Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with...Something.


  • This topic is locked This topic is locked
27 replies to this topic

#1 JonFox

JonFox

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 03 May 2010 - 09:03 AM

Hey, all.

I'm positive there's something wrong with my computer. It started about three days ago with AntispywareSoft. Then it began again a day or two later with some Copyright infringement thing. I forget what it was called. Then next it was Desktop Protector 2010 yesterday evening. I've been running AdAware and Avira. Everyone's told me to use MalwareByte's, but I can neither get it to run on my PC or access their website.

Following the prep guide, I ran DDS and here is the log for that. I also have a HijackThis log, which I'll also attatch here. I've also ran RKill and it kills a few things that I recognize from AntispywareSoft. I need help cleaning this out of here...Please...I hope this is enough information....






DDS (Ver_10-03-17.01) - NTFSx86
Run by Jonathan Fox at 8:22:13.76 on Sun 05/02/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.130 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:Program FilesLavasoftAd-AwareAAWService.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:Program FilesCommon FilesAOL1240798136eeAOLSoftware.exe
C:WINDOWSsystem32rundll32.exe
"C:WINDOWSsystem32driverssvchost.exe"
C:Program FilesWindows Media PlayerWMPNSCFG.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesCommon FilesAOL1240798136eeAOLDesktop.exe
C:Program FilesAviraAntiVir Desktopavguard.exe
C:Program FilesCommon FilesAOLACSAOLacsd.exe
C:WINDOWSsystem32CTsvcCDA.EXE
C:WINDOWSSystem32svchost.exe -k HTTPFilter
C:Program FilesJavajre6binjqs.exe
C:Program FilesAnalog DevicesSoundMAXspkrmon.exe
C:WINDOWSwanmpsvc.exe
C:WINDOWSsystem32MsPMSPSv.exe
C:Program FilesLavasoftAd-AwareAAWTray.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSexplorer.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesAOL 9.1waol.exe
C:Program FilesAOL 9.1shellmon.exe
C:Documents and SettingsJonathan FoxMy DocumentsDefogger.exe
C:Documents and SettingsJonathan FoxMy Documentsdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.babylon.com/home
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:program filesaol toolbaraoltb.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:program filesaol toolbaraoltb.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:program filesaol toolbaraoltb.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:program filesaskbardisbarbinaskBar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:program filesveoh networksveohwebplayerVeohIEToolbar.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:program filesaol toolbaraoltb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:windowssystem32Shdocvw.dll
uRun: [SVCHOST.EXE] c:windowssystem32driverssvchost.exe
uRun: [WMPNSCFG] c:program fileswindows media playerWMPNSCFG.exe
uRun: [urrqnkdrv] rundll32.exe "awtssr.dll",s
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [HostManager] c:program filescommon filesaol1240798136eeAOLSoftware.exe
mRun: [MSConfig] c:windowspchealthhelpctrbinariesMSConfig.exe /auto
mRun: [fcccyvdrv] rundll32.exe "awtssr.dll",s
mRun: [mlkiifsys] rundll32.exe "opqnlj.dll",DllRegisterServer
mRunServices: [launchlaunch9961] c:docume~1jonath~1locals~1tempCpVK.exe
mRunServices: [AOLSoftwareaexplore] c:program filescommon filesaol1240798136eeservicesbrowserappver2_1_28_1resourcesen-usaexplorelibraries.exe
mRunServices: [QuickTimeResourcesQuickTime] c:program filesquicktimeqtsystemquicktimempeg.resourcesko.lprojquicktimequicktimeresources.exe
mRunServices: [enhancedFavoritesenhFav] c:program filescommon filesaol1240798136eeservicesenhancedfavoritesver1_5_4_1enhancedfavoritesenhfav.exe
mRunServices: [ServiceAOLLaunch] c:program filesaolaoldesktopaollaunchservice.exe
mRunServices: [ServiceAOLSoftware] c:program filescommon filesaol1240798136eeservicesbrowserappver2_1_28_1resourcesen-usaexplorelibraries.exe
mRunServices: [PhobosCDDBControl] c:program filesaol 9.1mediaphoboscddbcontrolaol.exe
mRunServices: [ServiceNotification] c:program filescommon filesaol1240798136eeservicesnotificationver6_4_1_1notifyservice.exe
mRunServices: [AresCore] c:program filesaol 9.1mediaphoboscddbcontrolaol.exe
dRun: [vttrqrsys] rundll32.exe "opqnlj.dll",DllRegisterServer
dRun: [urppqpdrv] rundll32.exe "awtssr.dll",s
StartupFolder: c:docume~1jonath~1startm~1programsstartupaoldes~1.lnk - c:program filescommon filesaollaunchaollaunch.exe
IE: &AOL Toolbar Search - c:documents and settingsall usersapplication dataaolietoolbarresourcesen-uslocalsearch.html
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:windowssystem32Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.146,85.255.112.76
TCP: {A821A7AE-6622-4E58-BA8F-6F454765D097} = 85.255.112.146,85.255.112.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 opqnlj.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1jonath~1applic~1mozillafirefoxprofiles9eayc1az.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - prefs.js: network.proxy.type - 1
FF - component: c:documents and settingsjonathan foxapplication datamozillafirefoxprofiles9eayc1az.defaultextensions{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}componentsWinampPlayer.dll
FF - plugin: c:program filesdivxdivx plus web playernpdivx32.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpdnu.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpFoxitReaderPlugin.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpunagi2.dll
FF - plugin: c:program filesveoh networksveohwebplayernpWebPlayerVideoPluginATL.dll
FF - plugin: c:program filesviewpointviewpoint experience technologynpViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesmozilla firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesmozilla firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesmozilla firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("html5.enable", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2009-10-9 64160]
R1 avgio;avgio;c:program filesaviraantivir desktopavgio.sys [2009-4-26 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesaviraantivir desktopsched.exe [2009-4-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:program filesaviraantivir desktopavguard.exe [2009-4-26 185089]
R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2009-4-26 56816]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program fileslavasoftad-awareAAWService.exe [2009-7-3 1029456]
S3 pbfilter;pbfilter;c:program filespeerblockpbfilter.sys [2009-12-6 14424]

=============== Created Last 30 ================

2010-05-02 15:21:29 0 ----a-w- c:documents and settingsjonathan foxdefogger_reenable
2010-05-02 14:52:39 0 d-----w- c:program filesTrend Micro
2010-04-30 07:06:10 95232 ---ha-w- c:windowssystem32awtssr.dll
2010-04-30 07:01:01 89088 ---ha-w- c:windowssystem32opqnlj.dll
2010-04-30 03:35:46 48127 ----a-w- c:windowsSysvxd.exe
2010-04-30 01:55:30 33452 ----a-w- c:windowssystem32driverssvchost.exe
2010-04-29 11:48:34 727 ----a-w- c:windowsGmud.INI
2010-04-29 11:48:11 0 d-----w- c:program filesGMUD32
2010-04-29 08:15:17 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-04-29 08:15:15 20824 ----a-w- c:windowssystem32driversmbam.sys
2010-04-29 07:48:56 0 d-----w- c:program filesSpyware Doctor
2010-04-29 07:48:56 0 d-----w- c:program filescommon filesPC Tools
2010-04-29 07:48:56 0 d-----w- c:docume~1alluse~1applic~1PC Tools
2010-04-29 07:47:58 0 d-----w- c:program filesRq
2010-04-29 07:39:54 0 d-----w- c:windowspss
2010-04-25 09:12:39 6412 ----a-w- C:Pokemon Trading Card Game.clt
2010-04-23 08:09:01 8412 ----a-w- C:Lufia - The Ruins of Lore.clt
2010-04-23 07:02:07 8412 ----a-w- C:Breath of Fire.clt
2010-04-23 06:28:03 8412 ----a-w- C:Legend of Zelda - The Minish Cap, The.clt
2010-04-23 06:15:29 8412 ----a-w- C:Harvest Moon - Friends of Mineral Town.clt
2010-04-20 13:18:06 8412 ----a-w- C:Golden Sun.clt
2010-04-20 10:56:17 8412 ----a-w- C:Final Fantasy Tactics Advance.clt

==================== Find3M ====================

2009-06-25 08:16:44 8 ----a-w- c:program filesfxxp.txt

============= FINISH: 8:23:06.00 ===============Attached File  Attach.txt   6.68KB   6 downloadsAttached File  ark.txt   21.2KB   9 downloadsAttached File  hijackthis.log   6.92KB   5 downloads

AntispywareSoft just came back on my computer.

Edited by Budapest, 04 May 2010 - 07:04 PM.
Posts merged ~BP


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:16 PM

Posted 05 May 2010 - 12:18 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 JonFox

JonFox
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 05 May 2010 - 01:29 PM

OK. I did the scan, and it just completed. But I figured I should note here that before and during the scan, my Avira kept popping notifications about TR/Crypt.XPACK.Gen. It popped notifications about it about seven times in total and every time I blocked it. I just wanted to make a note of that here just in case, to be on the safe side. And thanks for the Welcome!!!


