Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engines redirecting me wrong


  • This topic is locked This topic is locked
13 replies to this topic

#1 Big Chumpy

Big Chumpy

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 07 April 2010 - 07:30 PM

DDS Log posted below.
GMER Scan locks up or reboots computer.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Big Chumpy at 9:10:36.53 on Thu 08/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2558.1888 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Big Chumpy\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\Big Chumpy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.firecu.com.au/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [RegistryMechanic] c:\program files\registry mechanic\regmech.exe /H
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [Mobile Partner] "c:\program files\optus wireless broadband\Optus Wireless Broadband.exe"
uRun: [EA Core] "c:\games\mirror's edge\Core.exe" -silent
mRun: [Gainward] c:\program files\vdotool\TBPanel.exe /A
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles
mRun: [NokiaMusic FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\amazing adventures the lost tomb\images\stg_drm.ocx
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233307772859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\amazing adventures the lost tomb\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {C3388DD0-D5F1-437B-A167-5A0407893684} = 211.29.132.12 61.88.88.88
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bigchu~1\applic~1\mozilla\firefox\profiles\91h7an71.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.firecu.com.au/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-24 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-24 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-24 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-19 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-19 308064]
S2 gupdate1c9897da26da302;Google Update Service (gupdate1c9897da26da302);c:\program files\google\update\GoogleUpdate.exe [2009-2-8 133104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
UnknownUnknown DrvAgent32;DrvAgent32; [x]

=============== Created Last 30 ================

2010-04-07 23:07:32 0 ----a-w- c:\documents and settings\big chumpy\defogger_reenable
2010-04-05 06:37:07 0 d-----w- C:\ProgramData
2010-04-05 06:37:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Electronic Arts
2010-04-05 05:19:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-05 05:15:17 0 d-----w- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2010-04-02 07:43:29 0 d-----w- c:\windows\system32\vmm32
2010-04-02 07:43:29 0 d-----w- c:\program files\Dell
2010-04-01 05:50:36 0 d-----w- c:\program files\ESET
2010-04-01 05:37:05 0 dc-h--w- c:\windows\ie8
2010-03-27 07:38:06 0 d-----w- c:\docume~1\bigchu~1\applic~1\Malwarebytes
2010-03-27 07:38:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-27 07:38:00 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 07:38:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-27 07:38:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-24 10:48:21 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-03-24 10:47:48 0 d-----w- C:\Intel
2010-03-24 06:32:23 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-24 06:32:17 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-24 06:32:17 0 d-----w- c:\docume~1\bigchu~1\applic~1\SUPERAntiSpyware.com
2010-03-24 04:58:05 0 d-----w- c:\program files\RegistryFix8
2010-03-19 05:26:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 11:40:34 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-15 11:39:10 9047 ----a-w- c:\windows\system32\nvinfo.pb
2010-03-15 11:39:10 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-03-15 11:39:08 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-15 11:39:08 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-15 11:39:08 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-03-15 11:39:08 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-03-15 11:39:05 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-03-15 11:39:01 0 d-----w- C:\NVIDIA
2010-03-15 11:20:02 0 d-----w- c:\program files\SystemRequirementsLab
2010-03-15 09:02:42 0 d-----w- c:\program files\PC Drivers HeadQuarters
2010-03-15 09:01:39 199168 --sha-r- c:\windows\system32\c_28591V.dll
2010-03-15 08:56:04 0 d-----w- c:\docume~1\bigchu~1\applic~1\AVG9
2010-03-13 00:01:41 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 10:58:55 0 d-----w- c:\docume~1\bigchu~1\applic~1\ScummVM
2010-03-10 10:58:50 0 d-----w- c:\program files\ScummVM
2010-03-10 10:57:59 0 d-----w- C:\scummvm
2010-03-10 10:16:56 0 d--h--w- c:\windows\PIF

==================== Find3M ====================

2010-04-05 05:18:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-19 05:26:27 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-19 05:25:50 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-12 04:03:33 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03:33 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03:33 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03:33 1081344 ----a-w- c:\windows\system32\nvapi.dll

============= FINISH: 9:11:04.85 ===============


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:32 PM

Posted 11 April 2010 - 04:59 AM

Hi Big Chumpy!.. smile.gif.

If you posted a link to your previous thread, you would save me a little time... ;)

Firstly,
Please go to http://www.virustotal.com/ , click on Browse, and upload the following file for analysis:

c:\windows\system32\c_28591V.dll

Then click Send File. Allow the file to be uploaded and scanned. Then, please post a link to the results page for me to see.

Secondly,
* Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
* Execute the file TDSSKiller.exe by double-clicking on it.
* Wait for the scan and disinfection process to be over.
* When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Edited by snemelk, 11 April 2010 - 04:59 AM.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 12 April 2010 - 08:04 PM

G'day snemelk,

Sorry about that, blush.gif
My previous thread is at
http://www.bleepingcomputer.com/forums/ind...=304552&hl=

c_28591V.dll does not exist on my system



TDSSKILLER LOG

10:58:24:968 2516 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
10:58:24:968 2516 ================================================================================
10:58:24:968 2516 SystemInfo:

10:58:24:968 2516 OS Version: 5.1.2600 ServicePack: 3.0
10:58:24:968 2516 Product type: Workstation
10:58:24:968 2516 ComputerName: A-LA-PUTA
10:58:24:968 2516 UserName: Big Chumpy
10:58:24:968 2516 Windows directory: C:\WINDOWS
10:58:24:968 2516 Processor architecture: Intel x86
10:58:24:968 2516 Number of processors: 2
10:58:24:968 2516 Page size: 0x1000
10:58:24:968 2516 Boot type: Normal boot
10:58:24:968 2516 ================================================================================
10:58:24:968 2516 UnloadDriverW: NtUnloadDriver error 2
10:58:24:968 2516 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
10:58:25:031 2516 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
10:58:25:046 2516 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
10:58:25:046 2516 wfopen_ex: Trying to KLMD file open
10:58:25:046 2516 wfopen_ex: File opened ok (Flags 2)
10:58:25:046 2516 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
10:58:25:062 2516 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
10:58:25:062 2516 wfopen_ex: Trying to KLMD file open
10:58:25:062 2516 wfopen_ex: File opened ok (Flags 2)
10:58:25:062 2516 Initialize success
10:58:25:062 2516
10:58:25:062 2516 Scanning Services ...
10:58:25:218 2516 Raw services enum returned 344 services
10:58:25:218 2516
10:58:25:218 2516 Scanning Kernel memory ...
10:58:25:218 2516 Devices to scan: 6
10:58:25:218 2516
10:58:25:218 2516 Driver Name: Disk
10:58:25:218 2516 IRP_MJ_CREATE : B80EEBB0
10:58:25:218 2516 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
10:58:25:218 2516 IRP_MJ_CLOSE : B80EEBB0
10:58:25:218 2516 IRP_MJ_READ : B80E8D1F
10:58:25:218 2516 IRP_MJ_WRITE : B80E8D1F
10:58:25:218 2516 IRP_MJ_QUERY_INFORMATION : 804F4562
10:58:25:234 2516 IRP_MJ_SET_INFORMATION : 804F4562
10:58:25:234 2516 IRP_MJ_QUERY_EA : 804F4562
10:58:25:234 2516 IRP_MJ_SET_EA : 804F4562
10:58:25:234 2516 IRP_MJ_FLUSH_BUFFERS : B80E92E2
10:58:25:234 2516 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
10:58:25:234 2516 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
10:58:25:234 2516 IRP_MJ_DIRECTORY_CONTROL : 804F4562
10:58:25:234 2516 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
10:58:25:234 2516 IRP_MJ_DEVICE_CONTROL : B80E93BB
10:58:25:234 2516 IRP_MJ_INTERNAL_DEVICE_CONTROL : B80ECF28
10:58:25:234 2516 IRP_MJ_SHUTDOWN : B80E92E2
10:58:25:234 2516 IRP_MJ_LOCK_CONTROL : 804F4562
10:58:25:234 2516 IRP_MJ_CLEANUP : 804F4562
10:58:25:234 2516 IRP_MJ_CREATE_MAILSLOT : 804F4562
10:58:25:234 2516 IRP_MJ_QUERY_SECURITY : 804F4562
10:58:25:234 2516 IRP_MJ_SET_SECURITY : 804F4562
10:58:25:234 2516 IRP_MJ_POWER : B80EAC82
10:58:25:234 2516 IRP_MJ_SYSTEM_CONTROL : B80EF99E
10:58:25:234 2516 IRP_MJ_DEVICE_CHANGE : 804F4562
10:58:25:234 2516 IRP_MJ_QUERY_QUOTA : 804F4562
10:58:25:234 2516 IRP_MJ_SET_QUOTA : 804F4562
10:58:25:265 2516 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
10:58:25:265 2516
10:58:25:265 2516 Driver Name: USBSTOR
10:58:25:265 2516 IRP_MJ_CREATE : B2B45218
10:58:25:265 2516 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
10:58:25:265 2516 IRP_MJ_CLOSE : B2B45218
10:58:25:265 2516 IRP_MJ_READ : B2B4523C
10:58:25:265 2516 IRP_MJ_WRITE : B2B4523C
10:58:25:265 2516 IRP_MJ_QUERY_INFORMATION : 804F4562
10:58:25:265 2516 IRP_MJ_SET_INFORMATION : 804F4562
10:58:25:265 2516 IRP_MJ_QUERY_EA : 804F4562
10:58:25:265 2516 IRP_MJ_SET_EA : 804F4562
10:58:25:265 2516 IRP_MJ_FLUSH_BUFFERS : 804F4562
10:58:25:265 2516 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
10:58:25:265 2516 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
10:58:25:265 2516 IRP_MJ_DIRECTORY_CONTROL : 804F4562
10:58:25:265 2516 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
10:58:25:265 2516 IRP_MJ_DEVICE_CONTROL : B640DF16
10:58:25:265 2516 IRP_MJ_INTERNAL_DEVICE_CONTROL : B640EA7E
10:58:25:265 2516 IRP_MJ_SHUTDOWN : 804F4562
10:58:25:265 2516 IRP_MJ_LOCK_CONTROL : 804F4562
10:58:25:265 2516 IRP_MJ_CLEANUP : 804F4562
10:58:25:265 2516 IRP_MJ_CREATE_MAILSLOT : 804F4562
10:58:25:265 2516 IRP_MJ_QUERY_SECURITY : 804F4562
10:58:25:265 2516 IRP_MJ_SET_SECURITY : 804F4562
10:58:25:265 2516 IRP_MJ_POWER : B2B445F0
10:58:25:265 2516 IRP_MJ_SYSTEM_CONTROL : B2B42A6E
10:58:25:265 2516 IRP_MJ_DEVICE_CHANGE : 804F4562
10:58:25:265 2516 IRP_MJ_QUERY_QUOTA : 804F4562
10:58:25:265 2516 IRP_MJ_SET_QUOTA : 804F4562
10:58:25:281 2516 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
10:58:25:281 2516
10:58:25:281 2516 Driver Name: Disk
10:58:25:281 2516 IRP_MJ_CREATE : B80EEBB0
10:58:25:281 2516 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
10:58:25:281 2516 IRP_MJ_CLOSE : B80EEBB0
10:58:25:281 2516 IRP_MJ_READ : B80E8D1F
10:58:25:281 2516 IRP_MJ_WRITE : B80E8D1F
10:58:25:281 2516 IRP_MJ_QUERY_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_SET_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_QUERY_EA : 804F4562
10:58:25:281 2516 IRP_MJ_SET_EA : 804F4562
10:58:25:281 2516 IRP_MJ_FLUSH_BUFFERS : B80E92E2
10:58:25:281 2516 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_DIRECTORY_CONTROL : 804F4562
10:58:25:281 2516 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
10:58:25:281 2516 IRP_MJ_DEVICE_CONTROL : B80E93BB
10:58:25:281 2516 IRP_MJ_INTERNAL_DEVICE_CONTROL : B80ECF28
10:58:25:281 2516 IRP_MJ_SHUTDOWN : B80E92E2
10:58:25:281 2516 IRP_MJ_LOCK_CONTROL : 804F4562
