Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: That IE Zero-Day From May Needed a Second Patch in July

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

Help! Infected by something..Google re-directs to HOTSPOT SHIELD and computer is SLOW!!

Started by Caeji1 , May 07 2010 04:01 AM

This topic is locked

18 replies to this topic

#1 Caeji1

Members
18 posts
OFFLINE

Local time:02:08 PM

Posted 07 May 2010 - 04:01 AM

Hi,
I am new to this board and have seen how helpful its members can be. I too have been infected with the Google Redirect problem. The Google search results page re-directs to a search by anchorfree and hotspot shield. I have banner ads on the top of my browser window. I use Firefox 3.6.3 and have noticed this problem anytime I conduct a search using FF. It takes the windows time to open and even then they appear quite sluggish. The computer is very slow and even when I have just one browser window open the Task Manager shows that CPU usage is 100%. I have run my AVG 8.5, Spy Sweeper and Malwarebytes Anti-Malware with no success. I am at my wits end and any help that I can get to prevent me from having to reformat would be much appreciated. Below, you will find my DDS.txt log.
Thanks...

DDS (Ver_10-03-17.01) - NTFSx86
Run by Christos at 15:07:09.04 on 05/05/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1271.433 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
C:\Program Files\Talking Time Keeper\TalkingTimeKeeper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Christos\Desktop\Defogger.exe
C:\Documents and Settings\Christos\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.google.com
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://google.com
mDefault_Page_URL = hxxp://mail.google.com
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/learnmore/learnmore.asp?close=true&lcode=en-us
uInternet Settings,ProxyServer = 216.218.211.56:80
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Window Washer] "c:\program files\webroot\washer\wwDisp.exe"
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [Google Update] "c:\documents and settings\christos\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxhkcmd] "c:\windows\system32\hkcmd.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startu~1.lnk - c:\program files\zards software\startup defender\Startup Defender.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\talkin~1.lnk - c:\program files\talking time keeper\TalkingTimeKeeper.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {A9926F13-DF17-4303-BC03-AA29DEBA32F3} = 212.100.64.19 4.2.2.2
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\christos\applic~1\mozilla\firefox\profiles\qdyk16uj.default\
FF - prefs.js: browser.startup.homepage - mail.google.com
FF - prefs.js: network.proxy.ftp - 216.218.211.56
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 216.218.211.56
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 216.218.211.56
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 216.218.211.56
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 216.218.211.56
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\christos\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-7 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-16 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-7 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-7 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-7 297752]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-4 304464]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2010-4-3 1201640]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-5-27 598856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-4 20952]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-10-12 99200]

=============== Created Last 30 ================

2010-05-05 14:03:31 0 ----a-w- c:\documents and settings\christos\defogger_reenable
2010-05-04 11:12:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-04 11:12:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-04 00:00:13 0 d-----w- c:\docume~1\christos\applic~1\Malwarebytes
2010-05-03 23:59:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-03 23:59:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-03 23:59:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-03 23:59:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-20 10:40:47 1089601 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-04-08 09:58:01 0 d-----w- c:\windows\system32\XPSViewer
2010-04-08 09:56:48 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-08 09:56:48 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-08 09:56:48 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-08 09:56:48 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-08 09:56:48 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-08 09:56:47 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-08 09:56:47 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-08 09:56:46 0 d-----w- C:\891b33c6303ed7b0c4d7
2010-04-08 09:49:27 0 d-----w- c:\program files\MSXML 6.0

==================== Find3M ====================

2094-01-27 19:15:14 42512 ----a-w- c:\windows\fonts\AnkeCalligraph.TTF
2010-04-04 14:46:01 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-25 20:18:48 296593 ----a-w- c:\windows\system32\SpoonUninstall-Talking Time Keeper.dat
2010-03-25 20:18:47 216576 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-03-25 20:16:31 159744 ----a-w- c:\windows\Talking Time Keeper.scr
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-02-24 12:31:30 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-23 05:20:02 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 05:18:28 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2010-02-17 10:57:54 2063744 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-17 10:57:54 2063744 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 17:37:57 2186880 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 17:37:57 2186880 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 17:35:40 2143744 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 16:57:54 2021888 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:47:05 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:47:05 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:01:43 226880 ----a-w- c:\windows\system32\dllcache\tcpip6.sys
2006-06-05 10:04:17 88 -csh--r- c:\windows\system32\8A8AA5DF67.sys

============= FINISH: 15:10:42.37 ===============

Thanks in advance for your help guys!

Attached Files

Attach.txt 17.7KB 7 downloads
ark.txt 13.63KB 15 downloads

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Blade

Strong in the Bleepforce

Site Admin
12,704 posts
OFFLINE

Gender:Male
Location:US
Local time:10:08 AM

Posted 09 May 2010 - 10:22 PM

Hello, and

to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.

I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand.

