22 05:42 . 2006-06-23 17:33 662016 ----a-w- c:\windows\system32\wininet(4).dll
2009-12-22 05:42 . 2006-06-23 17:33 662016 ----a-w- c:\windows\system32\wininet(3).dll
2009-12-21 19:14 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2002-09-03 16:26 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2005-07-29 22:24 . 2006-11-19 06:56 472 --sha-r- c:\windows\amF5\uAIc.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-11-08 294912]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-11 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-11 561152]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-12 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-02-06 15:12 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gbewzx]
c:\windows\A?pPatch\l?ass.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odwlyc]
c:\documents and settings\jay.JAY-LAPTOP\My Documents\s?stem32\n?lookup.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 18:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-02-02 16:59 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DadApp]
2002-11-01 22:47 208560 ----a-w- c:\program files\Dell\AccessDirect\DadApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 04:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"COM+ Messages"=2 (0x2)
"cmdService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2/6/2010 9:19 AM 207792]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2/6/2010 9:27 AM 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/6/2010 9:18 AM 359624]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys --> c:\windows\system32\drivers\fixustor.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [6/27/2008 1:39 AM 332928]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-AvgRemover - c:\documents and settings\jay.JAY-LAPTOP\Local Settings\Temporary Internet Files\Content.IE5\QMZUGB9V\avgremover[1].exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-Insider - c:\program files\Insider\Insider.exe
MSConfigStartUp-MapEDC - c:\program files\MapEDC\MapEDC.exe
MSConfigStartUp-rqii - c:\progra~1\COMMON~1\rqii\rqiim.exe
MSConfigStartUp-WinPop - c:\program files\WinPop\winpop.exe
MSConfigStartUp-xInsIDE - c:\program files\xInsIDE\xInsIDE.exe



**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xF874B000]<< >>UNKNOWN [0xF873B000]<< >>UNKNOWN [0xF85CD000]<< >>UNKNOWN [0xF8616000]<< >>UNKNOWN [0x806EE000]<< >>UNKNOWN [0xF8CB3000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0xf874ff28
\Driver\ACPI -> 0xf8682cb8
\Driver\atapi -> 0xf861c852
IoDeviceObjectType -> DeleteProcedure -> 0x805a05a9
ParseProcedure -> 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> 0x805a05a9
ParseProcedure -> 0x8056ea15
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> 0xf8511bb0
PacketIndicateHandler -> 0xf851ea21
SendHandler -> 0xf84fc87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(1160)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-12 16:34:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-12 22:34

Pre-Run: 29,298,257,920 bytes free
Post-Run: 29,235,953,664 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 3A3EDE8C20703CFBAB3318F59ADC2A33


#11 jaybird52

jaybird52
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 12 February 2010 - 05:39 PM

My apologies our power has been out due to the snowstorm in Texas. We got 12+ inches yesterday and last night breaking all sorts of records. I am still experiencing the same problems at this point.
Thanks,
Jay

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:02 PM

Posted 12 February 2010 - 05:49 PM

Wow, that's quite a snowstorm for down there!

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

CODE
Driver::
fixustor

File::
c:\windows\amF5\uAIc.vbs

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gbewzx]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odwlyc]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"COM+ Messages"=-

mbr::

Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.



This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.



What is the status on AVG?



Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 jaybird52

jaybird52
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 12 February 2010 - 09:05 PM

AVG is not listed in my add/remove programs list, but when I run the combofix, it states that AVG is running. I followed the link you gave me in a previous post to uninstall AVG, but I don't think it fully uninstalled. Here is the latest log.

Jay

ComboFix 10-02-12.01 - jay 02/12/2010 19:26:53.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.325 [GMT -6:00]
Running from: c:\documents and settings\jay.JAY-LAPTOP\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jay.JAY-LAPTOP\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\amF5\uAIc.vbs"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\amF5\uAIc.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_fixustor


((((((((((((((((((((((((( Files Created from 2010-01-13 to 2010-02-13 )))))))))))))))))))))))))))))))
.