10:58:25:281 2516 IRP_MJ_CLEANUP : 804F4562
10:58:25:281 2516 IRP_MJ_CREATE_MAILSLOT : 804F4562
10:58:25:281 2516 IRP_MJ_QUERY_SECURITY : 804F4562
10:58:25:281 2516 IRP_MJ_SET_SECURITY : 804F4562
10:58:25:281 2516 IRP_MJ_POWER : B80EAC82
10:58:25:281 2516 IRP_MJ_SYSTEM_CONTROL : B80EF99E
10:58:25:281 2516 IRP_MJ_DEVICE_CHANGE : 804F4562
10:58:25:281 2516 IRP_MJ_QUERY_QUOTA : 804F4562
10:58:25:281 2516 IRP_MJ_SET_QUOTA : 804F4562
10:58:25:281 2516 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
10:58:25:281 2516
10:58:25:281 2516 Driver Name: Disk
10:58:25:281 2516 IRP_MJ_CREATE : B80EEBB0
10:58:25:281 2516 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
10:58:25:281 2516 IRP_MJ_CLOSE : B80EEBB0
10:58:25:281 2516 IRP_MJ_READ : B80E8D1F
10:58:25:281 2516 IRP_MJ_WRITE : B80E8D1F
10:58:25:281 2516 IRP_MJ_QUERY_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_SET_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_QUERY_EA : 804F4562
10:58:25:281 2516 IRP_MJ_SET_EA : 804F4562
10:58:25:281 2516 IRP_MJ_FLUSH_BUFFERS : B80E92E2
10:58:25:281 2516 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_DIRECTORY_CONTROL : 804F4562
10:58:25:281 2516 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
10:58:25:281 2516 IRP_MJ_DEVICE_CONTROL : B80E93BB
10:58:25:281 2516 IRP_MJ_INTERNAL_DEVICE_CONTROL : B80ECF28
10:58:25:281 2516 IRP_MJ_SHUTDOWN : B80E92E2
10:58:25:281 2516 IRP_MJ_LOCK_CONTROL : 804F4562
10:58:25:281 2516 IRP_MJ_CLEANUP : 804F4562
10:58:25:281 2516 IRP_MJ_CREATE_MAILSLOT : 804F4562
10:58:25:281 2516 IRP_MJ_QUERY_SECURITY : 804F4562
10:58:25:281 2516 IRP_MJ_SET_SECURITY : 804F4562
10:58:25:281 2516 IRP_MJ_POWER : B80EAC82
10:58:25:281 2516 IRP_MJ_SYSTEM_CONTROL : B80EF99E
10:58:25:281 2516 IRP_MJ_DEVICE_CHANGE : 804F4562
10:58:25:281 2516 IRP_MJ_QUERY_QUOTA : 804F4562
10:58:25:281 2516 IRP_MJ_SET_QUOTA : 804F4562
10:58:25:281 2516 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
10:58:25:281 2516
10:58:25:281 2516 Driver Name: Disk
10:58:25:281 2516 IRP_MJ_CREATE : B80EEBB0
10:58:25:281 2516 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
10:58:25:281 2516 IRP_MJ_CLOSE : B80EEBB0
10:58:25:281 2516 IRP_MJ_READ : B80E8D1F
10:58:25:281 2516 IRP_MJ_WRITE : B80E8D1F
10:58:25:281 2516 IRP_MJ_QUERY_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_SET_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_QUERY_EA : 804F4562
10:58:25:281 2516 IRP_MJ_SET_EA : 804F4562
10:58:25:281 2516 IRP_MJ_FLUSH_BUFFERS : B80E92E2
10:58:25:281 2516 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_DIRECTORY_CONTROL : 804F4562
10:58:25:281 2516 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
10:58:25:281 2516 IRP_MJ_DEVICE_CONTROL : B80E93BB
10:58:25:281 2516 IRP_MJ_INTERNAL_DEVICE_CONTROL : B80ECF28
10:58:25:281 2516 IRP_MJ_SHUTDOWN : B80E92E2
10:58:25:281 2516 IRP_MJ_LOCK_CONTROL : 804F4562
10:58:25:281 2516 IRP_MJ_CLEANUP : 804F4562
10:58:25:281 2516 IRP_MJ_CREATE_MAILSLOT : 804F4562
10:58:25:281 2516 IRP_MJ_QUERY_SECURITY : 804F4562
10:58:25:281 2516 IRP_MJ_SET_SECURITY : 804F4562
10:58:25:281 2516 IRP_MJ_POWER : B80EAC82
10:58:25:281 2516 IRP_MJ_SYSTEM_CONTROL : B80EF99E
10:58:25:281 2516 IRP_MJ_DEVICE_CHANGE : 804F4562
10:58:25:281 2516 IRP_MJ_QUERY_QUOTA : 804F4562
10:58:25:281 2516 IRP_MJ_SET_QUOTA : 804F4562
10:58:25:281 2516 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
10:58:25:281 2516
10:58:25:281 2516 Driver Name: iastor
10:58:25:281 2516 IRP_MJ_CREATE : B7EC1818
10:58:25:281 2516 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
10:58:25:281 2516 IRP_MJ_CLOSE : B7EC1818
10:58:25:281 2516 IRP_MJ_READ : 804F4562
10:58:25:281 2516 IRP_MJ_WRITE : 804F4562
10:58:25:281 2516 IRP_MJ_QUERY_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_SET_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_QUERY_EA : 804F4562
10:58:25:281 2516 IRP_MJ_SET_EA : 804F4562
10:58:25:281 2516 IRP_MJ_FLUSH_BUFFERS : 804F4562
10:58:25:281 2516 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
10:58:25:281 2516 IRP_MJ_DIRECTORY_CONTROL : 804F4562
10:58:25:281 2516 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
10:58:25:281 2516 IRP_MJ_DEVICE_CONTROL : B640DF16
10:58:25:281 2516 IRP_MJ_INTERNAL_DEVICE_CONTROL : B640EA7E
10:58:25:281 2516 IRP_MJ_SHUTDOWN : 804F4562
10:58:25:281 2516 IRP_MJ_LOCK_CONTROL : 804F4562
10:58:25:281 2516 IRP_MJ_CLEANUP : 804F4562
10:58:25:281 2516 IRP_MJ_CREATE_MAILSLOT : 804F4562
10:58:25:281 2516 IRP_MJ_QUERY_SECURITY : 804F4562
10:58:25:281 2516 IRP_MJ_SET_SECURITY : 804F4562
10:58:25:281 2516 IRP_MJ_POWER : B7EB8AB4
10:58:25:281 2516 IRP_MJ_SYSTEM_CONTROL : B7EB807C
10:58:25:281 2516 IRP_MJ_DEVICE_CHANGE : 804F4562
10:58:25:281 2516 IRP_MJ_QUERY_QUOTA : 804F4562
10:58:25:281 2516 IRP_MJ_SET_QUOTA : 804F4562
10:58:25:296 2516 C:\WINDOWS\system32\DRIVERS\iaStor.sys - Verdict: 1
10:58:25:296 2516
10:58:25:296 2516 Completed
10:58:25:296 2516
10:58:25:296 2516 Results:
10:58:25:296 2516 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
10:58:25:296 2516 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
10:58:25:296 2516 File objects infected / cured / cured on reboot: 0 / 0 / 0
10:58:25:296 2516
10:58:25:296 2516 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
10:58:25:296 2516 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
10:58:25:296 2516 KLMD(ARK) unloaded successfully