***************************************************

Please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
Double click on renamed.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

~Blade

In your next reply, please include the following:
ComboFix Log

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+

#3 Caeji1

Topic Starter

Members
18 posts
OFFLINE

Local time:02:08 PM

Posted 09 May 2010 - 11:57 PM

Hi Blade, Thanks for your help. This is the information you requested. I was looking through the forum and saw people that seemed to have a similar problem with me. Based on the advice they were getting I have run OTL by OldTimer - Version 3.2.4.1, SystemLook and lastly ComboFix. I am posting the logs here for you. I hope they will be of help. However I had initial problems getting ComboFix to run. When I double-clicked on it I got the following error messages "Error - Win32 only
Incompatible OS. ComboFix only works for workstations with Windows 2000 and XP

3278822FWJFW\hidec.exe
Windows cannot find '3278822FWJFW\hidec.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start Button, and then click Search."

It eventually ran though. Finally this browser window opens randomly:- http://rss2search.com/new/?widgetClass=IDG...8756d616e253231

OTL LOG AND EXTRA LOG

OTL logfile created on: 08/05/2010 08:25:11 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Christos\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 1271 1471 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.17 Gb Total Space | 14.19 Gb Free Space | 41.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 11.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCS9G62J
Current User Name: Christos
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/08 08:23:34 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christos\Desktop\OTL.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/03 00:57:14 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2010/04/01 18:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/27 07:54:42 | 001,045,504 | ---- | M] (Zards Software) -- C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
PRC - [2010/03/25 21:16:05 | 001,429,504 | ---- | M] () -- C:\Program Files\Talking Time Keeper\TalkingTimeKeeper.exe
PRC - [2010/03/19 09:31:20 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SSU.exe
PRC - [2009/08/20 10:10:21 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/20 10:10:20 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/20 10:10:16 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/20 10:10:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/20 10:10:01 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/10/04 14:08:56 | 000,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/11/26 14:47:30 | 001,206,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

========== Modules (SafeList) ==========

MOD - [2010/05/08 08:23:34 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christos\Desktop\OTL.exe
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/03 00:57:14 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/08/20 10:10:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/20 10:10:01 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/03/20 02:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/08/20 10:10:21 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/20 10:10:20 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/06/07 17:03:27 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/03/17 11:03:46 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/01/11 15:38:00 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/10/12 16:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2007/10/12 16:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/10/12 16:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/04/13 09:50:42 | 000,090,888 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrsce.sys -- (zebrsce)
DRV - [2007/04/13 09:50:38 | 000,108,424 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrmdmc.sys -- (zebrmdmc) Sony Ericsson mRouter Port (WDM)
DRV - [2007/04/13 09:50:38 | 000,108,296 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrmdm.sys -- (zebrmdm) Sony Ericsson Port (WDM)
DRV - [2007/04/13 09:50:36 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrmdfl.sys -- (zebrmdfl)
DRV - [2007/04/13 09:50:30 | 000,083,080 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrbus.sys -- (zebrbus)
DRV - [2007/04/13 09:50:30 | 000,062,984 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\zebrceb.sys -- (zebrceb) Sony Ericsson Cable Emulation Bus (WDM)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/05/15 11:04:16 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/11/29 04:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/14 13:41:10 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | On_Demand | Running] -- C:\Program Files\Dell\NicConfigSvc\Appdrv.sys -- (Appdrv)
DRV - [2005/11/02 19:24:42 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 23:15:32 | 001,032,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/05 03:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/07/22 03:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 03:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 03:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 00:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://mail.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2708166369-2255311316-2520956664-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2708166369-2255311316-2520956664-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2708166369-2255311316-2520956664-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2708166369-2255311316-2520956664-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com
IE - HKU\S-1-5-21-2708166369-2255311316-2520956664-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2708166369-2255311316-2520956664-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2708166369-2255311316-2520956664-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 216.218.211.56:80

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "mail.google.com"
FF - prefs.js..network.proxy.backup.ftp: "216.218.211.56"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "216.218.211.56"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "216.218.211.56"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "216.218.211.56"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "216.218.211.56"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "216.218.211.56"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "216.218.211.56"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "216.218.211.56"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "216.218.211.56"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 20:46:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 12:46:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/04 12:12:50 | 000,000,000 | ---D | M]

