Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Defense, Win7 Antivirus/XP Internet Security, Sheur2?


  • This topic is locked This topic is locked
11 replies to this topic

#1 MZA

MZA

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 21 February 2010 - 05:54 PM

Hi all,

So the problem started about a month ago when Malware Defense got onto my system. I took it into Geek Squad to have it fixed. I had to take it back because Firefox and IE were still redirecting to random websites when I was using them. I got it back the second time, had it for about five minutes and then had to take it back in again because SpywareDoctor picked up some leftover bits of Malware Defense. The third time I got it back, it worked fine for about 2-3 weeks until yesterday when I started getting pop-ups from XP Internet Security. I followed the "How to remove XP Internet Security..." instructions on BleepingComputer but would like you guys to take a look at it and make sure it's actually clean (I don't really want to drop another $200 at Geek Squad...).

Also, I only really use my computer for boring stuff (shopping, school, etc.) so I'm not sure how the malware got on there in the first place.

I'll post/attach the DDS logs but I couldn't get GMER to run to completion (the computer restarts saying "a serious error has occurred").

Last of all, thank you and any help would be greatly appreciated.


DDS (Ver_09-12-01.01) - NTFSx86
Run by owner at 11:49:29.77 on Sat 02/20/2010
BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.163 [GMT -8:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264714099312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\s7txy9rg.default\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fhl%3Den%26tab%3Dwm%26ui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&ltmpl=default&ltmplcache=2&hl=en
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPStreamPlug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-14 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-14 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-14 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-14 285392]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2004-3-5 201984]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2004-3-5 20864]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2005-12-15 28800]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2005-12-15 217472]
S0 omsrrol;omsrrol;c:\windows\system32\drivers\pibse.sys --> c:\windows\system32\drivers\pibse.sys [?]

=============== Created Last 30 ================

2010-02-15 00:14:27 0 d--h--w- C:\$AVG
2010-02-15 00:14:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-15 00:14:06 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-15 00:13:59 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-15 00:13:45 0 d-----w- c:\windows\system32\drivers\Avg
2010-02-15 00:13:42 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-02-15 00:13:16 0 d-----w- c:\program files\AVG
2010-02-15 00:13:14 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-02-03 00:25:25 0 d-----w- c:\program files\iTunes
2010-01-29 02:36:54 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2010-01-29 01:22:47 0 d-----w- c:\windows\system32\CatRoot2
2010-01-29 00:09:33 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-01-29 00:09:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 00:09:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-27 20:12:16 0 d-----w- C:\New Folder
2010-01-24 23:09:02 0 d-----w- c:\program files\MSSOAP
2010-01-24 23:08:15 1563008 ----a-w- c:\windows\WRSetup.dll
2010-01-24 23:08:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot

==================== Find3M ====================

2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-01 05:06:08 61032 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2008-03-05 03:48:32 0 -c--a-w- c:\program files\temp01

============= FINISH: 11:51:35.00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:01 PM

Posted 23 February 2010 - 03:02 PM

Hi MZA,

My names Syler and I will be helping you with your malware issues.

  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:

  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.



We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • Rootrepeal.txt
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#3 MZA

MZA
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 23 February 2010 - 09:48 PM

Thanks so much for the help! I really appreciate it.


OTL logfile created on: 2/23/2010 1:43:01 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 363.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.16 Gb Total Space | 22.38 Gb Free Space | 25.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-2D4C2DDC
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/23 12:26:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
PRC - [2010/02/18 22:55:45 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/14 16:13:27 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/14 16:13:26 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/14 16:13:26 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/14 16:13:25 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/14 16:13:23 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/14 16:13:18 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/24 15:09:25 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/11 14:04:02 | 001,403,976 | ---- | M] (BigFix, Inc.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2009/05/11 14:04:00 | 002,341,960 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/24 08:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/01 02:20:02 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005/11/28 16:42:52 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/11/24 17:29:32 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2005/11/24 17:29:30 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/11/24 17:29:30 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2005/11/24 17:29:26 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/09/01 11:44:46 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/09/01 11:44:46 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/09/01 11:44:42 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/05/20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005/03/11 17:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2004/11/17 19:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 08:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/02/20 14:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2004/02/17 14:58:48 | 000,204,873 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
PRC - [2004/02/17 14:57:36 | 000,241,737 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe


========== Modules (SafeList) ==========

MOD - [2010/02/23 12:26:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - [2010/02/14 16:13:18 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/24 15:09:25 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/11 14:04:00 | 002,341,960 | ---- | M] (BigFix Inc.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2009/04/11 13:17:46 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2009/04/11 13:17:44 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2009/04/11 13:17:26 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/12/06 22:20:56 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 22:20:52 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/16 00:34:35 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/11/29 22:06:00 | 000,143,437 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/10/14 10:41:12 | 001,982,464 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/10/11 12:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/10/11 12:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/10/11 12:00:46 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/10/06 14:28:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/09/27 05:19:26 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/09/01 11:44:46 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/09/01 11:44:46 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/09/01 11:44:42 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/08/30 15:00:50 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/08/30 14:55:18 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/08/30 14:49:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/07/14 19:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/05/20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/03/11 17:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/02/17 14:58:48 | 000,204,873 | ---- | M] (Trend Micro Incorporated.) [Auto | Running] -- C:\Program Files\Trend Micro\Antivirus\tmproxy.exe -- (tmproxy)
SRV - [2004/02/17 14:57:36 | 000,241,737 | ---- | M] (Trend Micro Incorporated.) [Auto | Running] -- C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe -- (Tmntsrv)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/02/14 16:14:07 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/14 16:14:00 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/14 16:13:57 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/01/09 15:18:02 | 000,027,136 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2008/05/20 17:33:50 | 000,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/11/13 02:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/05/01 02:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/04/09 06:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 06:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 06:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/01/31 16:48:57 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2006/01/31 16:48:56 | 000,049,664 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/01/31 16:48:53 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/12/16 00:34:35 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/12/15 21:06:28 | 000,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/11/30 14:12:16 | 000,028,800 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2005/11/29 22:06:00 | 003,600,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/27 07:36:08 | 001,427,968 | ---- | M] (Intel« Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/24 17:29:28 | 001,353,820 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/11/17 13:40:46 | 001,076,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/15 22:36:20 | 000,036,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/10/25 10:31:40 | 000,232,448 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/10/18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 16:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/07 21:50:48 | 000,108,672 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005/10/07 21:30:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/10/05 16:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/10/04 12:59:00 | 000,217,472 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2005/09/21 09:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2005/09/20 15:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2005/09/16 16:35:58 | 000,046,592 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/09/15 18:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/06 13:33:26 | 000,176,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/06/13 13:58:04 | 000,162,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 12:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/01 12:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 04:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/03/05 11:53:06 | 000,201,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TmXPFlt.sys -- (Tmfilter)
DRV - [2004/03/05 11:53:06 | 000,020,864 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (Tmpreflt)
DRV - [2004/03/05 11:29:36 | 000,929,968 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\VSAPINT.SYS -- (Vsapint)
DRV - [2004/02/17 14:48:44 | 000,014,976 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\tmtdi.sys -- (tmtdi)
DRV - [2001/08/17 10:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2000/12/05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 19:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
DRV - [2000/03/29 14:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E D9 66 AC 59 AC CA 01 [binary data]
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "IMDB"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fhl%3Den%26tab%3Dwm%26ui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&ltmpl=default&ltmplcache=2&hl=en"
FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:1.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/14 16:13:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/14 16:13:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 22:56:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 14:29:50 | 000,000,000 | ---D | M]

[2008/12/04 22:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2010/02/22 13:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\extensions
[2010/01/05 07:57:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/04 15:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\extensions\amznUWL@amazon.com
[2009/11/15 13:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\extensions\zotero@chnm.gmu.edu
[2007/04/14 18:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Sunbird\Profiles\pn5birq3.default\extensions
[2009/11/01 21:29:52 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\searchplugins\dictionarycom.xml
[2009/03/31 15:05:14 | 000,002,042 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\searchplugins\facebook.xml
[2008/05/04 12:16:10 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\searchplugins\imdb.xml
[2009/11/01 21:30:13 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\searchplugins\thesauruscom.xml
[2008/05/04 12:15:43 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\searchplugins\wikipedia-eng.xml
[2010/02/22 13:23:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/07/06 23:22:00 | 000,806,912 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npActiveGS.dll
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/06/28 15:22:00 | 001,212,416 | ---- | M] (cedelia) -- C:\Program Files\Mozilla Firefox\plugins\NPStreamPlug.dll