2010-02-12 01:21 . 2010-02-12 01:21 77312 ----a-w- C:\mbr.exe
2010-02-11 22:02 . 2010-02-11 22:02 -------- d-----w- C:\_OTL
2010-02-06 15:54 . 2010-02-06 15:54 -------- d-----w- c:\documents and settings\jay.JAY-LAPTOP\Local Settings\Application Data\Threat Expert
2010-02-06 15:46 . 2010-02-06 15:46 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2010-02-06 15:27 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-06 15:27 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-06 15:27 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2010-02-06 15:27 . 2009-10-28 07:36 1152444 ----a-w- c:\windows\UDB.zip
2010-02-06 15:27 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-06 15:27 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-02-06 15:19 . 2009-10-30 17:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-06 15:19 . 2009-11-09 17:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-06 15:19 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-06 15:19 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-06 15:18 . 2010-02-06 15:28 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-06 15:18 . 2010-02-13 01:05 -------- d-----w- c:\program files\Spyware Doctor
2010-02-06 15:18 . 2010-02-06 15:18 -------- d-----w- c:\documents and settings\jay.JAY-LAPTOP\Application Data\PC Tools
2010-02-06 15:18 . 2010-02-06 15:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2010-02-06 15:13 . 2010-02-06 15:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Citrix
2010-02-06 15:13 . 2010-02-06 15:13 -------- d-----w- c:\program files\Citrix
2010-02-06 15:12 . 2010-02-06 15:12 -------- d-----w- c:\documents and settings\jay.JAY-LAPTOP\Local Settings\Application Data\Citrix
2010-02-05 03:59 . 2007-09-12 16:04 1790504 ----a-w- C:\WindowsXP-KB884534-x86-ENU.exe
2010-02-05 02:06 . 2010-02-05 02:06 -------- d-----w- c:\program files\Trend Micro
2010-02-05 01:36 . 2010-02-05 01:36 -------- d-----w- c:\program files\TrendMicro
2010-02-05 00:44 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-05 00:44 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-05 00:44 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-05 00:44 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-05 00:44 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-05 00:44 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-05 00:41 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-04 11:16 . 2010-02-04 11:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-26 00:23 . 2005-07-09 03:16 519920 ----a-w- C:\WindowsXP-KB903737-x86-ENU.exe
2010-01-26 00:23 . 2005-07-09 03:16 68336 ----a-w- C:\WindowsXP-KB903737-x86-Symbols-ENU.exe
2010-01-25 03:24 . 2010-01-25 03:24 -------- d-----w- c:\documents and settings\jay.JAY-LAPTOP\Application Data\Malwarebytes
2010-01-25 03:24 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 03:24 . 2010-01-25 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-25 03:24 . 2010-01-25 03:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-01-25 03:24 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 02:42 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-25 02:23 . 2010-02-12 01:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2010-01-25 02:23 . 2010-01-25 02:23 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\AVGTOOLBAR
2010-01-25 02:23 . 2010-02-12 01:16 -------- d-----w- c:\documents and settings\jay.JAY-LAPTOP\Application Data\AVGTOOLBAR
2010-01-25 02:23 . 2010-01-25 02:23 -------- d-----w- C:\$AVG8.VAULT$
2010-01-25 02:12 . 2010-01-25 02:12 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-01-25 02:11 . 2010-01-25 02:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-01-25 02:11 . 2010-01-25 02:14 -------- d-s---w- c:\documents and settings\Administrator
2010-01-25 00:18 . 2010-01-25 00:18 -------- d-----w- c:\windows\ie8updates
2010-01-25 00:14 . 2010-01-28 04:49 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 01:39 . 2006-12-27 03:33 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-02-10 01:30 . 2007-03-23 22:53 18936 ----a-w- c:\documents and settings\jay.JAY-LAPTOP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-06 15:12 . 2010-02-06 15:12 61224 ----a-w- c:\windows\java\GoToAssistDownloadHelper.exe
2010-02-05 03:49 . 2010-02-04 04:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\RegCure
2010-02-04 04:53 . 2006-11-15 02:21 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-02-04 03:51 . 2010-02-04 03:12 -------- d-----w- c:\program files\Modem Helper
2010-02-04 03:48 . 2006-11-13 02:18 -------- d-----w- c:\program files\Digital Line Detect
2010-02-04 03:12 . 2006-11-13 02:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-04 02:29 . 2006-11-13 02:25 -------- d-----w- c:\program files\Dell
2010-01-28 04:08 . 2010-01-28 04:10 38784 ----a-w- c:\documents and settings\jay.JAY-LAPTOP\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-28 04:08 . 2010-01-28 04:10 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-25 02:22 . 2010-01-13 20:32 -------- d-----w- c:\program files\WebEx
2010-01-25 02:22 . 2010-01-14 00:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-01-13 17:15 . 2010-01-13 17:14 -------- d-----w- c:\program files\Showcase 5
2010-01-13 17:15 . 2010-01-13 17:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-22 05:42 . 2006-08-31 02:42 624640 ----a-w- c:\windows\system32\urlmon(4).dll
2009-12-22 05:42 . 2006-08-31 02:42 624640 ----a-w- c:\windows\system32\urlmon(3).dll
2009-12-22 05:42 . 2006-06-23 17:33 662016 ----a-w- c:\windows\system32\wininet(4).dll
2009-12-22 05:42 . 2006-06-23 17:33 662016 ----a-w- c:\windows\system32\wininet(3).dll
2009-12-21 19:14 . 2006-06-23 17:33 916480 ------w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2002-09-03 16:26 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-11-08 294912]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-11 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-11 561152]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-12 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-02-06 15:12 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 18:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-02-02 16:59 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DadApp]
2002-11-01 22:47 208560 ----a-w- c:\program files\Dell\AccessDirect\DadApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 04:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2/6/2010 9:19 AM 207792]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2/6/2010 9:27 AM 112592]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [6/27/2008 1:39 AM 332928]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/6/2010 9:18 AM 359624]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(1236)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-12 19:45:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-13 01:45
ComboFix2.txt 2010-02-12 22:34