[2010/04/03 19:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christos\Application Data\Mozilla\Extensions
[2010/05/06 10:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christos\Application Data\Mozilla\Firefox\Profiles\qdyk16uj.default\extensions
[2010/04/26 09:11:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Christos\Application Data\Mozilla\Firefox\Profiles\qdyk16uj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/06 10:01:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/04 12:13:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/04 12:11:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/04/04 18:28:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKU\S-1-5-21-2708166369-2255311316-2520956664-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2708166369-2255311316-2520956664-1006..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2708166369-2255311316-2520956664-1006..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Disabled [2010/04/03 17:12:24 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Startup Defender.lnk = C:\Program Files\Zards software\Startup Defender\Startup Defender.exe (Zards Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TalkingTimeKeeper Application.lnk = C:\Program Files\Talking Time Keeper\TalkingTimeKeeper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2708166369-2255311316-2520956664-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2708166369-2255311316-2520956664-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2708166369-2255311316-2520956664-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2708166369-2255311316-2520956664-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Christos\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Christos\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/25 06:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/21 03:45:28 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4a026d05-1f9c-11df-80ae-001422a0b244}\Shell - "" = AutoRun
O33 - MountPoints2\{4a026d05-1f9c-11df-80ae-001422a0b244}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a026d05-1f9c-11df-80ae-001422a0b244}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/04/25 06:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 12:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Family and Friends Reminders.LNK - C:\Program Files\Corel\Print House Magic\cffrem.exe - (Corel Corporation)
MsConfig - StartUpReg: MobiLink Lite - hkey= - key= - C:\Program Files\Novatel Wireless\Mobilink\Lite.exe (Novatel Wireless)
MsConfig - StartUpReg: MSKDetectorExe - hkey= - key= - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/08 08:22:49 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christos\Desktop\OTL.exe
[2010/05/04 12:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/04 12:12:50 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/04 12:12:50 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/04 12:12:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/04 12:12:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/04 12:12:50 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/04 10:50:20 | 016,295,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Christos\Desktop\jre-6u20-windows-i586.exe
[2010/05/04 01:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christos\Application Data\Malwarebytes
[2010/05/04 00:59:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/04 00:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/04 00:59:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/04 00:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/26 08:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christos\Desktop\New Folder
[2010/04/22 12:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christos\Local Settings\Application Data\Temp
[2010/04/08 10:58:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/08 10:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/04/08 10:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/04/08 10:56:48 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/04/08 10:56:48 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/04/08 10:56:48 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/04/08 10:56:48 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/04/08 10:56:47 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/04/08 10:56:47 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/04/08 10:56:46 | 000,000,000 | ---D | C] -- C:\891b33c6303ed7b0c4d7
[2010/04/08 10:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0

========== Files - Modified Within 30 Days ==========

[2010/05/08 09:44:09 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2708166369-2255311316-2520956664-1006UA.job
[2010/05/08 08:23:34 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christos\Desktop\OTL.exe
[2010/05/08 08:16:15 | 059,699,359 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/07 12:44:05 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2708166369-2255311316-2520956664-1006Core.job
[2010/05/07 10:38:53 | 000,001,480 | ---- | M] () -- C:\WINDOWS\XMailer.INI
[2010/05/07 08:58:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/07 08:56:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/07 08:56:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/07 08:56:22 | 1333,198,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/07 05:20:35 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Christos\ntuser.dat
[2010/05/06 13:45:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/05 15:17:29 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Christos\Desktop\gmer.zip
[2010/05/05 15:06:02 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Christos\Desktop\dds.scr
[2010/05/05 15:03:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Christos\defogger_reenable
[2010/05/05 15:02:11 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Christos\Desktop\Defogger.exe
[2010/05/05 10:36:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Christos\ntuser.ini
[2010/05/04 12:11:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/04 12:11:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/04 12:11:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/04 12:11:35 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/04 12:11:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/04 11:09:37 | 016,295,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Christos\Desktop\jre-6u20-windows-i586.exe
[2010/05/04 00:59:39 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/03 08:46:15 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Christos\Desktop\Google Chrome.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/25 22:13:26 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Christos\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/24 22:39:21 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/23 07:25:18 | 000,504,314 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/23 07:25:18 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/23 07:25:18 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/16 12:30:10 | 000,100,312 | ---- | M] () -- C:\Documents and Settings\Christos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/16 12:26:55 | 000,314,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/05/05 15:15:51 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Christos\Desktop\gmer.zip
[2010/05/05 15:05:28 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Christos\Desktop\dds.scr
[2010/05/05 15:03:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Christos\defogger_reenable
[2010/05/05 15:01:54 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Christos\Desktop\Defogger.exe
[2010/05/04 00:59:39 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/22 14:21:16 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\Christos\Desktop\Google Chrome.lnk
[2010/04/22 12:39:31 | 000,000,990 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2708166369-2255311316-2520956664-1006UA.job
[2010/04/22 12:39:29 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2708166369-2255311316-2520956664-1006Core.job
[2010/04/04 15:01:31 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/04 13:57:44 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/04/04 13:57:44 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/04/04 13:57:44 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/04/04 13:57:44 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/04/03 08:55:27 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/03/25 22:18:57 | 000,000,032 | ---- | C] () -- C:\WINDOWS\TTKVoiceBuilder.INI
[2010/02/01 22:13:28 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\888EE2BCFEDB43a581D1CC58E9642691.ini
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/08/25 14:46:46 | 000,000,058 | ---- | C] () -- C:\WINDOWS\pdf2rtf.INI
[2009/06/28 10:01:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/06/16 11:53:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/12 14:11:08 | 000,001,480 | ---- | C] () -- C:\WINDOWS\XMailer.INI
[2008/05/27 12:43:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/07 19:36:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2006/09/21 10:05:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/06/05 11:59:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/05 11:48:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/06/05 11:43:20 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2006/06/05 11:43:20 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006/06/05 11:43:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006/06/05 11:43:20 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2006/06/05 11:02:40 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8A8AA5DF67.sys
[2006/05/15 11:18:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/15 11:14:04 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/15 10:38:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/05/15 10:38:20 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/05/15 10:37:40 | 000,000,401 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/28 05:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/28 05:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/28 05:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/08/10 13:12:05 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/05/14 14:55:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 08:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Custom Scans ==========

< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/11 13:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/03/11 13:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009/11/06 12:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >
[2005/10/31 16:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 08/05/2010 08:25:11 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Christos\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 1271 1471 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.17 Gb Total Space | 14.19 Gb Free Space | 41.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 11.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCS9G62J
Current User Name: Christos
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2708166369-2255311316-2520956664-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1 -- (Sony Creative Software Inc.)
"C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe" = C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module -- (Intuwave Ltd.)
"C:\Program Files\WinSec\Super Email Sender\XMailer.exe" = C:\Program Files\WinSec\Super Email Sender\XMailer.exe:*:Enabled:XMailer -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{28938B7C-B11B-49BD-84E4-44C8416D4C07}" = Mobilink Lite
"{2E0C4E9E-6ED1-4F86-A4C6-D0D84B77B29E}" = Sony Ericsson Media Manager 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{430EB7ED-8588-430D-B17C-BFFA00CB370A}" = PC Suite for Sony Ericsson
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}" = CinepPlayer 30 Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0C04904-ED13-4DB3-ACCA-A41079EBA23C}" = Opera 9.60
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}" = Opera 9.52
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"Absolute MP3 Splitter_is1" = Absolute MP3 Splitter version 2.8.7
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Advanced Mass Sender 4.3" = Advanced Mass Sender 4.3
"AOE Trial" = Microsoft Age of Empires Trial
"Ares" = Ares 2.0.9
"AVG8Uninstall" = AVG Free 8.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Corel Applications" = Corel Applications
"Easy PDF to Word Converter v2.0_is1" = Easy PDF to Word Converter v2.0
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"mRouterRuntime" =
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer Basic
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
"Startup Defender " = Startup Defender 1.9.5
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Super Email Sender_is1" = Super Email Sender
"Surround Mp4 Tool" = Surround Mp4 Tool 3.0.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Talking Time Keeper" = Talking Time Keeper
"visasurf" = visasurf
"WIC" = Windows Imaging Component
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Yahoo! Messenger" = Yahoo! Messenger
"Your Uninstaller!_is1" = Your Uninstaller! Version 6.3
"YU2010_is1" = Your Uninstaller! 2010

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2708166369-2255311316-2520956664-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/04/2010 16:44:05 | Computer Name = DCS9G62J | Source = Google Update | ID = 20
Description =

Error - 25/04/2010 17:19:48 | Computer Name = DCS9G62J | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x03f123ac.

Error - 25/04/2010 17:44:06 | Computer Name = DCS9G62J | Source = Google Update | ID = 20
Description =

Error - 25/04/2010 23:49:34 | Computer Name = DCS9G62J | Source = Google Update | ID = 20
Description =

Error - 26/04/2010 00:49:39 | Computer Name = DCS9G62J | Source = Google Update | ID = 20
Description =

Error - 26/04/2010 01:49:28 | Computer Name = DCS9G62J | Source = Google Update | ID = 20
Description =

Error - 03/05/2010 16:50:48 | Computer Name = DCS9G62J | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 04/05/2010 06:26:27 | Computer Name = DCS9G62J | Source = Application Error | ID = 1000
Description = Faulting application jucheck.exe, version 6.0.50.13, faulting module
user32.dll, version 5.1.2600.3099, fault address 0x0001e69c.

Error - 07/05/2010 05:29:16 | Computer Name = DCS9G62J | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 9.0.0.2717, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 07/05/2010 05:31:41 | Computer Name = DCS9G62J | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 9.0.0.2717, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 25/04/2010 17:35:39 | Computer Name = DCS9G62J | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 25/04/2010 17:35:43 | Computer Name = DCS9G62J | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 27/04/2010 00:39:20 | Computer Name = DCS9G62J | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 27/04/2010 00:39:29 | Computer Name = DCS9G62J | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.

Error - 27/04/2010 03:38:25 | Computer Name = DCS9G62J | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ShellHWDetection service.

Error - 28/04/2010 00:37:16 | Computer Name = DCS9G62J | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.