OTL.txt:


OTL logfile created on: 5/4/2010 2:11:28 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Jonathan Fox\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 91.00 Mb Available Physical Memory | 18.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 38.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 213.13 Gb Free Space | 71.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JONATHAN
Current User Name: Jonathan Fox
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/04 14:10:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan Fox\My Documents\OTL.exe
PRC - [2010/05/03 21:19:33 | 006,364,992 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2010/04/14 09:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/04 19:56:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/24 17:02:32 | 001,280,272 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/10/10 14:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/08/06 02:05:30 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/03 07:49:06 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/06/09 20:02:59 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2008/11/06 04:42:59 | 000,054,568 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\shellmon.exe
PRC - [2008/11/06 04:42:59 | 000,039,208 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\waol.exe
PRC - [2008/06/24 11:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1240798136\ee\aolsoftware.exe
PRC - [2007/04/02 05:33:32 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/08/12 06:57:20 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2003/01/10 17:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/05/04 14:10:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan Fox\My Documents\OTL.exe
MOD - [2008/11/06 04:42:57 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2008/11/06 04:42:56 | 000,006,144 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\idleproc.dll
MOD - [2007/03/26 11:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2004/08/12 07:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/08/12 06:55:50 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/03 21:19:33 | 006,364,992 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 09:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/08/06 02:05:30 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/03 07:49:06 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/06/09 20:02:59 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/07/30 09:27:04 | 000,041,768 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2003/01/10 17:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2010/05/03 21:19:35 | 000,030,320 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2010/05/03 21:19:34 | 000,054,920 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/05/03 21:19:34 | 000,024,400 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2010/04/14 09:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/04/14 09:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/04/14 09:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/04/14 09:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/04/14 09:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/14 09:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/08 01:51:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/28 03:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/07/03 07:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/09 20:02:59 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/27 18:18:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/04/25 22:03:23 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/06/15 02:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/01/10 10:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 10:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/03/22 10:24:00 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/11/17 13:59:20 | 000,212,224 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1614895754-1085031214-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
IE - HKU\S-1-5-21-1614895754-1085031214-725345543-1004\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKU\S-1-5-21-1614895754-1085031214-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1614895754-1085031214-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1614895754-1085031214-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.13.15.1
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..keyword.URL: "http://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 22:38:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 19:57:06 | 000,000,000 | ---D | M]