Pre-Run: 29,180,948,480 bytes free
Post-Run: 29,146,968,064 bytes free

- - End Of File - - E25947784568C0908805963825513141


#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:02 PM

Posted 14 February 2010 - 08:28 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

CODE
Folder::
c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\AVGTOOLBAR
c:\documents and settings\jay.JAY-LAPTOP\Application Data\AVGTOOLBAR
C:\$AVG8.VAULT$

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=-
"avg8emc"=-

Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.



This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.




How is your computer behaving now?



Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 jaybird52

jaybird52
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 14 February 2010 - 12:00 PM

computer is acting the same. Still 100% cpu usage on Adobe AIR. Delayed typing right now, missing icon images etc.
Thanks,

ComboFix 10-02-12.01 - jay 02/14/2010 10:09:21.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.330 [GMT -6:00]
Running from: c:\documents and settings\jay.JAY-LAPTOP\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jay.JAY-LAPTOP\Desktop\CFScript 2.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$AVG8.VAULT$
c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
c:\documents and settings\jay.JAY-LAPTOP\Application Data\AVGTOOLBAR
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\AVGTOOLBAR

.
((((((((((((((((((((((((( Files Created from 2010-01-14 to 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-12 01:21 . 2010-02-12 01:21 77312 ----a-w- C:\mbr.exe
2010-02-11 22:02 . 2010-02-11 22:02 -------- d-----w- C:\_OTL
2010-02-06 15:54 . 2010-02-06 15:54 -------- d-----w- c:\documents and settings\jay.JAY-LAPTOP\Local Settings\Application Data\Threat Expert
2010-02-06 15:46 . 2010-02-06 15:46 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2010-02-06 15:27 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-06 15:27 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-06 15:27 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2010-02-06 15:27 . 2009-10-28 07:36 1152444 ----a-w- c:\windows\UDB.zip
2010-02-06 15:27 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-06 15:27 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-02-06 15:19 . 2009-10-30 17:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-06 15:19 . 2009-11-09 17:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-06 15:19 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-06 15:19 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-06 15:18 . 2010-02-06 15:28 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-06 15:18 . 2010-02-13 01:05 -------- d-----w- c:\program files\Spyware Doctor
2010-02-06 15:18 . 2010-02-06 15:18 -------- d-----w- c:\documents and settings\jay.JAY-LAPTOP\Application Data\PC Tools
2010-02-06 15:18 . 2010-02-06 15:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2010-02-06 15:13 . 2010-02-06 15:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Citrix
2010-02-06 15:13 . 2010-02-06 15:13 -------- d-----w- c:\program files\Citrix
2010-02-06 15:12 . 2010-02-06 15:12 -------- d-----w- c:\documents and settings\jay.JAY-LAPTOP\Local Settings\Application Data\Citrix
2010-02-05 03:59 . 2007-09-12 16:04 1790504 ----a-w- C:\WindowsXP-KB884534-x86-ENU.exe
2010-02-05 02:06 . 2010-02-05 02:06 -------- d-----w- c:\program files\Trend Micro
2010-02-05 01:36 . 2010-02-05 01:36 -------- d-----w- c:\program files\TrendMicro
2010-02-05 00:44 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-05 00:44 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-05 00:44 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-05 00:44 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-05 00:44 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-05 00:44 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-05 00:41 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-04 11:16 . 2010-02-04 11:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-26 00:23 . 2005-07-09 03:16 519920 ----a-w- C:\WindowsXP-KB903737-x86-ENU.exe