Error - 03/05/2010 02:45:20 | Computer Name = DCS9G62J | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 05/05/2010 08:24:26 | Computer Name = DCS9G62J | Source = Service Control Manager | ID = 7034
Description = The Webroot Client Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 06/05/2010 04:30:56 | Computer Name = DCS9G62J | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 06/05/2010 23:18:46 | Computer Name = DCS9G62J | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

< End of report >

SYSTEM LOOK LOG AND COMBOFIX LOG

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 21:22 on 08/05/2010 by Christos (Administrator - Elevation successful)

========== filefind ==========

Searching for "*Hotspot*"
No files found.

Searching for "*Anchorfree*"
No files found.

Searching for "HSsdrv"
No files found.

========== folderfind ==========

Searching for "*Hotspot*"
No folders found.

Searching for "*Anchorfree*"
C:\Documents and Settings\Christos\Application Data\Macromedia\Flash Player\#SharedObjects\C6XHS7E3\box.anchorfree.net d----- [22:37 03/04/2010]
C:\Documents and Settings\Christos\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#box.anchorfree.net d----- [22:37 03/04/2010]

========== regfind ==========

Searching for "Hotspot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F9B97B0-D0D0-4036-815B-4E2A874CCD4B}]
@="IQTHotspot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C210E589-6B11-41F3-BFD6-79FDF3A206D6}]
@="IQTHotspots"

Searching for "Anchorfree"
No data found.

-=End Of File=-

ComboFix 10-05-07.07 - Christos 08/05/2010 22:56:24.2.1 - x86
Running from: c:\documents and settings\Christos\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-04-08 to 2010-05-08 )))))))))))))))))))))))))))))))
.

2010-05-04 11:12 . 2010-05-04 11:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-04 00:00 . 2010-05-04 00:00 -------- d-----w- c:\documents and settings\Christos\Application Data\Malwarebytes
2010-05-03 23:59 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-03 23:59 . 2010-05-03 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-03 23:59 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-03 23:59 . 2010-05-03 23:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-22 11:39 . 2010-05-03 07:45 -------- d-----w- c:\documents and settings\Christos\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 09:38 . 2009-05-23 08:21 -------- d-----w- c:\program files\MassSender
2010-05-05 13:36 . 2008-01-16 16:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-04 11:13 . 2006-05-15 09:55 -------- d-----w- c:\program files\Common Files\Java
2010-05-04 11:11 . 2006-05-15 09:55 -------- d-----w- c:\program files\Java
2010-04-16 11:30 . 2006-06-05 10:02 100312 -c--a-w- c:\documents and settings\Christos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-08 09:57 . 2010-04-08 09:57 -------- d-----w- c:\program files\MSBuild
2010-04-08 09:57 . 2010-04-08 09:57 -------- d-----w- c:\program files\Reference Assemblies
2010-04-08 09:49 . 2010-04-08 09:49 -------- d-----w- c:\program files\MSXML 6.0
2010-04-04 20:39 . 2008-11-12 11:26 -------- d-----w- c:\program files\WinSec
2010-04-04 14:46 . 2010-04-04 14:01 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-04 14:01 . 2010-04-04 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-04 12:57 . 2010-04-04 12:57 -------- d-----w- c:\documents and settings\Christos\Application Data\Simply Super Software
2010-04-04 11:12 . 2008-05-27 11:05 -------- d-----w- c:\program files\Opera
2010-04-03 18:08 . 2010-04-03 18:08 -------- d-----w- c:\program files\Alwil Software
2010-04-03 18:08 . 2010-04-03 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-02 23:56 . 2010-04-02 23:56 -------- d-----w- c:\program files\MSSOAP
2010-04-02 22:00 . 2010-04-02 22:00 -------- d-----w- c:\program files\Microsoft Games
2010-03-29 04:29 . 2010-03-25 20:16 -------- d-----w- c:\program files\Talking Time Keeper
2010-03-25 20:18 . 2010-03-25 20:18 296593 ----a-w- c:\windows\system32\SpoonUninstall-Talking Time Keeper.dat
2010-03-25 20:18 . 2010-03-25 20:18 216576 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-03-25 20:16 . 2010-03-25 20:19 159744 ----a-w- c:\windows\Talking Time Keeper.scr
2010-03-25 15:49 . 2010-03-25 15:49 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-03-25 15:30 . 2009-10-28 06:17 -------- d-----w- c:\program files\Your Uninstaller
2010-03-11 12:38 . 2004-08-10 11:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-10 11:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 11:50 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-10 11:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 19:46 . 2010-04-04 13:02 3691384 ----a-w- c:\documents and settings\Christos\Application Data\Simply Super Software\Trojan Remover\feb110.exe
2010-02-24 12:31 . 2006-05-15 09:36 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 10:57 . 2004-08-03 21:59 2063744 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 17:37 . 2004-08-10 11:51 2186880 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-12 04:47 . 2004-08-10 11:50 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-10 11:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2006-06-05 10:04 . 2006-06-05 10:02 88 -csh--r- c:\windows\system32\8A8AA5DF67.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"Google Update"="c:\documents and settings\Christos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-22 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Startup Defender.lnk - c:\program files\Zards software\Startup Defender\Startup Defender.exe [2009-1-26 1045504]
TalkingTimeKeeper Application.lnk - c:\program files\Talking Time Keeper\TalkingTimeKeeper.exe [2010-3-25 1429504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 09:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Family and Friends Reminders.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel Family and Friends Reminders.LNK
backup=c:\windows\pss\Corel Family and Friends Reminders.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobiLink Lite]
2008-01-11 15:05 401480 ----a-w- c:\program files\Novatel Wireless\Mobilink\Lite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 15:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Program Files\\WinSec\\Super Email Sender\\XMailer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [06/11/2009 12:00 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [07/06/2009 17:03 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [07/06/2009 17:03 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [07/06/2009 17:03 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [07/06/2009 17:03 297752]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [04/05/2010 00:59 304464]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [03/04/2010 00:57 1201640]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [27/05/2008 12:11 598856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/05/2010 00:59 20952]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/10/2007 16:04 99200]
.
Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]