#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:32 PM

Posted 13 April 2010 - 01:04 PM

Hi again Big Chumpy!!.. smile.gif.

QUOTE(Big Chumpy @ Apr 13 2010, 03:04 AM) View Post
c_28591V.dll does not exist on my system

Ahh, that's my mistake - it probably exists but is hidden...

Anyway, strange, TDSSKiller did not see an infection... I reckon your problem persists (search engines redirect), right?.. Let's use ComboFix then:

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Post the log from ComboFix when you've accomplished that.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 14 April 2010 - 12:22 AM

I did a search of my hard drive including hidden and system files and it didn't find c_28591V.dll anywhere. Is that bad? huh.gif

Combofix completed successfully.
Theres a whole lot of log below for you to peruse. smile.gif

____________________________________________________________

ComboFix 10-04-13.02 - Big Chumpy 14/04/2010 14:58:22.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2558.1901 [GMT 10:00]
Running from: c:\documents and settings\Big Chumpy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\INSTALL.EXE

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GOOGLEUPDATEBETA


((((((((((((((((((((((((( Files Created from 2010-03-14 to 2010-04-14 )))))))))))))))))))))))))))))))
.

2010-04-11 05:48 . 2010-04-11 05:48 -------- d-----w- c:\program files\iPod
2010-04-11 05:48 . 2010-04-11 05:49 -------- d-----w- c:\program files\iTunes
2010-04-11 05:48 . 2010-04-11 05:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-11 05:46 . 2010-04-11 05:46 -------- d-----w- c:\program files\QuickTime
2010-04-11 05:43 . 2010-04-11 05:43 -------- d-----w- c:\program files\Bonjour
2010-04-11 05:31 . 2010-04-11 05:31 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-09 06:14 . 2010-04-09 06:14 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-06 03:29 . 2010-04-06 03:29 -------- d--h--r- c:\documents and settings\Big Chumpy\Application Data\SecuROM
2010-04-06 01:56 . 2010-04-06 01:56 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-06 01:13 . 2010-04-06 01:13 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-06 01:13 . 2010-04-06 01:13 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-06 01:13 . 2010-04-06 01:13 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-06 01:13 . 2010-04-06 01:13 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-06 01:13 . 2010-04-06 01:13 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-06 01:13 . 2010-04-06 01:13 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-06 01:13 . 2010-04-06 01:13 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-06 01:13 . 2010-04-06 01:13 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-06 01:13 . 2010-04-06 01:13 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-06 01:13 . 2010-04-06 01:13 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-06 01:13 . 2010-04-06 01:13 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-06 01:12 . 2010-04-06 01:12 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-06 01:12 . 2010-04-06 01:12 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-05 06:42 . 2010-04-05 06:45 38784 ----a-w- c:\documents and settings\Big Chumpy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-05 06:41 . 2010-04-05 06:45 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-05 06:37 . 2010-04-05 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-04-05 06:37 . 2010-04-05 06:37 -------- d-----w- C:\ProgramData
2010-04-05 05:19 . 2010-04-05 05:19 -------- d-----w- c:\program files\Common Files\Java
2010-04-05 05:15 . 2010-04-05 05:15 -------- d-----w- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2010-04-02 07:43 . 2010-04-02 07:43 -------- d-----w- c:\windows\system32\vmm32
2010-04-02 07:43 . 2010-04-02 07:43 -------- d-----w- c:\program files\Dell
2010-04-01 05:50 . 2010-04-01 05:50 -------- d-----w- c:\program files\ESET
2010-04-01 05:37 . 2010-04-01 05:37 -------- dc-h--w- c:\windows\ie8
2010-03-27 07:38 . 2010-03-27 07:38 -------- d-----w- c:\documents and settings\Big Chumpy\Application Data\Malwarebytes
2010-03-27 07:38 . 2010-03-29 14:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-27 07:38 . 2010-04-06 01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-27 07:38 . 2010-03-29 14:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 07:38 . 2010-03-27 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-24 10:48 . 2009-12-14 01:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-03-24 10:47 . 2010-03-24 10:47 -------- d-----w- C:\Intel
2010-03-24 06:34 . 2010-03-24 06:34 52224 ----a-w- c:\documents and settings\Big Chumpy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-24 06:34 . 2010-03-30 01:58 117760 ----a-w- c:\documents and settings\Big Chumpy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-24 06:32 . 2010-03-24 06:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-24 06:32 . 2010-03-24 06:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-24 06:32 . 2010-03-24 06:32 -------- d-----w- c:\documents and settings\Big Chumpy\Application Data\SUPERAntiSpyware.com
2010-03-24 05:28 . 2010-03-24 11:19 -------- d-----w- c:\documents and settings\Big Chumpy\Local Settings\Application Data\Opera
2010-03-24 05:28 . 2010-03-24 05:28 -------- d-----w- c:\program files\Opera
2010-03-24 04:58 . 2010-03-24 05:06 -------- d-----w- c:\program files\RegistryFix8
2010-03-19 05:26 . 2010-03-19 05:26 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-19 05:26 . 2010-03-19 05:26 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-19 05:26 . 2010-03-19 05:26 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-19 05:26 . 2010-03-19 05:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 11:40 . 2010-03-15 11:40 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-15 11:40 . 2010-04-05 05:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-15 11:39 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-03-15 11:39 . 2010-01-12 04:03 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-15 11:39 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-15 11:39 . 2010-01-12 04:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-03-15 11:39 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-03-15 11:39 . 2010-01-12 04:03 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-03-15 11:39 . 2010-03-15 11:39 -------- d-----w- C:\NVIDIA
2010-03-15 11:20 . 2010-03-15 11:20 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-15 11:19 . 2010-03-15 11:19 -------- d-----w- c:\documents and settings\Big Chumpy\Application Data\SystemRequirementsLab
2010-03-15 11:19 . 2010-03-15 11:19 290816 ----a-w- c:\documents and settings\Big Chumpy\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-03-15 11:19 . 2010-03-15 11:19 290816 ----a-w- c:\documents and settings\Big Chumpy\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-03-15 11:19 . 2010-03-15 11:19 290816 ----a-w- c:\documents and settings\Big Chumpy\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-03-15 11:19 . 2010-03-15 11:19 290816 ----a-w- c:\documents and settings\Big Chumpy\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-03-15 09:23 . 2010-04-07 22:52 -------- d-----w- c:\documents and settings\Big Chumpy\Local Settings\Application Data\eSupport.com
2010-03-15 09:02 . 2010-03-15 09:02 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2010-03-15 09:01 . 2010-03-15 09:01 199168 --sha-r- c:\windows\system32\c_28591V.dll
2010-03-15 09:01 . 2010-03-15 09:01 -------- d-----w- c:\documents and settings\Big Chumpy\Local Settings\Application Data\Downloaded Installations
2010-03-15 08:56 . 2010-03-15 08:56 -------- d-----w- c:\documents and settings\Big Chumpy\Application Data\AVG9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 05:04 . 2009-01-30 09:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-14 03:45 . 2010-02-04 05:44 0 ----a-w- c:\documents and settings\Big Chumpy\Local Settings\Application Data\prvlcl.dat
2010-04-14 03:29 . 2009-02-25 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-13 06:28 . 2009-02-07 23:40 -------- d-----w- c:\program files\Google
2010-04-13 06:13 . 2009-02-01 01:43 -------- d-----w- c:\documents and settings\Big Chumpy\Application Data\LimeWire
2010-04-11 05:48 . 2009-02-01 01:55 -------- d-----w- c:\program files\Common Files\Apple
2010-04-05 06:45 . 2009-06-13 05:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-05 05:18 . 2009-01-31 23:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-01 13:31 . 2009-02-10 01:21 -------- d-----w- c:\program files\DOSBox-0.72
2010-03-24 10:48 . 2009-11-16 01:03 -------- d-----w- c:\program files\Intel
2010-03-19 05:26 . 2010-01-24 02:07 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-19 05:26 . 2010-01-24 02:07 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-19 05:25 . 2010-01-24 02:07 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-18 07:45 . 2009-02-09 23:48 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-15 11:40 . 2009-02-09 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-03-15 09:12 . 2009-01-22 04:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 01:52 . 2009-01-30 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-13 00:48 . 2010-03-13 00:48 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-10 11:05 . 2010-03-10 10:58 -------- d-----w- c:\program files\ScummVM
2010-03-10 10:58 . 2010-03-10 10:58 -------- d-----w- c:\documents and settings\Big Chumpy\Application Data\ScummVM
2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 15:56 . 2009-02-01 01:56 -------- d-----w- c:\documents and settings\Big Chumpy\Application Data\Apple Computer
2010-03-02 08:23 . 2010-03-02 08:23 -------- d-----w- c:\program files\Common Files\PCSuite
2010-03-02 08:23 . 2009-09-04 10:53 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-02 08:22 . 2010-03-02 08:22 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-02 08:21 . 2009-02-14 00:47 -------- d-----w- c:\program files\Nokia
2010-03-02 08:20 . 2010-03-02 08:20 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-03-02 08:20 . 2010-03-02 08:20 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-03-02 08:20 . 2010-03-02 08:20 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-03-02 08:20 . 2010-03-02 08:20 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-03-02 08:20 . 2009-02-13 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-03-02 08:20 . 2010-03-02 08:21 34399664 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_eng.exe
2010-02-26 05:43 . 2010-02-25 22:31 -------- d-----w- c:\program files\Optus Wireless Broadband
2010-02-25 06:24 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 10:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2005-03-30 01:21 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2005-03-30 01:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 05:36 . 2010-02-15 05:36 503808 ----a-w- c:\documents and settings\Feral Hippie.A-LA-PUTA\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6b494dff-n\msvcp71.dll
2010-02-15 05:36 . 2010-02-15 05:36 499712 ----a-w- c:\documents and settings\Feral Hippie.A-LA-PUTA\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6b494dff-n\jmc.dll
2010-02-15 05:36 . 2010-02-15 05:36 348160 ----a-w- c:\documents and settings\Feral Hippie.A-LA-PUTA\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6b494dff-n\msvcr71.dll
2010-02-15 05:36 . 2010-02-15 05:36 61440 ----a-w- c:\documents and settings\Feral Hippie.A-LA-PUTA\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3da22b87-n\decora-sse.dll
2010-02-15 05:36 . 2010-02-15 05:36 12800 ----a-w- c:\documents and settings\Feral Hippie.A-LA-PUTA\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3da22b87-n\decora-d3d.dll
2010-02-12 04:33 . 2004-08-04 10:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 01:46 . 2010-02-12 01:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 01:46 . 2010-02-12 01:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-11 12:02 . 2004-08-04 10:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-27 02:56 . 2010-01-27 02:56 503808 ----a-w- c:\documents and settings\Big Chumpy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65634af6-n\msvcp71.dll
2010-01-27 02:56 . 2010-01-27 02:56 499712 ----a-w- c:\documents and settings\Big Chumpy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65634af6-n\jmc.dll
2010-01-27 02:56 . 2010-01-27 02:56 348160 ----a-w- c:\documents and settings\Big Chumpy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65634af6-n\msvcr71.dll
2010-01-27 02:55 . 2010-01-27 02:55 61440 ----a-w- c:\documents and settings\Big Chumpy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-777d0114-n\decora-sse.dll
2010-01-27 02:55 . 2010-01-27 02:55 12800 ----a-w- c:\documents and settings\Big Chumpy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-777d0114-n\decora-d3d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="c:\program files\Registry Mechanic\regmech.exe" [2009-07-31 2836376]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-09-25 3058624]
"Mobile Partner"="c:\program files\Optus Wireless Broadband\Optus Wireless Broadband.exe" [2010-02-26 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Gainward"="c:\program files\VDOTool\TBPanel.exe" [2007-06-26 2165272]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-01-06 2705752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 03:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-19 05:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Games\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Games\\Medieval\\Medieval.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/01/2010 12:07 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/01/2010 12:07 PM 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 9:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 9:15 AM 66632]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [19/03/2010 3:25 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [19/03/2010 3:26 PM 308064]
S2 gupdate1c9897da26da302;Google Update Service (gupdate1c9897da26da302);c:\program files\Google\Update\GoogleUpdate.exe [8/02/2009 9:41 AM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 9:15 AM 12872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4cc2dd7-2296-11df-b335-001f81000250}]
\Shell\AutoRun\command - E:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 23:41]