2010-01-26 00:23 . 2005-07-09 03:16 68336 ----a-w- C:\WindowsXP-KB903737-x86-Symbols-ENU.exe
2010-01-25 03:24 . 2010-01-25 03:24 -------- d-----w- c:\documents and settings\jay.JAY-LAPTOP\Application Data\Malwarebytes
2010-01-25 03:24 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 03:24 . 2010-01-25 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-25 03:24 . 2010-01-25 03:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-01-25 03:24 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 02:42 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-25 02:12 . 2010-01-25 02:12 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-01-25 02:11 . 2010-01-25 02:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-01-25 02:11 . 2010-01-25 02:14 -------- d-s---w- c:\documents and settings\Administrator
2010-01-25 00:18 . 2010-01-25 00:18 -------- d-----w- c:\windows\ie8updates
2010-01-25 00:14 . 2010-01-28 04:49 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 16:05 . 2006-12-27 03:33 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-02-10 01:30 . 2007-03-23 22:53 18936 ----a-w- c:\documents and settings\jay.JAY-LAPTOP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-06 15:12 . 2010-02-06 15:12 61224 ----a-w- c:\windows\java\GoToAssistDownloadHelper.exe
2010-02-05 03:49 . 2010-02-04 04:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\RegCure
2010-02-04 04:53 . 2006-11-15 02:21 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-02-04 03:51 . 2010-02-04 03:12 -------- d-----w- c:\program files\Modem Helper
2010-02-04 03:48 . 2006-11-13 02:18 -------- d-----w- c:\program files\Digital Line Detect
2010-02-04 03:12 . 2006-11-13 02:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-04 02:29 . 2006-11-13 02:25 -------- d-----w- c:\program files\Dell
2010-01-28 04:08 . 2010-01-28 04:10 38784 ----a-w- c:\documents and settings\jay.JAY-LAPTOP\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-28 04:08 . 2010-01-28 04:10 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-25 02:22 . 2010-01-13 20:32 -------- d-----w- c:\program files\WebEx
2010-01-25 02:22 . 2010-01-14 00:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-01-13 17:15 . 2010-01-13 17:14 -------- d-----w- c:\program files\Showcase 5
2010-01-13 17:15 . 2010-01-13 17:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-22 05:42 . 2006-08-31 02:42 624640 ----a-w- c:\windows\system32\urlmon(4).dll
2009-12-22 05:42 . 2006-08-31 02:42 624640 ----a-w- c:\windows\system32\urlmon(3).dll
2009-12-22 05:42 . 2006-06-23 17:33 662016 ----a-w- c:\windows\system32\wininet(4).dll
2009-12-22 05:42 . 2006-06-23 17:33 662016 ----a-w- c:\windows\system32\wininet(3).dll
2009-12-21 19:14 . 2006-06-23 17:33 916480 ------w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2002-09-03 16:26 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-11-08 294912]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-11 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-11 561152]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-12 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-02-06 15:12 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 18:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-02-02 16:59 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DadApp]
2002-11-01 22:47 208560 ----a-w- c:\program files\Dell\AccessDirect\DadApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 04:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2/6/2010 9:19 AM 207792]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2/6/2010 9:27 AM 112592]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [6/27/2008 1:39 AM 332928]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/6/2010 9:18 AM 359624]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(1024)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-02-14 10:17:14
ComboFix-quarantined-files.txt 2010-02-14 16:17
ComboFix2.txt 2010-02-13 01:45
ComboFix3.txt 2010-02-12 22:34

Pre-Run: 29,139,501,056 bytes free
Post-Run: 29,104,066,560 bytes free

- - End Of File - - 2C7E31322800BA4F425BDF2E49C49FBB





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users