2010-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2708166369-2255311316-2520956664-1006Core.job
- c:\documents and settings\Christos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-22 11:39]

2010-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2708166369-2255311316-2520956664-1006UA.job
- c:\documents and settings\Christos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-22 11:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/learnmore/learnmore.asp?close=true&lcode=en-us
uInternet Settings,ProxyServer = 216.218.211.56:80
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Christos\Application Data\Mozilla\Firefox\Profiles\qdyk16uj.default\
FF - prefs.js: browser.startup.homepage - mail.google.com
FF - prefs.js: network.proxy.ftp - 216.218.211.56
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 216.218.211.56
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 216.218.211.56
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 216.218.211.56
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 216.218.211.56
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\Christos\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 23:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(3992)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-08 23:27:19
ComboFix-quarantined-files.txt 2010-05-08 22:26
ComboFix2.txt 2010-04-04 17:36

Pre-Run: 15,233,167,360 bytes free
Post-Run: 15,214,133,248 bytes free

- - End Of File - - E899E0A51DEF803B12FC914D599576ED

#4 Blade

Strong in the Bleepforce

Site Admin
12,704 posts
OFFLINE

Gender:Male
Location:US
Local time:10:08 AM

Posted 11 May 2010 - 05:04 AM

Hello Caeji1

QUOTE

I was looking through the forum and saw people that seemed to have a similar problem with me.

This is a rather dangerous practice, for a couple reasons. Many infections may have similar symptoms, but can be substantially different in their construction and thus require different removal methods. It takes a good deal of training to be able to correctly identify some of these infections, and attempting an improper removal can sometimes cause a number of problems, including rendering your computer unable to start correctly. Additionally, each computer is different, and considerations must be made in the preparation of a fix to cause the least amount of disturbance to the machine. Thankfully, all the tools you ran (with the exception of ComboFix) were scan-only tools designed to gather information.

***************************************************

QUOTE

However I had initial problems getting ComboFix to run. When I double-clicked on it I got the following error messages "Error - Win32 only
Incompatible OS. ComboFix only works for workstations with Windows 2000 and XP

3278822FWJFW\hidec.exe
Windows cannot find '3278822FWJFW\hidec.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start Button, and then click Search."

It eventually ran though.

A couple things here. First, the errors you mention. Did they all occur immediately upon trying to run ComboFix? Did they all appear at the same time, or did one appear, and then another appear on another occasion?

Secondly. . . Am I correct in assuming that this is a home computer, and is not connected to any sort of non-personal network (corporate or otherwise).

Finally. . . you mentioned that ComboFix "eventually ran." Did you do something specific to get ComboFix to run?

***************************************************

Next, the scans show that you have a lot of proxy settings set up. . . . all dealing with this IP address - 216.218.211.56
Are you aware of this? What is it's purpose?

***************************************************

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link--> Virustotal

When the VirusTotal page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\windows\system32\8A8AA5DF67.sys

Please post back the URL of the results page for each file in your next post.

If VirusTotal is busy, try the same at Jotti

~Blade

In your next reply, please include the following:
Answers to the above questions
VirusTotal/Jotti scan result URL

Edited by Blade Zephon, 11 May 2010 - 05:05 AM.

#5 Caeji1

Topic Starter

Members
18 posts
OFFLINE

Local time:02:08 PM

Posted 11 May 2010 - 07:01 AM

Blake,
Thanks a lot for your help. I was beginning to feel you were too busy when I did not hear from you. Once again thanks.
To your questions:
yes the errors occurred when i clicked on the combofix icon. the error-win32 one came first followed by the hidec.exe error. yes it is a home computer. the only outside connection is my internet link. No I did nothing to ComboFix. I just left it . After the error messages what looks like a MS-DOS window came up and showed that it was scanning.
I am aware of the proxy. I was using it to connect to the net. if its a problem i can remove it.