[2009/04/26 18:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan Fox\Application Data\Mozilla\Extensions
[2010/05/04 05:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\extensions
[2010/05/04 00:29:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/23 23:51:29 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/08/17 07:56:08 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/04/26 23:07:02 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/01/02 23:14:52 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Documents and Settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010/03/23 18:35:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/06/10 15:00:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/02/07 15:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\extensions\searchrecs@veoh.com
[2009/04/26 23:07:12 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\searchplugins\aol-search.xml
[2010/05/04 05:13:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/26 18:13:02 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/02 23:14:46 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2004/08/12 06:57:47 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-1614895754-1085031214-725345543-1004\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [byvtqrdrv] C:\WINDOWS\System32\awtssr.dll ()
O4 - HKLM..\Run: [fcbbyasys] C:\WINDOWS\System32\opqnlj.dll ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1240798136\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\.DEFAULT..\Run: [opmjijdrv] C:\WINDOWS\System32\awtssr.dll ()
O4 - HKU\.DEFAULT..\Run: [vtrsrssys] C:\WINDOWS\System32\opqnlj.dll ()
O4 - HKU\S-1-5-18..\Run: [opmjijdrv] C:\WINDOWS\System32\awtssr.dll ()
O4 - HKU\S-1-5-18..\Run: [vtrsrssys] C:\WINDOWS\System32\opqnlj.dll ()
O4 - HKU\S-1-5-21-1614895754-1085031214-725345543-1004..\Run: [ddayvwdrv] C:\WINDOWS\System32\awtssr.dll ()
O4 - HKLM..\RunServices: [AOLSoftwareaexplore] c:\Program Files\Common Files\AOL\1240798136\ee\services\browserapp\ver2_1_28_1\resources\en-US\aexploreLibraries.exe ()
O4 - HKLM..\RunServices: [AresCore] c:\Program Files\AOL 9.1\media\PhobosCDDBControlAOL.exe ()
O4 - HKLM..\RunServices: [enhancedFavoritesenhFav] c:\Program Files\Common Files\AOL\1240798136\ee\services\enhancedFavorites\ver1_5_4_1\enhancedFavoritesenhFav.exe ()
O4 - HKLM..\RunServices: [launchlaunch9961] C:\DOCUME~1\JONATH~1\LOCALS~1\Temp\CpVK.exe File not found
O4 - HKLM..\RunServices: [PhobosCDDBControl] Reg Error: Value error. File not found
O4 - HKLM..\RunServices: [QuickTimeResourcesQuickTime] c:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.Resources\ko.lproj\QuickTimeQuickTimeResources.exe ()
O4 - HKLM..\RunServices: [ServiceAOLLaunch] C:\Program Files\AOL\AOLDesktop\AOLLaunchService.exe ()
O4 - HKLM..\RunServices: [ServiceAOLSoftware] Reg Error: Value error. File not found
O4 - HKLM..\RunServices: [ServiceNotification] C:\Program Files\Common Files\AOL\1240798136\ee\services\notification\ver6_4_1_1\NotifyService.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-1085031214-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-1614895754-1085031214-725345543-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.146,85.255.112.76
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (opqnlj.dll) - C:\WINDOWS\System32\opqnlj.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/25 18:19:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a99dc288-32c7-11de-8861-00038a000015}\Shell\AutoRun\command - "" = F:\PortableApps\geekMenu\GeekMenu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/04/25 18:19:04 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Jonathan Fox^Start Menu^Programs^Startup^AOL Desktop.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe - (AOL LLC)
MsConfig - StartUpReg: AOLLaunchLibraries - hkey= - key= - C:\program files\aol\aoldesktop\aollaunchservice.exe File not found
MsConfig - StartUpReg: AOLSoftwareLibraries - hkey= - key= - c:\program files\common files\aol\1240798136\ee\services\browserapp\ver2_1_28_1\resources\en-us\aexplorelibraries.exe File not found
MsConfig - StartUpReg: ar37kjuvcl4o - hkey= - key= - C:\Documents and Settings\Jonathan Fox\Local Settings\Temp\m.28F.tmp.exe File not found
MsConfig - StartUpReg: awwvutsys - hkey= - key= - File not found
MsConfig - StartUpReg: bywxwusys - hkey= - key= - File not found
MsConfig - StartUpReg: byywvudrv - hkey= - key= - File not found
MsConfig - StartUpReg: cbxvvusys - hkey= - key= - File not found
MsConfig - StartUpReg: cbxwwtsys - hkey= - key= - File not found
MsConfig - StartUpReg: cbxxyxsys - hkey= - key= - File not found
MsConfig - StartUpReg: Desktop Security 2010 - hkey= - key= - C:\Documents and Settings\Jonathan Fox\Application Data\Desktop Security 2010\Desktop Security 2010.exe File not found
MsConfig - StartUpReg: efcaywdrv - hkey= - key= - File not found
MsConfig - StartUpReg: effdefdrv - hkey= - key= - File not found
MsConfig - StartUpReg: fcccdbsys - hkey= - key= - File not found
MsConfig - StartUpReg: gedbccdrv - hkey= - key= - File not found
MsConfig - StartUpReg: hgfgdadrv - hkey= - key= - File not found
MsConfig - StartUpReg: hgggfedrv - hkey= - key= - File not found
MsConfig - StartUpReg: iiihiidrv - hkey= - key= - File not found
MsConfig - StartUpReg: iqaqgkvg - hkey= - key= - C:\Documents and Settings\Jonathan Fox\Local Settings\Application Data\fgexfgjyl\fshxodntssd.exe File not found
MsConfig - StartUpReg: jkhhhhdrv - hkey= - key= - File not found
MsConfig - StartUpReg: jkjgebdrv - hkey= - key= - File not found
MsConfig - StartUpReg: jkjjkhsys - hkey= - key= - File not found
MsConfig - StartUpReg: jkkklidrv - hkey= - key= - File not found
MsConfig - StartUpReg: jkklihdrv - hkey= - key= - File not found
MsConfig - StartUpReg: khgfgfdrv - hkey= - key= - File not found
MsConfig - StartUpReg: khggdadrv - hkey= - key= - File not found
MsConfig - StartUpReg: mlijihdrv - hkey= - key= - File not found
MsConfig - StartUpReg: mlmllmsys - hkey= - key= - File not found
MsConfig - StartUpReg: nnkjkkdrv - hkey= - key= - File not found
MsConfig - StartUpReg: nnmlihdrv - hkey= - key= - File not found
MsConfig - StartUpReg: nnmmmmdrv - hkey= - key= - File not found
MsConfig - StartUpReg: NotificationNotify - hkey= - key= - C:\program files\common files\aol\1240798136\ee\services\notification\ver6_4_1_1\notifyservice.exe File not found
MsConfig - StartUpReg: PathfinderAres - hkey= - key= - c:\program files\aol 9.1\media\phoboscddbcontrolaol.exe File not found
MsConfig - StartUpReg: pebbmwfg - hkey= - key= - C:\Documents and Settings\Jonathan Fox\Local Settings\Application Data\ahdgwfxpm\mvullgptssd.exe File not found
MsConfig - StartUpReg: pmlkigsys - hkey= - key= - File not found
MsConfig - StartUpReg: qommkidrv - hkey= - key= - File not found
MsConfig - StartUpReg: RegistryQuick.exe - hkey= - key= - C:\Program Files\Rq\RegistryQuick.exe File not found
MsConfig - StartUpReg: SecurityCenter - hkey= - key= - C:\Documents and Settings\Jonathan Fox\Application Data\Desktop Security 2010\securitycenter.exe File not found
MsConfig - StartUpReg: ServiceNotification - hkey= - key= - c:\program files\common files\aol\1240798136\ee\services\notification\ver6_4_1_1\notifyservice.exe File not found
MsConfig - StartUpReg: ssqqnmdrv - hkey= - key= - File not found
MsConfig - StartUpReg: tuvuvwsys - hkey= - key= - File not found
MsConfig - StartUpReg: tuvvspdrv - hkey= - key= - File not found
MsConfig - StartUpReg: Uniblue RegistryBooster 2009 - hkey= - key= - C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
MsConfig - StartUpReg: urrsstdrv - hkey= - key= - File not found
MsConfig - StartUpReg: utijlaunch - hkey= - key= - C:\DOCUME~1\JONATH~1\LOCALS~1\Temp\CpVK.exe File not found
MsConfig - StartUpReg: vtrsspsys - hkey= - key= - File not found
MsConfig - StartUpReg: vttrqodrv - hkey= - key= - File not found
MsConfig - StartUpReg: vttsqqsys - hkey= - key= - File not found
MsConfig - StartUpReg: vtuvvvdrv - hkey= - key= - File not found
MsConfig - StartUpReg: yaawwxdrv - hkey= - key= - File not found
MsConfig - StartUpReg: yabbawdrv - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/04 14:10:36 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jonathan Fox\My Documents\OTL.exe
[2010/05/04 02:53:21 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/04 02:53:21 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/04 02:53:20 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/04 02:53:18 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/04 02:53:17 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/04 02:53:17 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/04 02:53:16 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/04 02:51:42 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/04 02:51:42 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/04 00:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/04 00:29:01 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Jonathan Fox\My Documents\AHAH.exe
[2010/05/03 22:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/03 22:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/03 22:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/05/03 22:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/05/03 22:11:55 | 008,116,768 | ---- | C] (IObit ) -- C:\Documents and Settings\Jonathan Fox\My Documents\is360setup141.exe
[2010/05/03 22:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan Fox\Application Data\WinPatrol
[2010/05/03 22:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/05/03 22:11:25 | 000,993,992 | ---- | C] (BillP Studios) -- C:\Documents and Settings\Jonathan Fox\My Documents\wpcsetup.exe
[2010/05/03 21:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan Fox\Application Data\CheckPoint
[2010/05/03 21:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/05/03 21:41:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/05/03 21:19:35 | 000,060,928 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/05/03 21:19:35 | 000,030,320 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/05/03 21:19:34 | 000,054,920 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/05/03 21:19:34 | 000,024,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/05/03 21:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/05/03 21:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/05/03 21:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan Fox\Application Data\Malwarebytes
[2010/05/03 20:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/03 20:38:23 | 000,931,736 | ---- | C] (Prevx) -- C:\Documents and Settings\Jonathan Fox\My Documents\PREVXCSIFREE.EXE
[2010/05/02 08:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan Fox\My Documents\Gmer
[2010/05/02 07:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/02 07:52:32 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jonathan Fox\My Documents\HJTInstall.exe
[2010/04/29 04:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\GMUD32
[2010/04/29 03:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan Fox\Application Data\Sun
[2010/04/29 00:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/29 00:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/29 00:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/29 00:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/29 00:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Rq