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 23:41]

2010-04-11 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-24 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.firecu.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {C3388DD0-D5F1-437B-A167-5A0407893684} = 211.29.132.12 61.88.88.88
FF - ProfilePath - c:\documents and settings\Big Chumpy\Application Data\Mozilla\Firefox\Profiles\91h7an71.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.firecu.com.au/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 15:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1275210071-115176313-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:ea,21,ce,17,0f,c6,73,f0,3c,9e,70,f9,21,44,fd,e3,19,d2,39,0b,16,
81,f3,9a,c4,af,ed,59,16,4c,f8,3b,27,99,d7,8b,18,96,e4,1c,bf,fe,4b,58,c7,7e,\
"rkeysecu"=hex:42,9d,fb,03,33,c1,e9,68,ba,42,60,59,23,8f,1d,70
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(488)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\WININET.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\stsystra.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-14 15:07:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-14 05:07

Pre-Run: 100,896,145,408 bytes free
Post-Run: 101,130,260,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - DBEECC169A187FF27A9D82117E56FB1D


#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:32 PM

Posted 14 April 2010 - 02:46 PM

Hi again Big Chumpy!!.. smile.gif.

QUOTE(Big Chumpy @ Apr 14 2010, 07:22 AM) View Post
I did a search of my hard drive including hidden and system files and it didn't find c_28591V.dll anywhere. Is that bad? huh.gif

No, not bad... The file is present, though:
2010-03-15 09:01 . 2010-03-15 09:01 199168 --sha-r- c:\windows\system32\c_28591V.dll

Anyway, logfile looks ok to me - tell me what problem persists... If you get search engines redirects, is it in Firefox only or in IE as well??..

Please do the following:
Start --> Run --> write cmd and click OK...

Once in the Command prompt, write this line in bold and click Enter:
attrib -r -h -s -a c:\windows\system32\c_28591V.dll

That file will be visible to you know... Upload it to http://www.virustotal.com/ and send a link to the results...

Also, I suggest you uninstall IObit SmartDefrag - that company stole MalwareBytes' intellectual property: IOBit Steals Malwarebytes’ Intellectual Property
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 14 April 2010 - 11:22 PM

Hmm... The search engines seem to be working fine today (for the first time in weeks)

The problem was the same with any search engine or internet browser that I used.
Only the links on the page were affected. I could always type out the address in the address bar without incident.

QUOTE
Once in the Command prompt, write this line in bold and click Enter:
attrib -r -h -s -a c:\windows\system32\c_28591V.dll

I got the message, "Access Denied - C:\windows\system32\c_28591V.dll" when I tried this.


I got rid of Smart Defrag as well (theiving little bastards!!). mad.gif
Can you suggest an alternative?


#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:32 PM

Posted 15 April 2010 - 11:27 AM

Hi again Big Chumpy!!.. smile.gif.

QUOTE(Big Chumpy @ Apr 15 2010, 06:22 AM) View Post
Hmm... The search engines seem to be working fine today (for the first time in weeks)

The problem was the same with any search engine or internet browser that I used.
Only the links on the page were affected. I could always type out the address in the address bar without incident.

That may be a good news... I know what infection is responsible for that in most cases - however, in spite of not having a Gmer scan in Normal Mode, as far as I can see, that infection is not present on your computer anymore...

QUOTE
I got the message, "Access Denied - C:\windows\system32\c_28591V.dll" when I tried this.

Hmm, that's strange... Let's investigate with RootRepeal first:

Please close all antivirus and antimalware programs so they do not interfere with the running of RootRepeal.
  • Please download RootRepeal.zip from here.
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab (1) and click on the Scan button (2).