These are the URL from virustotal and jotti:

http://www.virustotal.com/analisis/057a62f...46b2-1273577646

http://virusscan.jotti.org/en-GB/scanresul...0363761dcee8f85

Caeji

#6 Caeji1

Topic Starter

Members
18 posts
OFFLINE

Local time:02:08 PM

Posted 11 May 2010 - 07:02 AM

BTW i assume that after the scan i can set the hidden files settings back?

#7 Blade

Strong in the Bleepforce

Site Admin
12,704 posts
OFFLINE

Gender:Male
Location:US
Local time:10:08 AM

Posted 11 May 2010 - 07:42 AM

Hi Caeji1

Please leave hidden files visible until we're finished. . . at the end we'll re-hide them.

***************************************************

You must first verify that you can logon to the Windows Recovery Console.
To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

How to install and use the Windows XP Recovery Console

Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat

You will see 1 file copied many times then return to the x:\windows> prompt.
Type Exit to restart your computer then logon in normal mode.

Once fully booted

Click on start
select Run...
enter "%userprofile%\Desktop\maxlook.exe" -sig and hit enter
a blue window will open. Please make sure that you are connected to the internet while the blue window is open.
Once it is finished a log file will open. Please save that log and post the content in your next reply.

If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.

~Blade

In your next reply, please include the following:
maxlook log

#8 Caeji1

Topic Starter

Members
18 posts
OFFLINE

Local time:02:08 PM

Posted 11 May 2010 - 03:14 PM

Blake,
This is the log you requested. BTW when I ran the maxlook and tried to shut down I got an error message titled AUSUpdateWTitle. It was ending program AUSUpdateWTitle. Then it said the program was not responding and that ending it could cause unsaved data to be lost. I ended it and when I rebooted the system hung. I had to force a shutdown and reboot.

CODE

Run from C:\Documents and Settings\Christos\Desktop\maxlook.exe on 11/05/2010 at 19:56:27.70

--------- maxlook unsigned files ---------

c:\windows\maxdriver\asctrm.sys:
    Verified:    Unsigned
    File date:    11:04 15/05/2006
    Publisher:    Windows (R) 2000 DDK provider
    Description:    TR Manager
    Product:    Windows (R) 2000 DDK driver
    Version:    5.00.2195.1
    File version:    5.00.2195.1
c:\windows\maxdriver\BCMWLNPF.SYS:
    Verified:    Unsigned
    File date:    15:08 19/12/2005
    Publisher:    CACE Technologies
    Description:    npf
    Product:    WinPcap Netgroup Packet Filter Driver
    Version:    3, 1, 0, 27
    File version:    3, 1, 0, 27
c:\windows\maxdriver\DLACDBHM.SYS:
    Verified:    Unsigned
    File date:    12:16 25/08/2005
    Publisher:    Sonic Solutions
    Description:    Shared Driver Component
    Product:    n/a
    Version:    n/a
    File version:    5.20.01a
c:\windows\maxdriver\DLARTL_N.SYS:
    Verified:    Unsigned
    File date:    12:16 25/08/2005
    Publisher:    Sonic Solutions
    Description:    Shared Driver Component
    Product:    n/a
    Version:    n/a
    File version:    5.20.01a
c:\windows\maxdriver\DRVMCDB.SYS:
    Verified:    Unsigned
    File date:    03:30 12/09/2005
    Publisher:    Sonic Solutions
    Description:    Device Driver
    Product:    n/a
    Version:    n/a
    File version:    3.30.04a
c:\windows\maxdriver\DRVNDDM.SYS:
    Verified:    Unsigned
    File date:    05:20 12/08/2005
    Publisher:    Sonic Solutions
    Description:    Device Driver Manager
    Product:    n/a
    Version:    n/a
    File version:    5.20.00a
c:\windows\maxdriver\pxhelp20.sys:
    Verified:    Unsigned
    File date:    02:03 25/04/2005
    Publisher:    Sonic Solutions
    Description:    Px Engine Device Driver for Windows 2000/XP
    Product:    PxHelp20
    Version:    n/a
    File version:    2.03.32a
c:\windows\maxdriver\StMp3Rec.sys:
    Verified:    Unsigned
    File date:    20:32 18/12/2004
    Publisher:    Generic
    Description:    Generic MP3 Player USB Driver
    Product:    Generic MP3 Player
    Version:    139, 0, 551, 1
    File version:    1, 551, 0, 139