O1 HOSTS File: ([2010/01/27 00:19:05 | 000,032,090 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 1.httpdads.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 207-87-18-203.wsmg.digex.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 a.mktw.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 a.tribalfusion.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 a207.p.f.qz3.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 a3.suntimes.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 actionsplash.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.abcnews.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.adsmart.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.adtraq.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.atlas.cz #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.au.doubleclick.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.be.doubleclick.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.blm.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.ca.doubleclick.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.ch.doubleclick.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.de.doubleclick.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.dogpile.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.doubleclick.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.doubleclick.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.fr.doubleclick.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.harmony-central.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.horvitznewspapers.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.howstuffworks.com #SpySweeperCASS
O1 - Hosts: 656 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-945108622-783547475-1226566484-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-945108622-783547475-1226566484-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-945108622-783547475-1226566484-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\Partseal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-945108622-783547475-1226566484-1005..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-945108622-783547475-1226566484-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-945108622-783547475-1226566484-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-945108622-783547475-1226566484-1005\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1264714099312 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-945108622-783547475-1226566484-1005 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper HighColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper HighColor 1280x800.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/15 20:14:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9a1e960c-1486-11de-b2d7-0013a90fbcd0}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{9a1e960c-1486-11de-b2d7-0013a90fbcd0}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{9e8032a8-29fa-11dd-b28f-001302071394}\Shell - "" = AutoRun
O33 - MountPoints2\{9e8032a8-29fa-11dd-b28f-001302071394}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e8032a8-29fa-11dd-b28f-001302071394}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9e8032a9-29fa-11dd-b28f-001302071394}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{ebd3ebac-b5f0-11de-b325-001302071394}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\mri.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/12/15 20:13:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found
MsConfig - StartUpReg: Aim6 - hkey= - key= - C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe (America Online, Inc.)
MsConfig - StartUpReg: BlackBerryAutoUpdate - hkey= - key= - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
MsConfig - StartUpReg: ccApp - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found
MsConfig - StartUpReg: DW6 - hkey= - key= - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
MsConfig - StartUpReg: EA Core - hkey= - key= - C:\Program Files\Electronic Arts\EADM\Core.exe File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\AOL\1134721647\ee\aolsoftware.exe (America Online, Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: IPHSend - hkey= - key= - C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
MsConfig - StartUpReg: IS CfgWiz - hkey= - key= - C:\Program Files\Norton Internet Security\cfgwiz.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: pccguide.exe - hkey= - key= - C:\Program Files\Trend Micro\Antivirus\pccguide.exe (Trend Micro Incorporated.)
MsConfig - StartUpReg: PCClient.exe - hkey= - key= - C:\Program Files\Trend Micro\Antivirus\PCClient.exe (Trend Micro Incorporated.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
MsConfig - StartUpReg: SSC_UserPrompt - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TM Outbreak Agent - hkey= - key= - C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe (Trend Micro Incorporated.)
MsConfig - StartUpReg: URLLSTCK.exe - hkey= - key= - C:\Program Files\Norton Internet Security\UrlLstCk.exe File not found
MsConfig - StartUpReg: VAIO Update 2 - hkey= - key= - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/23 12:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\RootRepeal
[2010/02/23 12:26:52 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2010/02/20 11:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\gmer
[2010/02/14 17:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\AVG Security Toolbar
[2010/02/14 16:14:27 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/14 16:14:07 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/14 16:14:06 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/14 16:13:59 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/14 16:13:57 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/14 16:13:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/02/14 16:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/14 16:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/14 16:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/14 16:11:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/14 16:11:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/14 16:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/14 16:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/14 16:07:18 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\owner\My Documents\avg_free_stb_all_9_40_cnet.exe
[2010/02/13 11:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\Glee Music
[2010/02/02 16:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/01/28 18:36:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\owner\IECompatCache
[2010/01/28 17:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/01/28 16:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Malwarebytes
[2010/01/28 16:09:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/28 16:09:16 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/27 12:12:16 | 000,000,000 | ---D | C] -- C:\New Folder
[2010/01/25 18:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2010/01/24 19:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Threat Expert
[2010/01/24 15:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010/01/24 15:08:15 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2010/01/24 15:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/01/09 13:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Webroot
[2009/12/14 17:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\BigFix
[2009/06/14 09:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/01/07 11:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/05/07 12:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2006/02/19 02:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[69 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[204 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/23 13:39:48 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\owner\ntuser.dat
[2010/02/23 13:35:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-945108622-783547475-1226566484-1005UA.job
[2010/02/23 12:26:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2010/02/23 08:29:42 | 056,121,581 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/22 22:35:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-945108622-783547475-1226566484-1005Core.job
[2010/02/21 14:33:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/21 14:31:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/21 14:31:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/21 14:31:13 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/20 14:29:50 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/20 11:43:58 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\dds.scr
[2010/02/20 00:56:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\owner\ntuser.ini
[2010/02/20 00:56:10 | 008,600,626 | -H-- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\IconCache.db
[2010/02/20 00:29:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/20 00:08:06 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\backupreg.reg
[2010/02/19 23:52:16 | 000,012,484 | -HS- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\v66l66MW5Tq
[2010/02/19 21:37:34 | 000,000,335 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\FixExe.reg
[2010/02/18 08:06:16 | 000,002,022 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper20071014174400.job
[2010/02/16 14:25:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/16 12:52:27 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Microsoft Office Word 2003.lnk
[2010/02/14 16:14:08 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/14 16:14:07 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/14 16:14:07 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/14 16:14:00 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/14 16:13:57 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/14 16:13:57 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/14 16:13:45 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/14 16:13:45 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/14 16:13:45 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/14 16:07:19 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\owner\My Documents\avg_free_stb_all_9_40_cnet.exe
[2010/02/11 08:19:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/03 20:28:34 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/28 17:25:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/28 17:25:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/28 16:09:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/28 13:20:49 | 000,000,730 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/28 13:20:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/28 13:20:49 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2010/01/24 15:09:24 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[69 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[204 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/20 14:29:50 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/20 11:43:56 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\dds.scr
[2010/02/20 00:08:06 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\backupreg.reg
[2010/02/19 21:43:12 | 000,000,335 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\FixExe.reg
[2010/02/19 20:52:10 | 000,012,484 | -HS- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\v66l66MW5Tq
[2010/02/14 16:14:08 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/14 16:13:57 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/14 16:13:45 | 056,121,581 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/14 16:13:45 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/14 16:13:45 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/14 16:13:45 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/02 16:26:24 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/28 16:09:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/24 15:09:24 | 000,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[2009/11/28 15:50:45 | 000,000,971 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\BBMS_EXCEPTION.txt
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/09/01 18:22:15 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\mcs.rma
[2009/09/01 18:22:15 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\7B9038
[2009/01/11 10:12:18 | 000,006,578 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profiles.xml
[2008/07/21 16:20:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/04/07 16:33:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/03/04 19:48:32 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2007/09/27 01:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 01:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 01:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/03 10:24:14 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/10/03 10:10:13 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/09/26 19:06:09 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/26 08:56:15 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/09 08:39:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2006/06/09 08:33:34 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2006/06/09 08:33:33 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2006/05/24 17:08:17 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/08 16:43:46 | 000,013,696 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\wklnhst.dat
[2006/05/07 12:40:28 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2006/05/07 12:40:24 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/05/07 12:40:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/05/07 12:28:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\fusioncache.dat
[2005/12/16 00:37:50 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2005/12/16 00:30:37 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/12/16 00:28:39 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/12/16 00:28:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/12/16 00:28:04 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/12/16 00:28:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/12/16 00:28:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/12/16 00:28:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/12/16 00:28:04 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/16 00:25:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/15 23:19:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/15 22:04:14 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/15 22:00:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/12/15 20:33:45 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/15 18:52:37 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/15 18:52:31 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/01 17:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/02/24 21:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 12:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/11/06 12:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll
[204 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/04 00:24:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/11/04 00:24:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/04 00:24:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/11/04 00:24:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 04:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71392222
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41099CE9
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8051838
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD171C9E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6CCBA03D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DBB8EF9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814402E6
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:327FAF99
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8A7F3FF
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FE30AB2
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C202A457
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B894C266
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11F7EB8A
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D31DA45
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8643C5BE
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5F8E280
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700CD00E
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E55CE2D1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3643E9B3
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FBC80F9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:478FEFC3
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1404CE
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:077F4C77
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A368015
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E736CE6B
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3AAE2A6
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B12C559
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87FA5E8A
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEE3BBB
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C350063
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A925163
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D61FFEE
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18897B1D
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6E9EB6C
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DAAE6F43
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77846FFE
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DFDF9DF
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33611CFB
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57BF34C6
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93DE1838
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25005EFA
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF5C4195
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B212553
< End of report >