[2010/04/29 00:39:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/04/29 00:33:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/04/28 23:44:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/19 16:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/04/25 22:12:44 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/04 14:10:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan Fox\My Documents\OTL.exe
[2010/05/04 14:01:48 | 000,000,683 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/04 02:53:22 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/04 02:53:18 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/04 02:52:16 | 048,417,032 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\My Documents\setup_av_free.exe
[2010/05/04 02:29:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/04 02:29:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/04 02:28:11 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\NTUSER.DAT
[2010/05/04 02:28:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jonathan Fox\ntuser.ini
[2010/05/04 02:24:49 | 048,417,032 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\My Documents\random.exe
[2010/05/04 00:32:51 | 000,117,972 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\My Documents\cc_20100504_003234.reg
[2010/05/04 00:29:13 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\Desktop\CCleaner.lnk
[2010/05/04 00:28:57 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Jonathan Fox\My Documents\AHAH.exe
[2010/05/03 22:21:13 | 004,313,572 | -H-- | M] () -- C:\Documents and Settings\Jonathan Fox\Local Settings\Application Data\IconCache.db
[2010/05/03 22:12:12 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/05/03 22:11:56 | 008,116,768 | ---- | M] (IObit ) -- C:\Documents and Settings\Jonathan Fox\My Documents\is360setup141.exe
[2010/05/03 22:11:20 | 000,993,992 | ---- | M] (BillP Studios) -- C:\Documents and Settings\Jonathan Fox\My Documents\wpcsetup.exe
[2010/05/03 22:08:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/03 22:08:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/05/03 21:46:16 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/03 21:19:35 | 000,060,928 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/05/03 21:19:35 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/05/03 21:19:34 | 000,054,920 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/05/03 21:19:34 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/05/03 21:19:30 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/03 21:19:23 | 000,931,736 | ---- | M] (Prevx) -- C:\Documents and Settings\Jonathan Fox\My Documents\PREVXCSIFREE.EXE
[2010/05/03 20:20:30 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\NTUSER.bak
[2010/05/03 18:36:52 | 000,031,759 | ---- | M] () -- C:\WINDOWS\Sysvxd.exe
[2010/05/03 00:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/02 16:58:38 | 000,005,846 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\My Documents\Arcanine_and_Growlithe_by_shorty_antics_27.png.jpeg
[2010/05/02 16:54:38 | 000,007,098 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\My Documents\Growlithe18.jpg
[2010/05/02 08:21:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\defogger_reenable
[2010/05/02 08:20:52 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\My Documents\Defogger.exe
[2010/05/02 08:18:07 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\My Documents\dds.scr
[2010/05/02 07:52:39 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\Desktop\HijackThis.lnk
[2010/05/02 07:52:34 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Jonathan Fox\My Documents\HJTInstall.exe
[2010/04/30 21:55:55 | 000,056,335 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\My Documents\27110_325356911501_325350981501_4066479_6387978_n.jpg
[2010/04/30 00:06:12 | 000,095,232 | ---- | M] () -- C:\WINDOWS\System32\awtssr.dll
[2010/04/30 00:01:01 | 000,089,088 | ---- | M] () -- C:\WINDOWS\System32\opqnlj.dll
[2010/04/29 04:52:49 | 000,000,727 | ---- | M] () -- C:\WINDOWS\Gmud.INI
[2010/04/29 02:09:15 | 000,000,474 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\Desktop\Shortcut to Documents and Settings.lnk
[2010/04/29 01:09:21 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\My Documents\rkill.com
[2010/04/28 09:14:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/26 22:59:04 | 000,071,336 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\My Documents\optimus_prime.jpg
[2010/04/26 22:57:35 | 000,139,850 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\My Documents\green_lantern_corps.jpg
[2010/04/26 19:31:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/25 18:17:58 | 000,170,646 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\Desktop\NO$GBA.EXE
[2010/04/25 02:12:39 | 000,006,412 | ---- | M] () -- C:\Pokemon Trading Card Game.clt
[2010/04/24 01:59:28 | 000,074,097 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\My Documents\Jenny.jpg
[2010/04/23 01:28:20 | 000,008,412 | ---- | M] () -- C:\Final Fantasy Tactics Advance.clt
[2010/04/23 01:09:01 | 000,008,412 | ---- | M] () -- C:\Lufia - The Ruins of Lore.clt
[2010/04/23 00:02:07 | 000,008,412 | ---- | M] () -- C:\Breath of Fire.clt
[2010/04/22 23:28:03 | 000,008,412 | ---- | M] () -- C:\Legend of Zelda - The Minish Cap, The.clt
[2010/04/22 23:15:29 | 000,008,412 | ---- | M] () -- C:\Harvest Moon - Friends of Mineral Town.clt
[2010/04/20 06:18:06 | 000,008,412 | ---- | M] () -- C:\Golden Sun.clt
[2010/04/19 23:12:01 | 002,766,636 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\My Documents\DSC00324.JPG
[2010/04/19 23:11:10 | 001,538,036 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\My Documents\100_0924.JPG
[2010/04/14 09:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 09:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 09:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 09:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 09:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 09:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 09:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 09:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 09:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/09 03:57:23 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\Jonathan Fox\My Documents\GreenLantern_006.jpg
[2010/04/08 14:26:27 | 000,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/08 14:26:27 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/08 14:26:27 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/04 02:53:22 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/04 02:52:18 | 048,417,032 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\My Documents\setup_av_free.exe
[2010/05/04 00:32:38 | 000,117,972 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\My Documents\cc_20100504_003234.reg
[2010/05/04 00:29:13 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\Desktop\CCleaner.lnk
[2010/05/03 22:51:08 | 048,417,032 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\My Documents\random.exe
[2010/05/03 22:12:12 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/05/03 21:46:16 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/03 20:38:31 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/02 22:53:34 | 000,170,646 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\Desktop\NO$GBA.EXE
[2010/05/02 16:58:37 | 000,005,846 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\My Documents\Arcanine_and_Growlithe_by_shorty_antics_27.png.jpeg
[2010/05/02 16:54:35 | 000,007,098 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\My Documents\Growlithe18.jpg
[2010/05/02 08:21:29 | 000,000,486 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\defogger_disable.log
[2010/05/02 08:21:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\defogger_reenable
[2010/05/02 08:20:52 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\My Documents\Defogger.exe
[2010/05/02 08:18:06 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\My Documents\dds.scr
[2010/05/02 07:52:39 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\Desktop\HijackThis.lnk
[2010/04/30 21:55:47 | 000,056,335 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\My Documents\27110_325356911501_325350981501_4066479_6387978_n.jpg
[2010/04/30 00:06:10 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\awtssr.dll
[2010/04/30 00:01:01 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\opqnlj.dll
[2010/04/29 20:35:46 | 000,031,759 | ---- | C] () -- C:\WINDOWS\Sysvxd.exe
[2010/04/29 18:55:35 | 000,011,376 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\hs_err_pid3536.log
[2010/04/29 04:48:34 | 000,000,727 | ---- | C] () -- C:\WINDOWS\Gmud.INI
[2010/04/29 02:09:15 | 000,000,474 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\Desktop\Shortcut to Documents and Settings.lnk
[2010/04/29 01:09:26 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\My Documents\rkill.com
[2010/04/26 22:59:03 | 000,071,336 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\My Documents\optimus_prime.jpg
[2010/04/26 22:57:34 | 000,139,850 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\My Documents\green_lantern_corps.jpg
[2010/04/25 02:12:39 | 000,006,412 | ---- | C] () -- C:\Pokemon Trading Card Game.clt
[2010/04/24 01:59:18 | 000,074,097 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\My Documents\Jenny.jpg
[2010/04/23 01:09:01 | 000,008,412 | ---- | C] () -- C:\Lufia - The Ruins of Lore.clt
[2010/04/23 00:02:07 | 000,008,412 | ---- | C] () -- C:\Breath of Fire.clt
[2010/04/22 23:28:03 | 000,008,412 | ---- | C] () -- C:\Legend of Zelda - The Minish Cap, The.clt
[2010/04/22 23:15:29 | 000,008,412 | ---- | C] () -- C:\Harvest Moon - Friends of Mineral Town.clt
[2010/04/20 06:18:06 | 000,008,412 | ---- | C] () -- C:\Golden Sun.clt
[2010/04/20 03:56:17 | 000,008,412 | ---- | C] () -- C:\Final Fantasy Tactics Advance.clt
[2010/04/19 23:11:07 | 002,766,636 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\My Documents\DSC00324.JPG
[2010/04/19 23:10:45 | 001,538,036 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\My Documents\100_0924.JPG
[2010/04/09 03:57:19 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\Jonathan Fox\My Documents\GreenLantern_006.jpg
[2009/06/25 01:16:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\rwfyomd.sys
[2009/04/26 21:02:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2009/04/25 22:13:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009/04/25 18:30:46 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/05/03 11:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/08/12 07:04:51 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/12 06:58:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003/10/02 10:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/12 06:57:12 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2004/08/12 06:57:12 | 000,201,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2004/08/12 06:58:00 | 000,249,344 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/04/25 07:11:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/25 07:11:33 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/25 07:11:33 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >
[2009/11/29 15:35:04 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >



Extras.txt:


OTL Extras logfile created on: 5/4/2010 2:11:28 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Jonathan Fox\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 91.00 Mb Available Physical Memory | 18.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 38.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 213.13 Gb Free Space | 71.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JONATHAN
Current User Name: Jonathan Fox
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1614895754-1085031214-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1240798136\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1240798136\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1240798136\ee\AOLDesktop.exe" = C:\Program Files\Common Files\AOL\1240798136\ee\AOLDesktop.exe:*:Enabled:AOL Desktop -- (AOL LLC)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Documents and Settings\Jonathan Fox\My Documents\DE_Full-Client_Downloader.exe" = C:\Documents and Settings\Jonathan Fox\My Documents\DE_Full-Client_Downloader.exe:*:Enabled:Full-Client Downloader -- File not found
"C:\WINDOWS\system32\drivers\svchost.exe" = C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeā„¢ 4.2
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Regclient" = AOL Registration
"AOL Toolbar" = AOL Toolbar for Internet Explorer
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
"Ask Toolbar_is1" = Ask Toolbar
"avast5" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"IObit Security 360_is1" = IObit Security 360
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PCSI" = Prevx
"PROR" = Microsoft Office Professional 2007 Trial
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Startup Manager 1.5_is1" = Startup Manager 1.5
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Veoh Web Player Beta" = Veoh Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-1085031214-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/27/2010 12:07:44 AM | Computer Name = JONATHAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: 404 (HTTP Response Status)

Error - 2/27/2010 12:07:44 AM | Computer Name = JONATHAN | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/27/2010 12:07:44 AM | Computer Name = JONATHAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/1/2010 4:07:33 AM | Computer Name = JONATHAN | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/1/2010 4:07:33 AM | Computer Name = JONATHAN | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/1/2010 4:07:34 AM | Computer Name = JONATHAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: 404 (HTTP Response Status)

Error - 3/1/2010 4:07:34 AM | Computer Name = JONATHAN | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/1/2010 4:07:34 AM | Computer Name = JONATHAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/5/2010 5:17:36 AM | Computer Name = JONATHAN | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/5/2010 5:17:36 AM | Computer Name = JONATHAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: 404 (HTTP Response Status)

[ System Events ]
Error - 5/4/2010 3:41:32 AM | Computer Name = JONATHAN | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/4/2010 3:42:38 AM | Computer Name = JONATHAN | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 3 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/4/2010 3:42:40 AM | Computer Name = JONATHAN | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
3 time(s).

Error - 5/4/2010 3:42:54 AM | Computer Name = JONATHAN | Source = Service Control Manager | ID = 7034
Description = The WAN Miniport (ATW) Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/4/2010 5:04:07 AM | Computer Name = JONATHAN | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A0717E52-8AC8-4DD9-8682-0B76775125E6}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 5/4/2010 5:20:55 AM | Computer Name = JONATHAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 5/4/2010 5:29:48 AM | Computer Name = JONATHAN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AOL Connectivity Service
service to connect.

Error - 5/4/2010 5:29:48 AM | Computer Name = JONATHAN | Source = Service Control Manager | ID = 7000
Description = The AOL Connectivity Service service failed to start due to the following
error: %%1053

Error - 5/4/2010 5:29:49 AM | Computer Name = JONATHAN | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/4/2010 5:34:43 AM | Computer Name = JONATHAN | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >

Edited by JonFox, 05 May 2010 - 01:31 PM.


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:16 PM

Posted 05 May 2010 - 06:21 PM

Hi jonfox,

Thanks for letting me know about the issues you are having, I wouldn't worry too much about it for now though.


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or Avira.



Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#5 JonFox

JonFox
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 05 May 2010 - 07:08 PM

I wasn't sure which program was better, Avast or Avira. So I got rid of Avira. Avast seems easier to follow and use. Plus it detects things and tells me what they are, unlike Avira. Here's the ComboFix Log:



ComboFix 10-05-05.04 - Jonathan Fox 05/04/2010 19:53:25.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.107 [GMT -7:00]
Running from: c:\documents and settings\Jonathan Fox\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jonathan Fox\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.lnk
c:\program files\WindowsUpdate
c:\windows\system32\awtssr.dll
c:\windows\system32\opqnlj.dll
c:\windows\Sysvxd.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gxvxcserv.sys
-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-04 09:53 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-04 09:53 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-04 09:53 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-04 09:53 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-04 09:53 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-04 09:53 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-04 09:53 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-04 09:51 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-04 09:51 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-04 07:29 . 2010-05-04 07:29 -------- d-----w- c:\program files\CCleaner
2010-05-04 05:52 . 2010-05-04 05:52 -------- d-----w- c:\program files\Alwil Software
2010-05-04 05:52 . 2010-05-04 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-04 05:12 . 2010-05-04 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-05-04 05:12 . 2010-05-04 05:12 -------- d-----w- c:\program files\IObit
2010-05-04 05:11 . 2009-04-26 01:19 0 ----a-w- c:\documents and settings\Jonathan Fox\Application Data\WinPatrol\Config.sys
2010-05-04 05:11 . 2010-05-04 05:11 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\WinPatrol
2010-05-04 05:11 . 2009-04-26 01:19 0 ----a-w- c:\documents and settings\Jonathan Fox\Application Data\WinPatrol\Autoexec.bat
2010-05-04 05:11 . 2010-05-04 05:11 -------- d-----w- c:\program files\BillP Studios
2010-05-04 04:46 . 2010-05-04 05:03 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\CheckPoint
2010-05-04 04:46 . 2010-05-04 05:05 -------- d-----w- c:\program files\CheckPoint
2010-05-04 04:46 . 2010-05-04 04:46 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-04 04:41 . 2010-05-04 05:07 -------- d-----w- c:\windows\Internet Logs
2010-05-04 04:19 . 2010-05-04 04:19 60928 ----a-w- c:\windows\system32\PxSecure.dll
2010-05-04 04:19 . 2010-05-04 04:19 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-05-04 04:19 . 2010-05-04 04:19 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-05-04 04:19 . 2010-05-04 04:19 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-05-04 04:19 . 2010-05-04 04:19 -------- d-----w- c:\program files\Prevx
2010-05-04 04:19 . 2010-05-04 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-05-04 04:16 . 2010-05-04 04:16 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\Malwarebytes
2010-05-04 03:57 . 2010-05-04 04:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-02 14:52 . 2010-05-02 14:52 -------- d-----w- c:\program files\Trend Micro
2010-04-29 11:48 . 2010-04-29 12:05 -------- d-----w- c:\program files\GMUD32
2010-04-29 07:48 . 2010-04-29 08:26 -------- d-----w- c:\program files\Spyware Doctor
2010-04-29 07:48 . 2010-04-29 08:26 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-29 07:48 . 2010-04-29 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-29 07:48 . 2010-04-29 08:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-29 07:47 . 2010-04-29 07:54 -------- d-----w- c:\program files\Rq
2010-04-19 23:45 . 2010-04-19 23:45 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 09:27 . 2009-04-27 01:30 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\uTorrent
2010-04-29 07:33 . 2009-04-27 09:44 -------- d-----w- c:\program files\Google
2010-04-28 07:06 . 2009-12-06 23:42 -------- d-----w- c:\program files\PeerBlock
2010-04-27 02:22 . 2009-06-01 04:20 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\Skype
2010-04-26 23:05 . 2009-06-01 04:21 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\skypePM
2010-03-26 05:56 . 2009-05-14 06:49 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\DivX
2010-03-23 01:44 . 2010-03-23 01:44 -------- d-----w- c:\program files\Funcom
2010-03-20 08:00 . 2010-03-20 07:45 -------- d-----w- c:\program files\StarWarsGalaxies
2010-03-20 07:45 . 2010-03-20 07:45 -------- d-----w- c:\program files\Sony
2010-03-15 06:31 . 2009-04-27 01:30 -------- d-----w- c:\program files\uTorrent
2009-06-25 08:16 . 2009-06-25 08:16 8 ----a-w- c:\program files\fxxp.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976]
"HostManager"="c:\program files\Common Files\AOL\1240798136\ee\AOLSoftware.exe" [2008-06-24 41824]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-25 1280272]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan Fox^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=c:\documents and settings\Jonathan Fox\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=c:\windows\pss\AOL Desktop.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1240798136\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\AOL\\1240798136\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/9/2009 12:59 AM 64160]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [5/3/2010 9:19 PM 30320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2010 2:53 AM 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2010 2:53 AM 19024]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [5/3/2010 9:19 PM 6364992]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [5/3/2010 9:19 PM 54920]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [5/3/2010 9:19 PM 24400]
S0 klmdb;klmdb;c:\windows\system32\drivers\klmdb.sys --> c:\windows\system32\drivers\klmdb.sys [?]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [5/3/2010 10:12 PM 311568]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [12/6/2009 4:42 PM 14424]
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2010-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-12-05 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2009-11-14 00:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ddayvwdrv - awtssr.dll
HKLM-Run-fcbbyasys - opqnlj.dll
HKLM-Run-byvtqrdrv - awtssr.dll
HKU-Default-Run-vtrsrssys - opqnlj.dll
HKU-Default-Run-opmjijdrv - awtssr.dll
MSConfigStartUp-AOLLaunchLibraries - c:\program files\aol\aoldesktop\aollaunchservice.exe
MSConfigStartUp-AOLSoftwareLibraries - c:\program files\common files\aol\1240798136\ee\services\browserapp\ver2_1_28_1\resources\en-us\aexplorelibraries.exe
MSConfigStartUp-ar37kjuvcl4o - c:\documents and settings\Jonathan Fox\Local Settings\Temp\m.28F.tmp.exe
MSConfigStartUp-awwvutsys - opqnlj.dll
MSConfigStartUp-bywxwusys - opqnlj.dll
MSConfigStartUp-byywvudrv - awtssr.dll
MSConfigStartUp-cbxvvusys - opqnlj.dll
MSConfigStartUp-cbxwwtsys - opqnlj.dll
MSConfigStartUp-cbxxyxsys - opqnlj.dll
MSConfigStartUp-Desktop Security 2010 - c:\documents and settings\Jonathan Fox\Application Data\Desktop Security 2010\Desktop Security 2010.exe
MSConfigStartUp-efcaywdrv - awtssr.dll
MSConfigStartUp-effdefdrv - awtssr.dll
MSConfigStartUp-fcccdbsys - opqnlj.dll
MSConfigStartUp-gedbccdrv - awtssr.dll
MSConfigStartUp-hgfgdadrv - awtssr.dll
MSConfigStartUp-hgggfedrv - awtssr.dll
MSConfigStartUp-iiihiidrv - awtssr.dll
MSConfigStartUp-iqaqgkvg - c:\documents and settings\Jonathan Fox\Local Settings\Application Data\fgexfgjyl\fshxodntssd.exe
MSConfigStartUp-jkhhhhdrv - awtssr.dll
MSConfigStartUp-jkjgebdrv - awtssr.dll
MSConfigStartUp-jkjjkhsys - opqnlj.dll
MSConfigStartUp-jkkklidrv - awtssr.dll
MSConfigStartUp-jkklihdrv - awtssr.dll
MSConfigStartUp-khgfgfdrv - awtssr.dll
MSConfigStartUp-khggdadrv - awtssr.dll
MSConfigStartUp-mlijihdrv - awtssr.dll
MSConfigStartUp-mlmllmsys - opqnlj.dll
MSConfigStartUp-nnkjkkdrv - awtssr.dll
MSConfigStartUp-nnmlihdrv - awtssr.dll
MSConfigStartUp-nnmmmmdrv - awtssr.dll
MSConfigStartUp-NotificationNotify - c:\program files\common files\aol\1240798136\ee\services\notification\ver6_4_1_1\notifyservice.exe
MSConfigStartUp-PathfinderAres - c:\program files\aol 9.1\media\phoboscddbcontrolaol.exe
MSConfigStartUp-pebbmwfg - c:\documents and settings\Jonathan Fox\Local Settings\Application Data\ahdgwfxpm\mvullgptssd.exe
MSConfigStartUp-pmlkigsys - opqnlj.dll
MSConfigStartUp-qommkidrv - awtssr.dll
MSConfigStartUp-RegistryQuick - c:\program files\Rq\RegistryQuick.exe
MSConfigStartUp-SecurityCenter - c:\documents and settings\Jonathan Fox\Application Data\Desktop Security 2010\securitycenter.exe
MSConfigStartUp-ServiceNotification - c:\program files\common files\aol\1240798136\ee\services\notification\ver6_4_1_1\notifyservice.exe
MSConfigStartUp-ssqqnmdrv - awtssr.dll
MSConfigStartUp-tuvuvwsys - opqnlj.dll
MSConfigStartUp-tuvvspdrv - awtssr.dll
MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
MSConfigStartUp-urrsstdrv - awtssr.dll
MSConfigStartUp-utijlaunch - c:\docume~1\JONATH~1\LOCALS~1\Temp\CpVK.exe
MSConfigStartUp-vtrsspsys - opqnlj.dll
MSConfigStartUp-vttrqodrv - awtssr.dll
MSConfigStartUp-vttsqqsys - opqnlj.dll
MSConfigStartUp-vtuvvvdrv - awtssr.dll
MSConfigStartUp-yaawwxdrv - awtssr.dll
MSConfigStartUp-yabbawdrv - awtssr.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 20:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-04 20:06:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-05 03:06