  • Select ALL of the checkboxes (3) and then click OK and it will start scanning your system.
  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report (4).
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.
QUOTE
I got rid of Smart Defrag as well (theiving little bastards!!). mad.gif
Can you suggest an alternative?

Take a look at that free program: Defraggler

EDIT:
On the second thought, please do the following as well:

Please reconfigure Windows XP to show hidden files:
    1. Click Start -> My Computer.
    2. Select the Tools menu and click Folder Options. Then select the View tab.
    3. Under the Hidden files and folders heading check "Show hidden files and folders".
    4. Uncheck the "Hide file extensions for known file types" option.
    5. Uncheck the "Hide protected operating system files (recommended)" option.
    6. Click Yes to confirm. Click OK.

Is that file visible to you now?.. If yes, try uploading it to VirusTotal... smile.gif..

Edited by snemelk, 15 April 2010 - 11:30 AM.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 16 April 2010 - 03:09 AM

Gday again snemelk,

I found it!! (the c_28591V.dll file I mean) thumbup.gif
Unfortunately when I try to upload it to VirusTotal, I get the message - 0 bytes size received / Se ha recibido un archivo vacio
Then I tried the VT Uploader and got the message - Could not open files C:\windows\system32\c_28591V.dll
I even tried to send the file via email but it told me - Some of the files could not be found,and could not be attached to the message
This file was created to drive me crazy crazy.gif

On the up side, I managed to do the RootRepeal report smile.gif

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/04/16 17:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xA64E8000 Size: 815104 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA5627000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\program files\optus wireless broadband\log\atrecord.txt
Status: Size mismatch (API: 341766, Raw: 341206)

Path: c:\program files\optus wireless broadband\log\callbalk_trace.txt
Status: Size mismatch (API: 185757, Raw: 185304)

Path: c:\program files\optus wireless broadband\log\func_trace.txt
Status: Size mismatch (API: 91054, Raw: 90768)

Path: c:\program files\optus wireless broadband\log\trace_0.txt
Status: Size mismatch (API: 257319, Raw: 256713)

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.ISOImage.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.ISOImage.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Big Chumpy\Local Settings\Apps\2.0\PAPK9O2L.CHA\2WVHRZ8E.T1Z\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

==EOF==

#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:32 PM

Posted 16 April 2010 - 05:14 PM

Hi again Big Chumpy!!.. smile.gif.

QUOTE(Big Chumpy @ Apr 16 2010, 10:09 AM) View Post
I found it!! (the c_28591V.dll file I mean) thumbup.gif
Unfortunately when I try to upload it to VirusTotal, I get the message - 0 bytes size received / Se ha recibido un archivo vacio

That file is probably in use... As I'm looking at it again, it may be realted to AVG or Driver Detective... I'd like to investigate it, though, as it looks suspicious to me...

Please do the following:
Firstly,
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Copy the command below to the clipboard by highlighting it and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    c_28591V.dll /rs

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Secondly,
Boot into Recovery Console: How to start the Recovery Console
When you're presented with a C:\Windows> prompt, execute the following command (write it and click Enter) 0 watch the spaces!:

copy c:\windows\system32\c_28591V.dll c:\windows\system32\c_28591V.dll.old

Then, type Exit and click Enter...
Once in Normal Mode, scan c:\windows\system32\c_28591V.dll.old file on VirusTotal... smile.gif..
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 16 April 2010 - 09:53 PM

All right!

OldTimer logs completed.
_____________________________________

OTL logfile created on: 17/04/2010 11:52:59 AM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Big Chumpy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.82 Gb Total Space | 94.25 Gb Free Space | 64.64% Space Free | Partition Type: NTFS
Drive D: | 6.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 23.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: A-LA-PUTA
Current User Name: Big Chumpy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/17 11:50:50 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Big Chumpy\Desktop\OTL.exe
PRC - [2010/04/07 11:13:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/06 11:13:22 | 002,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/06 11:12:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/19 15:26:26 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/19 15:26:26 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/19 15:26:23 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/19 15:25:50 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/19 15:25:50 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 18:18:33 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/02/26 15:42:35 | 000,114,688 | ---- | M] () -- C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
PRC - [2010/02/18 15:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/09/25 23:19:02 | 003,058,624 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2009/07/31 11:56:02 | 002,836,376 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2009/06/30 13:12:58 | 001,032,192 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/06/03 13:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/26 13:58:14 | 002,165,272 | ---- | M] (Palit Microsystems, Inc.) -- C:\Program Files\VDOTool\TBPANEL.exe
PRC - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 12:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/11 14:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/03/20 15:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2010/04/17 11:50:50 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Big Chumpy\Desktop\OTL.exe
MOD - [2009/02/14 02:22:35 | 000,117,696 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 15:26:23 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/19 15:25:50 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/27 08:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/11 14:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - [2010/03/19 15:26:27 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/19 15:26:26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/19 15:25:50 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/17 09:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 09:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 09:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/12 14:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/10/06 10:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 10:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 10:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 10:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/09/27 03:57:34 | 000,025,768 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/09/25 08:59:35 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008/10/17 08:30:44 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/14 02:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/21 11:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)
DRV - [2007/03/16 09:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 09:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006/06/05 12:49:08 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/03/20 15:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/06/30 11:23:34 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2005/06/13 15:27:56 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.firecu.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.firecu.com.au/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {d122ad80-ff45-11dd-87af-0800200c9a66}:3.6.29.01.10

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/21 09:19:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/03/02 18:23:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 15:46:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/11 15:46:23 | 000,000,000 | ---D | M]