I've attached the logs that you asked for.

Attached Files


Edited by syler, 24 February 2010 - 12:05 PM.
Post attached log


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:01 PM

Posted 24 February 2010 - 12:22 PM

I don't see much wrong in your logs, can you tell me what problems you are currently having? also when you reply with the logs
please post them rather than attaching them, it makes then easier to read, thanks.


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Trend Micro.



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O3 - HKU\S-1-5-21-945108622-783547475-1226566484-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\mri.exe -- File not found
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found
    MsConfig - StartUpReg: ccApp - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found
    MsConfig - StartUpReg: DW6 - hkey= - key= - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
    MsConfig - StartUpReg: EA Core - hkey= - key= - C:\Program Files\Electronic Arts\EADM\Core.exe File not found
    MsConfig - StartUpReg: IS CfgWiz - hkey= - key= - C:\Program Files\Norton Internet Security\cfgwiz.exe File not found
    MsConfig - StartUpReg: URLLSTCK.exe - hkey= - key= - C:\Program Files\Norton Internet Security\UrlLstCk.exe File not found
    [2008/03/04 19:48:32 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71392222
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41099CE9
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8051838
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD171C9E
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6CCBA03D
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DBB8EF9
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814402E6
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:327FAF99
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8A7F3FF
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FE30AB2
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C202A457
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B894C266
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11F7EB8A
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D31DA45
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8643C5BE
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5F8E280
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700CD00E
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E55CE2D1
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3643E9B3
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FBC80F9
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:478FEFC3
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1404CE
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:077F4C77
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A368015
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E736CE6B
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3AAE2A6
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B12C559
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87FA5E8A
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEE3BBB
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C350063
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A925163
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D61FFEE
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18897B1D
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6E9EB6C
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DAAE6F43
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77846FFE
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DFDF9DF
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33611CFB
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57BF34C6
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93DE1838
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25005EFA
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF5C4195
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B212553
    :Commands
    [purity]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.