Pre-Run: 228,914,688,000 bytes free
Post-Run: 229,008,601,088 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 7BA9B506426E4530610500EE2D8FD9A2



Those awtssr.dll files have been harassing me for a couple days now and I can't seem to get rid of them.

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:16 PM

Posted 06 May 2010 - 11:08 AM

I have recently switch from Avira to Avast and I do prefer Avast. Can you tell me how the computer is running now?
  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.

unite.jpg


#7 JonFox

JonFox
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 06 May 2010 - 05:37 PM

Hey. Thanks for you help, again. Uhh...My computer seems to've gotten slower. Lol. It locks up on occaision and is being a massive pain in my back side. Here's the gmer log.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-05 18:35:34
Windows 5.1.2600 Service Pack 2
Running: 6e80ccbe.exe; Driver: C:\DOCUME~1\JONATH~1\LOCALS~1\Temp\fwrcypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xAAD5958E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAADC0C08]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAADC0AC4]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xAAD595C8]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteKey [0xAAD593B0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteValueKey [0xAAD59428]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAADC069A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAADC0B9E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xAAD598DC]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xAAD597B8]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xAAD59654]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAADC0CBE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAADC1146]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAADC0C7E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xAAD59550]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetValueKey [0xAAD594B6]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xAAD59A10]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xAAD596D8]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xAAD59710]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAADCD50A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAADCD32E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAADCD468]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP AADCA97E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 8056469B 7 Bytes JMP AADCD332 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 805820F6 7 Bytes JMP AADCD50E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A29A4 5 Bytes JMP AADC94AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A5972 7 Bytes JMP AADCD46C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 01DF65A6 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01BF0001
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateThread 7C810647 2 Bytes JMP 01DF5BFC C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateThread + 3 7C81064A 2 Bytes [5E, 85]
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[1596] USER32.dll!SetWindowTextW 77D4BADE 5 Bytes JMP 01DF629F C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\WINDOWS\system32\hkcmd.exe[1684] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[1684] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\hkcmd.exe[1684] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[1684] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\hkcmd.exe[1684] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00EF0001
.text C:\WINDOWS\system32\hkcmd.exe[1684] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\hkcmd.exe[1684] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\hkcmd.exe[1684] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\hkcmd.exe[1684] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[1684] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[1684] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\hkcmd.exe[1684] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 02160001
.text C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[476] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1240798136\ee\AOLSoftware.exe[1692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxccxejbfsodoulktfotgoyebxnktlmhxen.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxccxejbfsodoulktfotgoyebxnktlmhxen.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcxoxujpvvkypuwthfqtwqxotsvcafhnvr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxccxejbfsodoulktfotgoyebxnktlmhxen.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxccxejbfsodoulktfotgoyebxnktlmhxen.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcxoxujpvvkypuwthfqtwqxotsvcafhnvr.dll

---- EOF - GMER 1.0.15 ----



I'm an idiot when it comes to this stuff and I have no idea what the heck it is I'm lookin' at. Lol.

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:16 PM

Posted 06 May 2010 - 05:45 PM

Your welcome matey, Im not sure why it would have gotten slower your logs are looking better, can you run combofix again and post the new log please. Also please run a quick scan with Malwarebytes and post that log
aswell, thanks.

unite.jpg


#9 JonFox

JonFox
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 06 May 2010 - 05:47 PM

I'll definately run ComboFix again. But here's the issue: Malwarebytes doesn't run on my computer. It installs and everything, but when I click the icon to run the program, nothing happens. It just kinda....sits there. Like a waste of space on my computer. I had it before and it worked maybe twice and then stopped.

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:16 PM

Posted 06 May 2010 - 05:54 PM

Try renaming mbam.exe to syler.exe and see if it will run then.

unite.jpg


#11 JonFox

JonFox
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 06 May 2010 - 06:03 PM

Alright. I'll try that. Here's the latest ComboFix log.


ComboFix 10-05-05.0D - Jonathan Fox 05/05/2010 18:55:52.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.274 [GMT -7:00]
Running from: c:\documents and settings\Jonathan Fox\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-05 03:45 . 2010-05-05 03:45 -------- d-----w- c:\windows\ServicePackFiles
2010-05-05 03:24 . 2010-05-05 03:38 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-05-05 03:22 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-05 03:22 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-05-05 03:21 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-05 03:17 . 2010-02-16 13:17 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-05-05 03:17 . 2010-02-16 13:19 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-05-05 03:17 . 2010-02-16 12:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-05-05 03:17 . 2010-02-16 12:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-05-05 03:11 . 2010-05-05 04:00 -------- d--h--w- c:\windows\$hf_mig$
2010-05-05 03:06 . 2010-05-05 03:06 90424 ----a-w- c:\documents and settings\Jonathan Fox\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-04 09:53 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-04 09:53 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-04 09:53 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-04 09:53 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-04 09:53 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-04 09:53 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-04 09:53 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-04 09:51 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-04 09:51 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-04 07:29 . 2010-05-04 07:29 -------- d-----w- c:\program files\CCleaner
2010-05-04 05:52 . 2010-05-04 05:52 -------- d-----w- c:\program files\Alwil Software
2010-05-04 05:52 . 2010-05-04 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-04 05:12 . 2010-05-04 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-05-04 05:12 . 2010-05-04 05:12 -------- d-----w- c:\program files\IObit
2010-05-04 05:11 . 2009-04-26 01:19 0 ----a-w- c:\documents and settings\Jonathan Fox\Application Data\WinPatrol\Config.sys
2010-05-04 05:11 . 2010-05-04 05:11 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\WinPatrol
2010-05-04 05:11 . 2009-04-26 01:19 0 ----a-w- c:\documents and settings\Jonathan Fox\Application Data\WinPatrol\Autoexec.bat
2010-05-04 05:11 . 2010-05-04 05:11 -------- d-----w- c:\program files\BillP Studios
2010-05-04 04:46 . 2010-05-04 05:03 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\CheckPoint
2010-05-04 04:46 . 2010-05-04 05:05 -------- d-----w- c:\program files\CheckPoint
2010-05-04 04:46 . 2010-05-04 04:46 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-04 04:41 . 2010-05-04 05:07 -------- d-----w- c:\windows\Internet Logs
2010-05-04 04:19 . 2010-05-04 04:19 60928 ----a-w- c:\windows\system32\PxSecure.dll
2010-05-04 04:19 . 2010-05-04 04:19 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-05-04 04:19 . 2010-05-04 04:19 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-05-04 04:19 . 2010-05-04 04:19 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-05-04 04:19 . 2010-05-04 04:19 -------- d-----w- c:\program files\Prevx
2010-05-04 04:19 . 2010-05-04 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-05-04 04:16 . 2010-05-04 04:16 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\Malwarebytes
2010-05-04 03:57 . 2010-05-04 04:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-02 14:52 . 2010-05-02 14:52 -------- d-----w- c:\program files\Trend Micro
2010-04-29 11:48 . 2010-04-29 12:05 -------- d-----w- c:\program files\GMUD32
2010-04-29 07:48 . 2010-04-29 08:26 -------- d-----w- c:\program files\Spyware Doctor
2010-04-29 07:48 . 2010-04-29 08:26 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-29 07:48 . 2010-04-29 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-29 07:48 . 2010-04-29 08:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-29 07:47 . 2010-04-29 07:54 -------- d-----w- c:\program files\Rq
2010-04-19 23:45 . 2010-04-19 23:45 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 09:27 . 2009-04-27 01:30 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\uTorrent
2010-04-29 07:33 . 2009-04-27 09:44 -------- d-----w- c:\program files\Google
2010-04-28 07:06 . 2009-12-06 23:42 -------- d-----w- c:\program files\PeerBlock
2010-04-27 02:22 . 2009-06-01 04:20 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\Skype
2010-04-26 23:05 . 2009-06-01 04:21 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\skypePM
2010-03-26 05:56 . 2009-05-14 06:49 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\DivX
2010-03-23 01:44 . 2010-03-23 01:44 -------- d-----w- c:\program files\Funcom
2010-03-20 08:00 . 2010-03-20 07:45 -------- d-----w- c:\program files\StarWarsGalaxies
2010-03-20 07:45 . 2010-03-20 07:45 -------- d-----w- c:\program files\Sony
2010-03-15 06:31 . 2009-04-27 01:30 -------- d-----w- c:\program files\uTorrent
2010-03-10 08:02 . 2004-08-12 14:08 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 06:12 . 2004-08-12 14:09 662016 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2004-08-12 13:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2004-08-12 14:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19 . 2004-08-12 14:02 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-12 13:55 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-12 14:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-06-25 08:16 . 2009-06-25 08:16 8 ----a-w- c:\program files\fxxp.txt
.