[2010/01/16 10:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Chumpy\Application Data\Mozilla\Extensions
[2009/02/01 11:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Chumpy\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/16 17:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Chumpy\Application Data\Mozilla\Firefox\Profiles\91h7an71.default\extensions
[2010/01/16 11:33:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Big Chumpy\Application Data\Mozilla\Firefox\Profiles\91h7an71.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/02 14:42:59 | 000,000,000 | ---D | M] (Green Fox) -- C:\Documents and Settings\Big Chumpy\Application Data\Mozilla\Firefox\Profiles\91h7an71.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2010/03/24 15:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Chumpy\Application Data\Mozilla\Firefox\Profiles\91h7an71.default\extensions\Foxdie@tanjihay.com
[2010/04/13 11:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Chumpy\Application Data\Mozilla\Firefox\Profiles\91h7an71.default\extensions\personas@christopher.beard
[2010/03/24 20:39:57 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\Big Chumpy\Application Data\Mozilla\Firefox\Profiles\91h7an71.default\searchplugins\askcom.xml
[2010/04/16 17:06:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/13 10:47:52 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/13 10:47:52 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/13 10:47:52 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/13 10:47:52 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/14 15:03:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe (Palit Microsystems, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SmartDefrag] C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe File not found
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe ()
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\regmech.exe (PC Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk = C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Amazing Adventures The Lost Tomb\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1233307772859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Amazing Adventures The Lost Tomb\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Big Chumpy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Big Chumpy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/22 11:27:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/08 04:20:41 | 000,045,056 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/10/08 04:38:56 | 000,000,159 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/09/04 23:27:58 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/25 15:35:24 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{47e74322-d24f-11de-81a9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{47e74322-d24f-11de-81a9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{47e74322-d24f-11de-81a9-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2006/10/08 04:20:41 | 000,045,056 | R--- | M] ()
O33 - MountPoints2\{a4cc2dd7-2296-11df-b335-001f81000250}\Shell - "" = AutoRun
O33 - MountPoints2\{a4cc2dd7-2296-11df-b335-001f81000250}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4cc2dd7-2296-11df-b335-001f81000250}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/09/04 23:27:58 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/17 11:50:39 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Big Chumpy\Desktop\OTL.exe
[2010/04/16 17:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/04/16 17:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2010/04/16 16:59:50 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Big Chumpy\Desktop\RootRepeal.exe
[2010/04/15 13:19:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/14 14:57:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/14 14:54:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/14 14:54:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/14 14:54:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/14 14:54:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/14 14:54:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/14 14:53:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/13 10:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Chumpy\Desktop\tdsskiller
[2010/04/11 15:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/11 15:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/11 15:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/11 15:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/11 15:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/06 13:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Chumpy\My Documents\EA Games
[2010/04/06 13:29:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Big Chumpy\Application Data\SecuROM
[2010/04/05 16:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData
[2010/04/05 16:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/04/05 15:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/05 15:19:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/05 15:19:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/05 15:19:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/05 15:19:08 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/05 15:15:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
[2010/04/02 16:42:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/01 15:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/01 15:37:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/03/27 17:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Chumpy\Application Data\Malwarebytes
[2010/03/27 17:38:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/27 17:38:00 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 17:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/27 17:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/24 20:48:21 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/03/24 20:47:48 | 000,000,000 | ---D | C] -- C:\Intel
[2010/03/24 16:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/03/24 16:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Chumpy\Application Data\SUPERAntiSpyware.com
[2010/03/24 16:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/24 15:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Chumpy\Local Settings\Application Data\Opera
[2010/03/24 15:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/03/24 14:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\RegistryFix8
[2010/03/19 15:26:26 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/24 12:05:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/24 12:05:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/24 12:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/24 12:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/24 08:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2009/11/24 08:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/11/24 08:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/02/10 08:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/17 11:52:13 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2010/04/17 11:50:50 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Big Chumpy\Desktop\OTL.exe
[2010/04/17 11:45:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Big Chumpy\Local Settings\Application Data\prvlcl.dat
[2010/04/17 11:23:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/17 10:13:50 | 058,982,135 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/17 10:11:25 | 000,512,226 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/17 10:11:25 | 000,434,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/17 10:11:25 | 000,068,588 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/17 10:07:32 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/17 10:07:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/17 10:07:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/17 10:07:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/16 22:24:56 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Big Chumpy\NTUSER.DAT
[2010/04/16 17:13:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Big Chumpy\Desktop\settings.dat
[2010/04/15 13:15:18 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/04/14 15:03:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/14 15:03:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/14 14:57:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/14 14:39:14 | 003,914,375 | R--- | M] () -- C:\Documents and Settings\Big Chumpy\Desktop\ComboFix.exe
[2010/04/14 13:28:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 10:33:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/10 12:33:26 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/09 23:11:12 | 006,428,786 | -H-- | M] () -- C:\Documents and Settings\Big Chumpy\Local Settings\Application Data\IconCache.db
[2010/04/09 21:36:21 | 000,000,076 | ---- | M] () -- C:\Documents and Settings\Big Chumpy\default.pls
[2010/04/08 09:07:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Big Chumpy\defogger_reenable
[2010/04/06 13:04:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Big Chumpy\ntuser.ini
[2010/04/05 15:18:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/05 15:18:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/05 15:18:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/05 15:18:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/05 15:18:55 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 17:44:54 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Big Chumpy\Desktop\zztoy.lnk
[2010/03/24 16:32:19 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\Big Chumpy\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/19 15:26:27 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/19 15:26:26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/19 15:26:26 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/19 15:25:50 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/16 17:13:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Big Chumpy\Desktop\settings.dat
[2010/04/15 13:15:18 | 000,000,394 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/04/14 14:57:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/14 14:57:20 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/14 14:54:15 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/14 14:54:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/14 14:54:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/14 14:54:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/14 14:54:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/14 14:37:54 | 003,914,375 | R--- | C] () -- C:\Documents and Settings\Big Chumpy\Desktop\ComboFix.exe
[2010/04/08 09:07:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Big Chumpy\defogger_reenable
[2010/03/27 17:44:54 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Big Chumpy\Desktop\zztoy.lnk
[2010/03/24 16:32:19 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\Big Chumpy\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/15 19:01:39 | 000,199,168 | RHS- | C] () -- C:\WINDOWS\System32\c_28591V.dll
[2010/02/10 15:28:51 | 000,000,043 | ---- | C] () -- C:\WINDOWS\PROGMAN.INI
[2010/02/04 15:44:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Big Chumpy\Local Settings\Application Data\prvlcl.dat
[2010/01/25 17:06:46 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Big Chumpy\.recently-used.xbel
[2009/09/04 20:29:01 | 000,004,981 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2009/07/04 10:39:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Big Chumpy\S-1-5-21-1275210071-115176313-725345543-1004.rrr.LOG
[2009/07/04 10:34:47 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS47.DLL
[2009/05/04 12:53:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/04/10 11:54:12 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2009/04/10 11:24:01 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2009/04/08 16:07:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/03/16 12:32:11 | 000,000,078 | ---- | C] () -- C:\WINDOWS\savers.ini
[2009/03/11 10:28:44 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2009/03/08 19:40:59 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\Big Chumpy\default.pls
[2009/03/08 19:40:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/08 19:35:20 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Big Chumpy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/31 17:47:28 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/31 17:43:29 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX5500Asia.ini
[2009/01/22 14:15:50 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2009/01/22 13:57:56 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Big Chumpy\ntuser.dat.LOG
[2009/01/22 13:57:56 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Big Chumpy\ntuser.ini
[2009/01/22 13:57:55 | 006,029,312 | ---- | C] () -- C:\Documents and Settings\Big Chumpy\NTUSER.DAT
[2009/01/22 13:57:55 | 005,242,880 | ---- | C] () -- C:\Documents and Settings\Big Chumpy\ntuser.dat.rmbak
[2008/12/31 16:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/07/23 12:34:17 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

========== Custom Scans ==========


< c_28591V.dll /rs >
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Search Assistant\ACMru\5603\\001: c_28591v.dll [2010/03/15 19:01:39 | 000,199,168 | RHS- | M] ()
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\\c: C:\WINDOWS\system32\c_28591V.dll [2010/03/15 19:01:39 | 000,199,168 | RHS- | M] ()
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll\\b: C:\WINDOWS\system32\c_28591V.dll [2010/03/15 19:01:39 | 000,199,168 | RHS- | M] ()

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:621BEE66
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6C77675
< End of report >
__________________________________________________________________