Then please post back here with the following logs:
  • MBAM log
  • OTL results
  • New OTL log

Thanks

unite.jpg


#5 MZA

MZA
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 24 February 2010 - 09:49 PM

A few days ago, I ran an AVG scan to try and figure out what was on my computer. It found a trojan horse (Trojan horse SHeur2.CMWB) and AVG says it's now in the virus vault. I was planning on deleting AVG, but I wasn't sure what I should do about the trojan horse. Should I try and delete it before I uninstall?

#6 MZA

MZA
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 24 February 2010 - 10:53 PM

At the moment, I'm not having any noticeable problems with my computer. I only knew that something could be wrong with it when XP Internet Security windows started popping up and I found that trojan horse with AVG. I'm just worried that because the Malware Defense virus installed a rootkit on my computer that was difficult to remove that there's still some kind of back door for other viruses to get in.

I've run all the scans, and included them in this post.

Again, thanks for all your help!

MBAM log:
Malwarebytes' Anti-Malware 1.44
Database version: 3787
Windows 5.1.2600 Service Pack 3
Internet Explorer Unknown

2/24/2010 7:07:49 PM
mbam-log-2010-02-24 (19-07-49).txt

Scan type: Quick Scan
Objects scanned: 135006
Time elapsed: 13 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


New OTL log:
OTL logfile created on: 2/24/2010 7:21:10 PM - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 328.00 Mb Available Physical Memory | 32.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.16 Gb Total Space | 24.00 Gb Free Space | 27.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-2D4C2DDC
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/23 12:26:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
PRC - [2010/02/18 22:55:45 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/14 16:13:27 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/14 16:13:26 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/14 16:13:26 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/14 16:13:25 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/14 16:13:23 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/14 16:13:18 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/24 15:09:25 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/11 14:04:02 | 001,403,976 | ---- | M] (BigFix, Inc.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2009/05/11 14:04:00 | 002,341,960 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/24 08:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/12/01 02:20:02 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005/11/28 16:42:52 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/11/24 17:29:32 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2005/11/24 17:29:30 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/11/24 17:29:30 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2005/11/24 17:29:26 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/09/27 06:59:10 | 000,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
PRC - [2005/09/01 11:44:46 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/09/01 11:44:46 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/09/01 11:44:42 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/05/20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005/03/11 17:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2004/11/17 19:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 08:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/02/20 14:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2004/02/17 14:58:48 | 000,204,873 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
PRC - [2004/02/17 14:57:36 | 000,241,737 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe


========== Modules (SafeList) ==========

MOD - [2010/02/23 12:26:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - [2010/02/14 16:13:18 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/24 15:09:25 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/11 14:04:00 | 002,341,960 | ---- | M] (BigFix Inc.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2009/04/11 13:17:46 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2009/04/11 13:17:44 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2009/04/11 13:17:26 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/12/06 22:20:56 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 22:20:52 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/16 00:34:35 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/11/29 22:06:00 | 000,143,437 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel«
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel«
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel«
SRV - [2005/10/14 10:41:12 | 001,982,464 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/10/11 12:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/10/11 12:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/10/11 12:00:46 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/10/06 14:28:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/09/27 05:19:26 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/09/01 11:44:46 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/09/01 11:44:46 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/09/01 11:44:42 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/08/30 15:00:50 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/08/30 14:55:18 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/08/30 14:49:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/07/14 19:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/05/20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/03/11 17:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/02/17 14:58:48 | 000,204,873 | ---- | M] (Trend Micro Incorporated.) [Auto | Running] -- C:\Program Files\Trend Micro\Antivirus\tmproxy.exe -- (tmproxy)
SRV - [2004/02/17 14:57:36 | 000,241,737 | ---- | M] (Trend Micro Incorporated.) [Auto | Running] -- C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe -- (Tmntsrv)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/02/14 16:14:07 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/14 16:14:00 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/14 16:13:57 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/01/09 15:18:02 | 000,027,136 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2008/05/20 17:33:50 | 000,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/11/13 02:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/05/01 02:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/04/09 06:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 06:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 06:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/01/31 16:48:57 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2006/01/31 16:48:56 | 000,049,664 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/01/31 16:48:53 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/12/16 00:34:35 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/12/15 21:06:28 | 000,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/11/30 14:12:16 | 000,028,800 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2005/11/29 22:06:00 | 003,600,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/27 07:36:08 | 001,427,968 | ---- | M] (Intel« Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel«
DRV - [2005/11/24 17:29:28 | 001,353,820 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/11/17 13:40:46 | 001,076,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/15 22:36:20 | 000,036,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/10/25 10:31:40 | 000,232,448 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/10/18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 16:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/07 21:50:48 | 000,108,672 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005/10/07 21:30:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/10/05 16:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/10/04 12:59:00 | 000,217,472 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2005/09/21 09:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2005/09/20 15:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2005/09/16 16:35:58 | 000,046,592 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/09/15 18:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/06 13:33:26 | 000,176,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel«
DRV - [2005/06/13 13:58:04 | 000,162,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel«
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 12:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/01 12:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows « Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 04:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/03/05 11:53:06 | 000,201,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TmXPFlt.sys -- (Tmfilter)
DRV - [2004/03/05 11:53:06 | 000,020,864 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (Tmpreflt)
DRV - [2004/03/05 11:29:36 | 000,929,968 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\VSAPINT.SYS -- (Vsapint)
DRV - [2004/02/17 14:48:44 | 000,014,976 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\tmtdi.sys -- (tmtdi)
DRV - [2001/08/17 10:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2000/12/05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 19:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
DRV - [2000/03/29 14:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E D9 66 AC 59 AC CA 01 [binary data]
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55╬▒=%s&S=1
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-945108622-783547475-1226566484-1005\S-1-5-21-945108622-783547475-1226566484-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fhl%3Den%26tab%3Dwm%26ui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&ltmpl=default&ltmplcache=2&hl=en"
FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:1.0.10
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/14 16:13:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/14 16:13:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 22:56:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 14:29:50 | 000,000,000 | ---D | M]

[2008/12/04 22:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2010/02/24 13:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\extensions
[2010/01/05 07:57:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/04 15:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\extensions\amznUWL@amazon.com
[2009/11/15 13:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\extensions\zotero@chnm.gmu.edu
[2007/04/14 18:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Sunbird\Profiles\pn5birq3.default\extensions
[2009/11/01 21:29:52 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\searchplugins\dictionarycom.xml
[2009/03/31 15:05:14 | 000,002,042 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\searchplugins\facebook.xml
[2008/05/04 12:16:10 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\searchplugins\imdb.xml
[2009/11/01 21:30:13 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\searchplugins\thesauruscom.xml
[2008/05/04 12:15:43 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\s7txy9rg.default\searchplugins\wikipedia-eng.xml
[2010/02/24 13:40:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/07/06 23:22:00 | 000,806,912 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npActiveGS.dll
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/06/28 15:22:00 | 001,212,416 | ---- | M] (cedelia) -- C:\Program Files\Mozilla Firefox\plugins\NPStreamPlug.dll