((((((((((((((((((((((((((((( SnapShot@2010-05-05_03.02.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-06 01:36 . 2010-05-06 01:36 16384 c:\windows\Temp\Perflib_Perfdata_7c4.dat
+ 2008-10-16 21:09 . 2009-08-07 02:24 44768 c:\windows\system32\wups2.dll
+ 2009-04-26 01:17 . 2009-08-07 02:24 35552 c:\windows\system32\wups.dll
+ 2009-04-26 01:17 . 2009-08-07 02:24 53472 c:\windows\system32\wuauclt.exe
+ 2004-08-12 14:08 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll
+ 2010-05-05 03:14 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2004-08-12 14:07 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2009-05-14 03:36 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2009-12-15 22:40 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2010-05-05 03:04 . 2009-08-07 02:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-05-05 03:04 . 2009-08-07 02:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-12 14:04 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll
+ 2004-08-12 14:04 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2004-08-12 14:04 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll
- 2004-08-12 14:04 . 2004-08-12 14:04 69632 c:\windows\system32\raschap.dll
+ 2004-08-12 14:03 . 2010-02-26 06:12 39424 c:\windows\system32\pngfilt.dll
- 2004-08-12 14:03 . 2004-08-12 14:03 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-12 14:03 . 2010-05-05 04:21 40836 c:\windows\system32\perfc009.dat
- 2004-08-12 14:03 . 2010-04-08 21:26 40836 c:\windows\system32\perfc009.dat
+ 2009-04-26 01:15 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-12 14:01 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2004-08-12 14:01 . 2004-08-12 14:01 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 00:56 . 2009-11-27 17:33 17920 c:\windows\system32\msyuv.dll
+ 2004-08-12 14:01 . 2009-11-27 16:37 28672 c:\windows\system32\msvidc32.dll
+ 2004-08-12 14:01 . 2009-11-27 16:37 11264 c:\windows\system32\msrle32.dll
- 2004-08-12 14:01 . 2004-08-12 14:01 11264 c:\windows\system32\msrle32.dll
+ 2009-04-26 01:15 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2009-04-26 01:15 . 2004-08-12 14:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-12 14:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
+ 2004-08-12 14:00 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll
+ 2004-08-12 13:58 . 2010-02-26 06:12 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:56 . 2009-11-27 16:37 48128 c:\windows\system32\iyuv_32.dll
+ 2004-08-12 13:58 . 2010-02-26 06:12 96256 c:\windows\system32\inseng.dll
- 2004-08-12 13:58 . 2004-08-12 13:58 96256 c:\windows\system32\inseng.dll
+ 2004-08-12 13:57 . 2009-10-15 17:21 82432 c:\windows\system32\fontsub.dll
- 2004-08-12 13:57 . 2004-08-12 13:57 55808 c:\windows\system32\extmgr.dll
+ 2004-08-12 13:57 . 2010-02-26 06:12 55808 c:\windows\system32\extmgr.dll
+ 2004-08-12 13:58 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2009-04-26 01:17 . 2009-08-07 02:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-04-26 01:17 . 2009-08-07 02:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-12 14:08 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2004-08-12 14:07 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2004-08-12 14:04 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-12 14:04 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
- 2004-08-12 14:04 . 2004-08-12 14:04 69632 c:\windows\system32\dllcache\raschap.dll
+ 2004-08-12 14:04 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll
+ 2004-08-12 14:03 . 2010-02-26 06:12 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-12 14:03 . 2004-08-12 14:03 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-04-26 01:15 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-12 14:01 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-12 14:01 . 2004-08-12 14:01 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:33 . 2009-11-27 17:33 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-12 14:01 . 2009-11-27 16:37 28672 c:\windows\system32\dllcache\msvidc32.dll
- 2004-08-12 14:01 . 2004-08-12 14:01 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2004-08-12 14:01 . 2009-11-27 16:37 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2009-04-26 01:15 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2009-04-26 01:15 . 2004-08-12 14:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-12 14:00 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
+ 2004-08-12 14:00 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2004-08-12 13:58 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2004-08-12 13:58 . 2010-02-26 06:12 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2004-08-12 13:58 . 2010-02-26 06:12 96256 c:\windows\system32\dllcache\inseng.dll
- 2004-08-12 13:58 . 2004-08-12 13:58 96256 c:\windows\system32\dllcache\inseng.dll
- 2004-08-12 13:58 . 2004-08-12 13:58 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-12 13:58 . 2010-02-26 06:12 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-04-26 01:17 . 2004-08-12 13:58 18432 c:\windows\system32\dllcache\iedw.exe
+ 2009-04-26 01:17 . 2010-02-25 10:53 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-12 13:57 . 2009-10-15 17:21 82432 c:\windows\system32\dllcache\fontsub.dll
- 2004-08-12 13:57 . 2004-08-12 13:57 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-12 13:57 . 2010-02-26 06:12 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-12 13:56 . 2009-12-14 07:35 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-04-26 01:15 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll
+ 2004-08-12 13:56 . 2009-08-07 02:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-12 13:55 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-12 13:55 . 2009-11-27 16:37 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-12 13:55 . 2004-08-12 13:55 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2004-08-12 13:55 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
- 2004-08-12 13:55 . 2004-08-12 13:55 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-12 13:56 . 2009-12-14 07:35 33280 c:\windows\system32\csrsrv.dll
+ 2009-04-26 01:15 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
+ 2004-08-12 13:56 . 2009-08-07 02:24 96480 c:\windows\system32\cdm.dll
+ 2004-08-12 13:55 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
- 2004-08-12 13:55 . 2004-08-12 13:55 84992 c:\windows\system32\avifil32.dll
+ 2004-08-12 13:55 . 2009-11-27 16:37 84992 c:\windows\system32\avifil32.dll
- 2004-08-12 13:55 . 2004-08-12 13:55 58880 c:\windows\system32\atl.dll
+ 2004-08-12 13:55 . 2009-07-17 18:55 58880 c:\windows\system32\atl.dll
+ 2009-11-27 17:33 . 2009-11-27 17:33 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2001-08-17 22:36 . 2009-11-27 16:37 8704 c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-05-05 03:13 . 2010-02-25 11:01 352768 c:\windows\system32\xpsp3res.dll
+ 2009-04-26 01:17 . 2009-08-07 02:24 209632 c:\windows\system32\wuweb.dll
+ 2009-04-26 01:17 . 2009-08-07 02:24 327896 c:\windows\system32\wucltui.dll
+ 2009-04-26 01:17 . 2009-08-07 02:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-12 14:10 . 2009-04-02 06:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-10-19 04:47 . 2008-06-25 01:12 295936 c:\windows\system32\wmpeffects.dll
- 2006-10-19 04:47 . 2006-10-19 04:47 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-12 14:10 . 2009-07-14 06:43 286208 c:\windows\system32\wmpdxm.dll
+ 2004-08-12 14:10 . 2008-06-18 12:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2004-08-12 14:09 . 2007-10-28 00:40 222720 c:\windows\system32\wmasf.dll
- 2004-08-12 14:09 . 2004-08-12 14:09 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-12 14:09 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-12 14:09 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll
- 2004-08-12 14:09 . 2004-08-12 14:09 351232 c:\windows\system32\winhttp.dll
+ 2004-08-12 14:09 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2009-04-26 01:15 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2009-04-26 01:15 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2009-04-26 01:15 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-12 14:08 . 2010-02-26 06:12 624640 c:\windows\system32\urlmon.dll
+ 2004-08-12 14:07 . 2009-10-16 05:51 119808 c:\windows\system32\t2embed.dll
+ 2004-08-12 14:06 . 2009-08-26 08:16 247326 c:\windows\system32\strmdll.dll
+ 2004-08-12 14:05 . 2010-02-26 06:12 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-12 14:05 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
+ 2004-08-12 14:04 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll
+ 2004-08-12 14:04 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2004-08-12 14:04 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll
- 2004-08-12 14:04 . 2004-08-12 14:04 112128 c:\windows\system32\rastls.dll
+ 2004-08-12 14:04 . 2009-10-12 13:54 112128 c:\windows\system32\rastls.dll
- 2004-08-12 14:03 . 2010-04-08 21:26 314508 c:\windows\system32\perfh009.dat
+ 2004-08-12 14:03 . 2010-05-05 04:21 314508 c:\windows\system32\perfh009.dat
+ 2004-08-12 14:03 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
- 2004-08-12 14:03 . 2004-08-12 14:03 283648 c:\windows\system32\pdh.dll
+ 2004-08-12 14:02 . 2009-10-13 10:53 266752 c:\windows\system32\oakley.dll
- 2004-08-12 14:02 . 2004-08-12 14:02 266752 c:\windows\system32\oakley.dll
+ 2004-08-12 14:02 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2004-08-12 14:01 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
+ 2004-08-12 14:01 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
- 2004-08-12 14:01 . 2004-08-12 14:01 245248 c:\windows\system32\mswsock.dll
+ 2004-08-12 14:01 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll
+ 2004-08-12 14:01 . 2009-09-11 14:33 133632 c:\windows\system32\msv1_0.dll
+ 2009-04-26 01:15 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
+ 2004-08-12 14:01 . 2010-02-26 06:12 532480 c:\windows\system32\mstime.dll
+ 2004-08-12 14:01 . 2006-12-04 23:21 414720 c:\windows\system32\msscp.dll
+ 2004-08-12 14:01 . 2010-02-26 06:12 146432 c:\windows\system32\msrating.dll
- 2004-08-12 14:01 . 2004-08-12 14:01 146432 c:\windows\system32\msrating.dll
- 2009-04-26 01:15 . 2004-08-12 14:01 343040 c:\windows\system32\mspaint.exe
+ 2009-04-26 01:15 . 2009-12-16 12:58 343040 c:\windows\system32\mspaint.exe
+ 2004-08-12 14:00 . 2010-02-26 06:12 449024 c:\windows\system32\mshtmled.dll
+ 2009-04-26 01:15 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2009-04-26 01:15 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2009-04-26 01:15 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-12 13:59 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll
+ 2004-08-12 13:59 . 2008-06-18 08:09 100864 c:\windows\system32\logagent.exe
- 2004-08-12 13:59 . 2006-10-19 03:03 100864 c:\windows\system32\logagent.exe
+ 2004-08-12 13:59 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2004-08-12 13:58 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2004-08-12 13:58 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll
- 2004-08-12 13:58 . 2004-08-12 13:58 450560 c:\windows\system32\jscript.dll
+ 2004-08-12 13:58 . 2009-08-21 09:46 450560 c:\windows\system32\jscript.dll
+ 2009-04-26 01:17 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
+ 2004-08-12 13:58 . 2010-02-26 06:12 251392 c:\windows\system32\iepeers.dll
+ 2004-08-12 13:57 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
- 2009-04-25 14:12 . 2009-05-30 05:16 344216 c:\windows\system32\FNTCACHE.DAT
+ 2009-04-25 14:12 . 2010-05-05 04:16 344216 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-12 13:57 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
+ 2004-08-12 13:57 . 2010-02-26 06:12 205312 c:\windows\system32\dxtrans.dll
- 2004-08-12 13:57 . 2004-08-12 13:57 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-12 13:57 . 2010-02-26 06:12 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-12 14:07 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-12 14:06 . 2009-12-31 16:14 352640 c:\windows\system32\drivers\srv.sys
+ 2004-08-12 14:04 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2004-08-12 13:55 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2004-08-12 13:56 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2009-04-26 01:17 . 2009-08-07 02:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-04-26 01:17 . 2009-08-07 02:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-04-26 01:17 . 2009-08-07 02:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-04-26 01:15 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-12 14:10 . 2009-04-02 06:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-12 14:10 . 2009-07-14 06:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-12 14:10 . 2008-06-18 12:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2009-04-26 01:15 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-04-26 01:15 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-12 14:09 . 2007-10-28 00:40 222720 c:\windows\system32\dllcache\wmasf.dll
+ 2004-08-12 14:09 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2004-08-12 14:09 . 2004-08-12 14:09 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-12 14:09 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2004-08-12 14:09 . 2010-02-26 06:12 662016 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-12 14:09 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-12 14:09 . 2004-08-12 14:09 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-12 14:08 . 2004-08-12 14:08 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-12 14:08 . 2010-03-10 08:02 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-12 14:08 . 2010-02-26 06:12 624640 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-12 14:07 . 2007-06-27 05:10 317440 c:\windows\system32\dllcache\unregmp2.exe
- 2009-04-26 01:17 . 2004-08-12 14:07 153088 c:\windows\system32\dllcache\triedit.dll
+ 2009-04-26 01:17 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-12 14:07 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-12 14:07 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-12 14:07 . 2009-10-16 05:51 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-12 14:06 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-12 14:06 . 2009-12-31 16:14 352640 c:\windows\system32\dllcache\srv.sys
+ 2004-08-12 14:05 . 2010-02-26 06:12 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-12 14:05 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
+ 2004-08-12 14:04 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-12 14:04 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2004-08-12 14:04 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-12 14:04 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
+ 2004-08-12 14:04 . 2009-10-12 13:54 112128 c:\windows\system32\dllcache\rastls.dll
- 2004-08-12 14:04 . 2004-08-12 14:04 112128 c:\windows\system32\dllcache\rastls.dll
- 2004-08-12 14:03 . 2004-08-12 14:03 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-12 14:03 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-12 14:02 . 2009-10-13 10:53 266752 c:\windows\system32\dllcache\oakley.dll
- 2004-08-12 14:02 . 2004-08-12 14:02 266752 c:\windows\system32\dllcache\oakley.dll
+ 2004-08-12 14:02 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-12 14:01 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
- 2004-08-12 14:01 . 2004-08-12 14:01 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-12 14:01 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-12 14:01 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2004-08-12 14:01 . 2009-09-11 14:33 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-04-26 01:15 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-12 14:01 . 2010-02-26 06:12 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-12 14:01 . 2006-12-04 23:21 414720 c:\windows\system32\dllcache\msscp.dll
- 2004-08-12 14:01 . 2004-08-12 14:01 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-12 14:01 . 2010-02-26 06:12 146432 c:\windows\system32\dllcache\msrating.dll
- 2009-04-26 01:15 . 2004-08-12 14:01 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2009-04-26 01:15 . 2009-12-16 12:58 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2004-08-12 14:00 . 2010-02-26 06:12 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-04-26 01:15 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2009-04-26 01:15 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2009-04-26 01:15 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-04-26 01:17 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
- 2009-04-26 01:17 . 2004-08-12 14:00 331776 c:\windows\system32\dllcache\msadce.dll
+ 2004-08-12 13:59 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll
- 2004-08-12 13:59 . 2006-10-19 03:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-12 13:59 . 2008-06-18 08:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-12 13:59 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-12 13:58 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-12 13:58 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll
+ 2004-08-12 13:58 . 2009-08-21 09:46 450560 c:\windows\system32\dllcache\jscript.dll
- 2004-08-12 13:58 . 2004-08-12 13:58 450560 c:\windows\system32\dllcache\jscript.dll
+ 2009-04-26 01:17 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2004-08-12 13:58 . 2010-02-26 06:12 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-12 13:57 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2009-04-26 01:15 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-12 13:57 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
+ 2004-08-12 13:57 . 2010-02-26 06:12 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-12 13:57 . 2010-02-26 06:12 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-12 13:57 . 2004-08-12 13:57 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-12 13:56 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2004-08-12 13:56 . 2010-02-26 06:12 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2004-08-12 13:55 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
+ 2004-08-12 13:55 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-12 13:55 . 2004-08-12 13:55 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-12 13:55 . 2009-11-21 16:36 470528 c:\windows\system32\dllcache\aclayers.dll
+ 2004-08-12 13:55 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-12 13:56 . 2010-02-26 06:12 151040 c:\windows\system32\cdfview.dll
- 2004-08-12 13:55 . 2004-08-12 13:55 616960 c:\windows\system32\advapi32.dll
+ 2004-08-12 13:55 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
+ 2004-08-12 14:07 . 2007-06-27 05:10 317440 c:\windows\inf\unregmp2.exe
+ 2010-05-05 03:21 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-05-05 03:22 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2004-08-12 13:55 . 2009-11-21 16:36 470528 c:\windows\AppPatch\aclayers.dll
+ 2010-05-05 03:21 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-04-26 01:17 . 2009-08-07 02:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-08-12 14:10 . 2009-05-20 11:56 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-12 14:09 . 2009-08-14 12:19 1850112 c:\windows\system32\win32k.sys
+ 2004-08-12 14:05 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2004-08-12 14:05 . 2010-03-10 05:21 1506304 c:\windows\system32\shdocvw.dll
- 2004-08-12 14:03 . 2004-08-12 14:03 1435648 c:\windows\system32\query.dll
+ 2004-08-12 14:03 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
+ 2004-08-12 14:03 . 2009-11-27 17:33 1291264 c:\windows\system32\quartz.dll
+ 2004-08-12 14:01 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-12 14:00 . 2010-02-26 06:12 3065344 c:\windows\system32\mshtml.dll
+ 2009-04-26 01:17 . 2009-08-07 02:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-12 14:10 . 2009-05-20 11:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-12 14:09 . 2009-08-14 12:19 1850112 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-12 14:05 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-12 14:05 . 2010-03-10 05:21 1506304 c:\windows\system32\dllcache\shdocvw.dll
- 2004-08-12 14:03 . 2004-08-12 14:03 1435648 c:\windows\system32\dllcache\query.dll
+ 2004-08-12 14:03 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
+ 2004-08-12 14:03 . 2009-11-27 17:33 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-12 14:01 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-04-26 01:17 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2004-08-12 14:00 . 2010-02-26 06:12 3065344 c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-26 01:17 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe
- 2009-04-26 01:17 . 2004-08-12 14:00 3555328 c:\windows\system32\dllcache\moviemk.exe
+ 2004-08-12 13:56 . 2010-02-26 06:12 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-12 13:55 . 2010-03-10 05:21 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-12 13:56 . 2010-02-26 06:12 1054208 c:\windows\system32\danim.dll
+ 2004-08-12 13:55 . 2010-03-10 05:21 1023488 c:\windows\system32\browseui.dll
+ 2010-05-05 03:17 . 2010-02-16 13:19 2181376 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-05-05 03:17 . 2010-02-16 12:39 2016768 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2010-05-05 03:17 . 2010-02-16 12:39 2058368 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-05-05 03:17 . 2010-02-16 13:17 2137088 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2004-08-12 14:10 . 2009-07-14 06:43 10841088 c:\windows\system32\wmp.dll
+ 2010-05-05 03:55 . 2010-04-06 17:52 31971272 c:\windows\system32\MRT.exe
+ 2004-08-12 14:10 . 2009-07-14 06:43 10841088 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976]
"HostManager"="c:\program files\Common Files\AOL\1240798136\ee\AOLSoftware.exe" [2008-06-24 41824]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-25 1280272]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan Fox^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=c:\documents and settings\Jonathan Fox\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=c:\windows\pss\AOL Desktop.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1240798136\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\AOL\\1240798136\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/9/2009 12:59 AM 64160]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [5/3/2010 9:19 PM 30320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2010 2:53 AM 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2010 2:53 AM 19024]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [5/3/2010 9:19 PM 6364992]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [5/3/2010 10:12 PM 311568]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [5/3/2010 9:19 PM 54920]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [5/3/2010 9:19 PM 24400]
S0 klmdb;klmdb;c:\windows\system32\drivers\klmdb.sys --> c:\windows\system32\drivers\klmdb.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [12/6/2009 4:42 PM 14424]
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2010-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 19:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1220)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-05 19:03:08
ComboFix-quarantined-files.txt 2010-05-06 02:03
ComboFix2.txt 2010-05-05 03:06