OTL Extras logfile created on: 17/04/2010 11:52:59 AM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Big Chumpy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.82 Gb Total Space | 94.25 Gb Free Space | 64.64% Space Free | Partition Type: NTFS
Drive D: | 6.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 23.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: A-LA-PUTA
Current User Name: Big Chumpy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Games\Neverwinter Nights 2\nwn2main.exe" = C:\Games\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"C:\Games\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Games\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"C:\Games\Neverwinter Nights 2\nwupdate.exe" = C:\Games\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"C:\Games\Neverwinter Nights 2\nwn2server.exe" = C:\Games\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Games\Medieval\Medieval.exe" = C:\Games\Medieval\Medieval.exe:*:Enabled:Top Down Arcade-Adventure Game -- (Monolith Productions Inc.)
"C:\Program Files\Activision\Prototype\prototypef.exe" = C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype™ -- (Activision)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Games\Mirror's Edge\Binaries\MirrorsEdge.exe" = C:\Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™ -- (EA Digital Illusions CE AB)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{5241FB1B-9CF5-448C-3BFD-1AE58B061033}" = Nero 7 Ultra Edition
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6EB6C056-02BB-453E-8448-EC90B9794180}" = Nokia Multimedia Common Components 2.4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D49D55D-9837-4E0E-AE3B-05C7BEC5CD1F}" = Opera 10.51
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4C10EEF-D26C-410D-82E7-73370C6FD812}" = Neverwinter Nights Gold Edition
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC432844-6914-4421-910C-F1B05B3A761C}" = Nokia Music
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"555 Games XP Championship" = 555 Games XP Championship
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Amazing Adventures The Lost Tomb" = Amazing Adventures The Lost Tomb
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Defraggler" = Defraggler
"EA Download Manager" = EA Download Manager
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Get Medieval" = Get Medieval
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire PRO 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Optus Wireless Broadband" = Optus Wireless Broadband
"Photo DVD Maker Professional" = Photo DVD Maker Professional 7.97
"PROSet" = Intel® PRO Network Connections Drivers
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"Registry Mechanic_is1" = Registry Mechanic 8.0
"ScummVM_is1" = ScummVM 1.0.0
"SystemRequirementsLab" = System Requirements Lab
"VDMSound" = VDMSound
"VDOTool_is1" = VDOTool 5.3
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/04/2010 2:16:42 AM | Computer Name = A-LA-PUTA | Source = Bonjour Service | ID = 100
Description = 432: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/04/2010 2:16:42 AM | Computer Name = A-LA-PUTA | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/04/2010 9:20:38 PM | Computer Name = A-LA-PUTA | Source = Application Hang | ID = 1002
Description = Hanging application wlmail.exe, version 14.0.8050.1202, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/04/2010 9:20:47 PM | Computer Name = A-LA-PUTA | Source = Application Hang | ID = 1001
Description = Fault bucket 1041105223.

Error - 14/04/2010 1:04:42 AM | Computer Name = A-LA-PUTA | Source = MsiInstaller | ID = 11706
Description = Product: Dell Resource CD -- Error 1706.No valid source could be found
for product Dell Resource CD. The Windows Installer cannot continue.

Error - 14/04/2010 1:04:50 AM | Computer Name = A-LA-PUTA | Source = MsiInstaller | ID = 11706
Description = Product: Dell Resource CD -- Error 1706.No valid source could be found
for product Dell Resource CD. The Windows Installer cannot continue.

Error - 14/04/2010 11:15:50 PM | Computer Name = A-LA-PUTA | Source = MsiInstaller | ID = 11706
Description = Product: Dell Resource CD -- Error 1706.No valid source could be found
for product Dell Resource CD. The Windows Installer cannot continue.

Error - 15/04/2010 4:23:05 AM | Computer Name = A-LA-PUTA | Source = Google Update | ID = 20
Description =

Error - 15/04/2010 5:23:05 AM | Computer Name = A-LA-PUTA | Source = Google Update | ID = 20
Description =

Error - 16/04/2010 2:54:37 AM | Computer Name = A-LA-PUTA | Source = MsiInstaller | ID = 11706
Description = Product: Dell Resource CD -- Error 1706.No valid source could be found
for product Dell Resource CD. The Windows Installer cannot continue.

[ System Events ]
Error - 16/04/2010 2:55:42 AM | Computer Name = A-LA-PUTA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 16/04/2010 2:55:42 AM | Computer Name = A-LA-PUTA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 16/04/2010 2:55:42 AM | Computer Name = A-LA-PUTA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 16/04/2010 2:55:42 AM | Computer Name = A-LA-PUTA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 16/04/2010 2:55:42 AM | Computer Name = A-LA-PUTA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 16/04/2010 2:55:42 AM | Computer Name = A-LA-PUTA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 16/04/2010 2:55:42 AM | Computer Name = A-LA-PUTA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 16/04/2010 2:55:42 AM | Computer Name = A-LA-PUTA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 16/04/2010 2:55:42 AM | Computer Name = A-LA-PUTA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 16/04/2010 2:55:43 AM | Computer Name = A-LA-PUTA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
________________________________________________________

And VirusTotal scanned the file.

VirusTotal Results

I really appreciate all this help by the way. It would have been an absolute nightmare. thumbup2.gif

#12 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:32 PM

Posted 17 April 2010 - 06:25 PM

Hi again Big Chumpy and thank you for the logs!.. smile.gif.

QUOTE(Big Chumpy @ Apr 17 2010, 04:53 AM) View Post
And VirusTotal scanned the file.

VirusTotal Results

It came clean, good... It's probably a Microsoft file: Hungarian 101-key Keyboard Layout wacko.gif

QUOTE
I really appreciate all this help by the way. It would have been an absolute nightmare. thumbup2.gif

You're welcome!.. welcome.gif

If no problem persists:

Start Adobe Acrobat Reader --> Help --> Check for updates

Close any open browsers/windows/programs...
Double-click on the file in bold: C:\Program files\Java\jre6\bin\javacpl.exe --> Open tab: Update --> click Update now

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

Then,
Reconfigure Windows XP to hide hidden files:
1. Click Start -> My Computer.
2. Select the Tools menu and click Folder Options. Then select the View tab.
3. Under the Hidden files and folders heading uncheck "Show hidden files and folders".
4. Check the "Hide protected operating system files (recommended)" option.
5. Check the "Hide file extensions for known file types" option.
6. Click Yes to confirm. Click OK.

Then,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Finally,
Please, set up a new System Restore point:

Turn off System Restore

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

The to turn it back on
1. Wait for Windows to finish clearing Restore Points.
2. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Please check my site - snemelk.hekko.pl. There, you'll find a few steps to make your web browsing safer. thumbup2.gif

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again! thumbup2.gif
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#13 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 18 April 2010 - 03:38 AM

Hi snemelk,

Thats all done and everything is going great.

Thanks heaps. You are a champion!! clapping.gif

I'm in the process of browsing your site and getting myself a bit of additional protection.


#14 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:32 PM

Posted 18 April 2010 - 02:13 PM

Hi again Big Chumpy!!.. smile.gif.

QUOTE(Big Chumpy @ Apr 18 2010, 10:38 AM) View Post
Thats all done and everything is going great.

Thanks heaps. You are a champion!! clapping.gif

Thank you! And good to hear everything works fine!.. thumbup2.gif

Glad I could help. smile.gif

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users