O1 HOSTS File: ([2010/01/27 00:19:05 | 000,032,090 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 1.httpdads.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 207-87-18-203.wsmg.digex.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 a.mktw.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 a.tribalfusion.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 a207.p.f.qz3.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 a3.suntimes.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 actionsplash.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.abcnews.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.adsmart.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.adtraq.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.atlas.cz #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.au.doubleclick.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.be.doubleclick.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.blm.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.ca.doubleclick.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.ch.doubleclick.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.de.doubleclick.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.dogpile.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.doubleclick.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.doubleclick.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.fr.doubleclick.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.harmony-central.com #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.horvitznewspapers.net #SpySweeperCASS
O1 - Hosts: 127.0.0.1 ad.howstuffworks.com #SpySweeperCASS
O1 - Hosts: 656 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-945108622-783547475-1226566484-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-945108622-783547475-1226566484-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\Partseal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-945108622-783547475-1226566484-1005..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-945108622-783547475-1226566484-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-945108622-783547475-1226566484-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-945108622-783547475-1226566484-1005\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1264714099312 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 171.64.7.121 171.64.7.55 171.64.7.77
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-945108622-783547475-1226566484-1005 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper HighColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper HighColor 1280x800.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/15 20:14:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9a1e960c-1486-11de-b2d7-0013a90fbcd0}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{9a1e960c-1486-11de-b2d7-0013a90fbcd0}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{9e8032a8-29fa-11dd-b28f-001302071394}\Shell - "" = AutoRun
O33 - MountPoints2\{9e8032a8-29fa-11dd-b28f-001302071394}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e8032a8-29fa-11dd-b28f-001302071394}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9e8032a9-29fa-11dd-b28f-001302071394}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{ebd3ebac-b5f0-11de-b325-001302071394}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/12/15 20:13:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: Aim6 - hkey= - key= - C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe (America Online, Inc.)
MsConfig - StartUpReg: BlackBerryAutoUpdate - hkey= - key= - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\AOL\1134721647\ee\aolsoftware.exe (America Online, Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: IPHSend - hkey= - key= - C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: pccguide.exe - hkey= - key= - C:\Program Files\Trend Micro\Antivirus\pccguide.exe (Trend Micro Incorporated.)
MsConfig - StartUpReg: PCClient.exe - hkey= - key= - C:\Program Files\Trend Micro\Antivirus\PCClient.exe (Trend Micro Incorporated.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
MsConfig - StartUpReg: SSC_UserPrompt - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TM Outbreak Agent - hkey= - key= - C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe (Trend Micro Incorporated.)
MsConfig - StartUpReg: VAIO Update 2 - hkey= - key= - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/24 19:11:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/23 12:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\RootRepeal
[2010/02/23 12:26:52 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2010/02/20 11:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\gmer
[2010/02/14 17:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\AVG Security Toolbar
[2010/02/14 16:14:27 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/14 16:14:07 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/14 16:14:06 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/14 16:13:59 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/14 16:13:57 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/14 16:13:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/02/14 16:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/14 16:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/14 16:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/14 16:11:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/14 16:11:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/14 16:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/14 16:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/14 16:07:18 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\owner\My Documents\avg_free_stb_all_9_40_cnet.exe
[2010/02/13 11:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\Glee Music
[2010/02/02 16:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/01/28 18:36:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\owner\IECompatCache
[2010/01/28 17:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/01/28 16:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Malwarebytes
[2010/01/28 16:09:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/28 16:09:16 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/27 12:12:16 | 000,000,000 | ---D | C] -- C:\New Folder
[2010/01/25 18:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2010/01/09 13:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Webroot
[2009/12/14 17:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\BigFix
[2009/06/14 09:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/01/07 11:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/05/07 12:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2006/02/19 02:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/02/24 19:17:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/24 19:13:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/24 19:13:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/24 19:13:19 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/24 19:11:53 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\owner\ntuser.dat
[2010/02/24 19:11:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\owner\ntuser.ini
[2010/02/24 18:35:02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-945108622-783547475-1226566484-1005UA.job
[2010/02/24 18:29:49 | 056,199,314 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/23 22:35:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-945108622-783547475-1226566484-1005Core.job
[2010/02/23 14:25:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/23 12:26:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2010/02/20 14:29:50 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/20 11:43:58 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\dds.scr
[2010/02/20 00:56:10 | 008,600,626 | -H-- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\IconCache.db
[2010/02/20 00:29:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/20 00:08:06 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\backupreg.reg
[2010/02/19 23:52:16 | 000,012,484 | -HS- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\v66l66MW5Tq
[2010/02/19 21:37:34 | 000,000,335 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\FixExe.reg
[2010/02/18 08:06:16 | 000,002,022 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper20071014174400.job
[2010/02/16 12:52:27 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Microsoft Office Word 2003.lnk
[2010/02/14 16:14:08 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/14 16:14:07 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/14 16:14:07 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/14 16:14:00 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/14 16:13:57 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/14 16:13:57 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/14 16:13:45 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/14 16:13:45 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/14 16:13:45 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/14 16:07:19 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\owner\My Documents\avg_free_stb_all_9_40_cnet.exe
[2010/02/11 08:19:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/03 20:28:34 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/28 17:25:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/28 17:25:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/28 16:09:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/28 13:20:49 | 000,000,730 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/28 13:20:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/28 13:20:49 | 000,000,209 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2010/02/20 14:29:50 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/20 11:43:56 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\dds.scr
[2010/02/20 00:08:06 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\backupreg.reg
[2010/02/19 21:43:12 | 000,000,335 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\FixExe.reg
[2010/02/19 20:52:10 | 000,012,484 | -HS- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\v66l66MW5Tq
[2010/02/14 16:14:08 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/14 16:13:57 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/14 16:13:45 | 056,199,314 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/14 16:13:45 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/14 16:13:45 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/14 16:13:45 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/02 16:26:24 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/28 16:09:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 15:50:45 | 000,000,971 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\BBMS_EXCEPTION.txt
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/09/01 18:22:15 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\mcs.rma
[2009/09/01 18:22:15 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\7B9038
[2009/01/11 10:12:18 | 000,006,578 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profiles.xml
[2008/07/21 16:20:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/04/07 16:33:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/09/27 01:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 01:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 01:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/03 10:24:14 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/10/03 10:10:13 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/09/26 19:06:09 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/26 08:56:15 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/09 08:39:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2006/06/09 08:33:34 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2006/06/09 08:33:33 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2006/05/24 17:08:17 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/08 16:43:46 | 000,013,696 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\wklnhst.dat
[2006/05/07 12:40:28 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2006/05/07 12:40:24 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/05/07 12:40:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/05/07 12:28:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\fusioncache.dat
[2005/12/16 00:37:50 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2005/12/16 00:30:37 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/12/16 00:28:39 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/12/16 00:28:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/12/16 00:28:04 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/12/16 00:28:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/12/16 00:28:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/12/16 00:28:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/12/16 00:28:04 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/16 00:25:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/15 23:19:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/15 22:04:14 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/15 22:00:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/12/15 20:33:45 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/15 18:52:37 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/15 18:52:31 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/01 17:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/02/24 21:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 12:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/11/06 12:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/04 00:24:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/11/04 00:24:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/04 00:24:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/11/04 00:24:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 04:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >

Edited by syler, 25 February 2010 - 04:02 PM.
remove duplicate log


#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:01 PM

Posted 25 February 2010 - 04:08 PM

Your logs are looking ok, lets do one more check.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 18 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, Aclick on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Then please post back here with the following logs:
  • Kaspersky report
  • New DDS log

Thanks

unite.jpg


#8 MZA

MZA
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 28 February 2010 - 07:50 PM

The Kaspersky scan and the DDS log are posted. I wasn't sure if I was supposed to post the Attach log, so I attached it just in case.

Thanks!

DDS log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by owner at 16:40:43.16 on Sun 02/28/2010
BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.310 [GMT -8:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_18.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264714099312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\s7txy9rg.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (Eng)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fhl%3Den%26tab%3Dwm%26ui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&ltmpl=default&ltmplcache=2&hl=en
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPStreamPlug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-14 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-14 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-14 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-14 285392]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2004-3-5 201984]
R2 Tmntsrv;Trend NT Realtime Service;c:\program files\trend micro\antivirus\Tmntsrv.exe [2004-2-17 241737]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2004-3-5 20864]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\antivirus\tmproxy.exe [2004-2-17 204873]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2010-1-24 1201640]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2005-12-15 28800]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2005-12-15 217472]
S0 omsrrol;omsrrol;c:\windows\system32\drivers\pibse.sys --> c:\windows\system32\drivers\pibse.sys [?]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-12-16 1119888]

=============== Created Last 30 ================

2010-02-25 03:11:06 0 d-----w- C:\_OTL
2010-02-15 00:14:27 0 d--h--w- C:\$AVG
2010-02-15 00:14:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-15 00:14:06 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-15 00:13:59 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-15 00:13:45 0 d-----w- c:\windows\system32\drivers\Avg
2010-02-15 00:13:42 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-02-15 00:13:16 0 d-----w- c:\program files\AVG
2010-02-15 00:13:14 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-02-03 00:25:25 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-02-26 02:32:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-08 00:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-01 05:06:08 61032 ---ha-w- c:\windows\system32\mlfcache.dat

============= FINISH: 16:41:41.40 ===============



Kaspersky report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, February 26, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, February 25, 2010 23:35:28
Records in database: 3648220
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 141943
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 05:30:56

No threats found. Scanned area is clean.

Selected area has been scanned.

Attached Files



#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:01 PM

Posted 01 March 2010 - 01:53 AM

You still have two AntiVirus installed, please go to add/remove program an uninstall either Trend Micro or AVG.

You also still have an older version of java installed please uninstall this.

J2SE Runtime Environment 5.0 Update 5


You still have some leftovers from an incomplete uninstallation of Norton security products on your computer.
To remove the leftovers please download and run the Norton Removal Tool.

Note: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
If you use ACT! or WinFAX, back up those databases before you proceed.




You have Viewpoint installed, Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.



Go to Start >> Run, type Services.msc

From the list of services find Windows Management Instrumentation
Right click it, then select Stop. A message will pop up click yes.

Now navigate to this folder and delete it.

C:\WINDOWS\system32\wbem\Repository <-- This folder

Now go back to Windows Management Instrumentation in the services list.
Right click it, then select Start. Exit services list, then restart your computer.


Once you have done all those steps please post back with a new DDS log, no need to post attach.txt this time.

unite.jpg


#10 MZA

MZA
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 03 March 2010 - 11:59 PM

I've tried to run Services.msc, and every time it gives me this message: "MMC will not run with a version of Internet Explorer earlier than Internet Explorer 5.5". I have Internet Explorer 8 installed on this computer. I'm not sure what's going on. Is there any way to get around this?

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:01 PM

Posted 04 March 2010 - 04:27 PM

Please do this then try services.msc again.
  • Go to Start >> Run, and type %SystemRoot%\inf into the run box, then click Ok.
  • Now find the file ie.inf (not ie.PNF), Right click it, and select install.

unite.jpg


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:01 PM

Posted 08 March 2010 - 07:15 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users