Pre-Run: 227,252,809,728 bytes free
Post-Run: 227,221,106,688 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - DE734CB4EC9B8544ABDB2392B09F650C


If I can get Malwarebytes running, I'll let you know. If not, I'll let you know.


Edited by JonFox, 06 May 2010 - 06:44 PM.


#12 JonFox

JonFox
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 06 May 2010 - 06:46 PM

Alrighty. I got it working. It installed as mbam-setup-1.46.exe and ran perfectly afterwards. Here's the log.




Scan type: Full scan (C:\|)
Objects scanned: 162826
Time elapsed: 37 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{88A82A9C-F6E4-4062-A6C1-AFA3F304E5F2}\RP46\A0004205.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\rwfyomd.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:16 PM

Posted 07 May 2010 - 08:56 AM

I don't see much wrong their just a couple of bits we can clean up, how is the computer running?

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=""
Driver::
klmdb


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, Aclick on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • Combofix.txt
  • Kaspersky report

Thanks

unite.jpg


#14 JonFox

JonFox
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 07 May 2010 - 08:22 PM

It still locks up a lot on occasion. It's a pain in the butt. The Kaspersky Online Scanner is taking FOREVER to run. The update itself is being a huge pain in the butt and I've been trying to run it completely for the past...............four and a half hours? I don't know. The second it runs, though, I'll post it's log for you. In the meanwhile, here's the ComboFix log.


ComboFix 10-05-07.01 - Jonathan Fox 05/06/2010 16:29:15.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.141 [GMT -7:00]
Running from: c:\documents and settings\Jonathan Fox\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jonathan Fox\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_klmdb


((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-06 09:46 . 2010-05-06 09:46 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-06 09:45 . 2010-05-06 09:30 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-06 09:45 . 2010-05-06 09:29 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-06 09:45 . 2009-11-18 10:31 530639 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-05-06 09:45 . 2009-11-18 10:31 530639 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-05-06 09:45 . 2010-05-06 09:45 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-06 09:45 . 2010-05-06 09:45 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-06 09:45 . 2010-05-06 09:45 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-06 09:45 . 2010-05-06 09:45 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-06 09:44 . 2010-05-06 09:44 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-06 09:44 . 2010-05-06 09:44 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-06 09:44 . 2010-05-06 09:44 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-06 09:44 . 2010-05-06 09:44 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-06 09:44 . 2010-05-06 09:44 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-06 09:44 . 2010-05-06 09:44 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-06 09:43 . 2010-05-06 09:43 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-05-06 09:43 . 2010-05-06 09:43 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-05-06 09:43 . 2010-05-06 09:43 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-05-06 09:43 . 2010-05-06 09:43 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-06 09:43 . 2010-05-06 09:43 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-06 09:42 . 2010-05-06 09:42 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-06 09:41 . 2010-05-06 09:41 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-06 09:41 . 2010-05-06 09:41 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-06 09:29 . 2010-05-06 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-06 02:06 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 02:06 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 03:45 . 2010-05-05 03:45 -------- d-----w- c:\windows\ServicePackFiles
2010-05-05 03:24 . 2010-05-05 03:38 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-05-05 03:22 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-05 03:22 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-05-05 03:21 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-05 03:17 . 2010-02-16 13:17 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-05-05 03:17 . 2010-02-16 13:19 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-05-05 03:17 . 2010-02-16 12:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-05-05 03:17 . 2010-02-16 12:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-05-05 03:11 . 2010-05-05 04:00 -------- d--h--w- c:\windows\$hf_mig$
2010-05-05 03:06 . 2010-05-05 03:06 90424 ----a-w- c:\documents and settings\Jonathan Fox\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-04 09:53 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-04 09:53 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-04 09:53 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-04 09:53 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-04 09:53 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-04 09:53 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-04 09:53 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-04 09:51 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-04 09:51 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-04 07:29 . 2010-05-04 07:29 -------- d-----w- c:\program files\CCleaner
2010-05-04 05:52 . 2010-05-04 05:52 -------- d-----w- c:\program files\Alwil Software
2010-05-04 05:52 . 2010-05-04 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-04 05:12 . 2010-05-04 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-05-04 05:12 . 2010-05-04 05:12 -------- d-----w- c:\program files\IObit
2010-05-04 05:11 . 2009-04-26 01:19 0 ----a-w- c:\documents and settings\Jonathan Fox\Application Data\WinPatrol\Config.sys
2010-05-04 05:11 . 2010-05-04 05:11 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\WinPatrol
2010-05-04 05:11 . 2009-04-26 01:19 0 ----a-w- c:\documents and settings\Jonathan Fox\Application Data\WinPatrol\Autoexec.bat
2010-05-04 05:11 . 2010-05-04 05:11 -------- d-----w- c:\program files\BillP Studios
2010-05-04 04:46 . 2010-05-04 05:03 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\CheckPoint
2010-05-04 04:46 . 2010-05-04 05:05 -------- d-----w- c:\program files\CheckPoint
2010-05-04 04:46 . 2010-05-04 04:46 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-04 04:41 . 2010-05-04 05:07 -------- d-----w- c:\windows\Internet Logs
2010-05-04 04:19 . 2010-05-04 04:19 60928 ----a-w- c:\windows\system32\PxSecure.dll
2010-05-04 04:19 . 2010-05-04 04:19 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-05-04 04:19 . 2010-05-04 04:19 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-05-04 04:19 . 2010-05-04 04:19 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-05-04 04:19 . 2010-05-04 04:19 -------- d-----w- c:\program files\Prevx
2010-05-04 04:19 . 2010-05-04 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-05-04 04:16 . 2010-05-04 04:16 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\Malwarebytes
2010-05-04 03:57 . 2010-05-06 02:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-02 14:52 . 2010-05-02 14:52 -------- d-----w- c:\program files\Trend Micro
2010-04-29 11:48 . 2010-04-29 12:05 -------- d-----w- c:\program files\GMUD32
2010-04-29 07:48 . 2010-04-29 08:26 -------- d-----w- c:\program files\Spyware Doctor
2010-04-29 07:48 . 2010-04-29 08:26 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-29 07:48 . 2010-04-29 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-29 07:48 . 2010-04-29 08:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-29 07:47 . 2010-04-29 07:54 -------- d-----w- c:\program files\Rq
2010-04-19 23:45 . 2010-04-19 23:45 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 21:12 . 2009-04-27 09:44 -------- d-----w- c:\program files\Google
2010-05-06 21:08 . 2009-04-27 01:30 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\uTorrent
2010-05-06 10:16 . 2009-05-14 06:49 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\DivX
2010-05-06 09:45 . 2009-04-27 09:44 -------- d-----w- c:\program files\DivX
2010-05-06 09:41 . 2009-04-27 09:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-28 07:06 . 2009-12-06 23:42 -------- d-----w- c:\program files\PeerBlock
2010-04-27 02:22 . 2009-06-01 04:20 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\Skype
2010-04-26 23:05 . 2009-06-01 04:21 -------- d-----w- c:\documents and settings\Jonathan Fox\Application Data\skypePM
2010-03-31 01:58 . 2009-04-27 09:44 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2009-04-27 09:44 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2009-04-27 09:44 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2009-04-27 09:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-23 01:44 . 2010-03-23 01:44 -------- d-----w- c:\program files\Funcom
2010-03-20 08:00 . 2010-03-20 07:45 -------- d-----w- c:\program files\StarWarsGalaxies
2010-03-20 07:45 . 2010-03-20 07:45 -------- d-----w- c:\program files\Sony
2010-03-15 06:31 . 2009-04-27 01:30 -------- d-----w- c:\program files\uTorrent
2010-03-10 08:02 . 2004-08-12 14:08 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-26 06:12 . 2004-08-12 14:09 662016 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2004-08-12 13:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2004-08-12 14:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 13:19 . 2004-08-12 14:02 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-12 13:55 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-12 14:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-06-25 08:16 . 2009-06-25 08:16 8 ----a-w- c:\program files\fxxp.txt
.

((((((((((((((((((((((((((((( SnapShot_2010-05-06_02.00.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-06 23:35 . 2010-05-06 23:35 16384 c:\windows\Temp\Perflib_Perfdata_ac.dat
+ 2009-04-27 09:44 . 2010-03-31 01:58 68080 c:\windows\system32\pxinsa64.exe
+ 2009-04-27 09:44 . 2010-03-31 01:58 72176 c:\windows\system32\pxhpinst.exe
+ 2009-04-27 09:44 . 2010-03-31 01:58 68080 c:\windows\system32\pxcpya64.exe
+ 2009-04-27 09:44 . 2010-03-31 01:58 100848 c:\windows\system32\vxblock.dll
+ 2009-04-27 09:44 . 2010-03-31 01:58 440816 c:\windows\system32\pxwave.dll
+ 2009-04-27 09:44 . 2010-03-31 01:58 219632 c:\windows\system32\pxmas.dll
+ 2009-04-27 09:44 . 2010-03-31 01:58 559600 c:\windows\system32\pxdrv.dll
+ 2009-04-27 09:44 . 2010-03-31 01:58 678384 c:\windows\system32\px.dll
+ 2009-04-27 09:44 . 2010-03-31 01:58 2083312 c:\windows\system32\pxsfs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976]
"HostManager"="c:\program files\Common Files\AOL\1240798136\ee\AOLSoftware.exe" [2008-06-24 41824]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-25 1280272]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan Fox^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=c:\documents and settings\Jonathan Fox\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=c:\windows\pss\AOL Desktop.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1240798136\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\AOL\\1240798136\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/9/2009 12:59 AM 64160]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [5/3/2010 9:19 PM 30320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2010 2:53 AM 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2010 2:53 AM 19024]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [5/3/2010 9:19 PM 6364992]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [5/3/2010 9:19 PM 54920]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [5/3/2010 9:19 PM 24400]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [5/3/2010 10:12 PM 311568]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [12/6/2009 4:42 PM 14424]
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2010-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\Jonathan Fox\Application Data\Mozilla\Firefox\Profiles\9eayc1az.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 16:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2140)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-06 16:40:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-06 23:40
ComboFix2.txt 2010-05-06 02:03
ComboFix3.txt 2010-05-05 03:06

Pre-Run: 224,045,273,088 bytes free
Post-Run: 224,011,456,512 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 557EDD463960CF8B626E279400CADD72


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:16 PM

Posted 07 May 2010 - 08:39 PM

If you want you can try a different scanner, I know Kaspersky can be a pain in the butt sometimes and
ESET should be a lot quicker.

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push



If the online scan doesn't show anything, then I would suggest try to uninstall some more of your security
software, you have AdAware, Iobit and prevx all there. I would say you only really need one of these, I
would definitely try removing Prevx first, that seem to take up a lot of resources.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users