--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\asctrm.sys:
    Verified:    Unsigned
    File date:    11:04 15/05/2006
    Publisher:    Windows (R) 2000 DDK provider
    Description:    TR Manager
    Product:    Windows (R) 2000 DDK driver
    Version:    5.00.2195.1
    File version:    5.00.2195.1
c:\windows\system32\drivers\BCMWLNPF.SYS:
    Verified:    Unsigned
    File date:    15:08 19/12/2005
    Publisher:    CACE Technologies
    Description:    npf
    Product:    WinPcap Netgroup Packet Filter Driver
    Version:    3, 1, 0, 27
    File version:    3, 1, 0, 27
c:\windows\system32\drivers\DLACDBHM.SYS:
    Verified:    Unsigned
    File date:    12:16 25/08/2005
    Publisher:    Sonic Solutions
    Description:    Shared Driver Component
    Product:    n/a
    Version:    n/a
    File version:    5.20.01a
c:\windows\system32\drivers\DLARTL_N.SYS:
    Verified:    Unsigned
    File date:    12:16 25/08/2005
    Publisher:    Sonic Solutions
    Description:    Shared Driver Component
    Product:    n/a
    Version:    n/a
    File version:    5.20.01a
c:\windows\system32\drivers\DRVMCDB.SYS:
    Verified:    Unsigned
    File date:    03:30 12/09/2005
    Publisher:    Sonic Solutions
    Description:    Device Driver
    Product:    n/a
    Version:    n/a
    File version:    3.30.04a
c:\windows\system32\drivers\DRVNDDM.SYS:
    Verified:    Unsigned
    File date:    05:20 12/08/2005
    Publisher:    Sonic Solutions
    Description:    Device Driver Manager
    Product:    n/a
    Version:    n/a
    File version:    5.20.00a
c:\windows\system32\drivers\pxhelp20.sys:
    Verified:    Unsigned
    File date:    02:03 25/04/2005
    Publisher:    Sonic Solutions
    Description:    Px Engine Device Driver for Windows 2000/XP
    Product:    PxHelp20
    Version:    n/a
    File version:    2.03.32a
c:\windows\system32\drivers\StMp3Rec.sys:
    Verified:    Unsigned
    File date:    20:32 18/12/2004
    Publisher:    Generic
    Description:    Generic MP3 Player USB Driver
    Product:    Generic MP3 Player
    Version:    139, 0, 551, 1
    File version:    1, 551, 0, 139

#9 Blade

Strong in the Bleepforce

Site Admin
12,704 posts
OFFLINE

Gender:Male
Location:US
Local time:10:08 AM

Posted 13 May 2010 - 10:46 PM

Hello Caeji1

Sorry for the delay. . . have been investigating this issue.

Before we start fixing anything you should print out these instructions. Then, please close all running programs, and do not run any programs other than those specified until all steps have been completed. If you need to use your web browser to download a program, be sure to close it after the download, but before running the program.

For the remainder of our time working together please remove your proxy connection to the Internet. We want to minimize the number of possible contributing factors while we troubleshoot.

***************************************************

Download TFC by OldTimer to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
Close any open windows.

Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job.

Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

NOTE:
It's normal after running TFC cleaner that the PC will be slower to boot the first time.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

***************************************************

Next, please completely uninstall Firefox. We will reinstall it shortly. Ensure that the Firefox directory in C:\Program Files, has been deleted. Then, reboot the computer

***************************************************

Now, please reinstall Firefox by downloading the latest version from here. (You'll need to use Internet Explorer to do this obviously.)

***************************************************

Your Adobe Reader is out of date. Please uninstall it through Add/Remove Programs and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

~Blade

In your next reply, please include the following:
Are you still getting the redirects?

Edited by Blade Zephon, 18 May 2010 - 03:32 AM.

#10 Blade

Strong in the Bleepforce

Site Admin
12,704 posts
OFFLINE

Gender:Male
Location:US
Local time:10:08 AM

Posted 17 May 2010 - 08:27 PM

Are you still there?

#11 Caeji1

Topic Starter

Members
18 posts
OFFLINE

Local time:02:08 PM

Posted 18 May 2010 - 03:19 AM

Hi Blade,
Sorry for the delay. I have been away for a while and could not connect to the net. I did everything you requested besides the Adobe Reader thing. I could not get the download to work from the adobe site. So I have updated my current version. I hope that is good enough. As for the redirects they seem to have stopped. Thanks for that.
However, my CPU still shows 100% usage even when I have just rebooted the system and the computer still seems kind of slow. Any ideas?
Caeji

#12 Blade

Strong in the Bleepforce

Site Admin
12,704 posts
OFFLINE

Gender:Male
Location:US
Local time:10:08 AM

Posted 18 May 2010 - 03:31 AM

Hi Caeji.

Could you please use Task Manager to determine which process appears to be using all your CPU?

#13 Caeji1

Topic Starter

Members
18 posts
OFFLINE

Local time:02:08 PM

Posted 18 May 2010 - 06:15 AM

Hi Blade,
The biggest users at the moment are:
Opera 262,268k
Firefox 206,372k
System 96,616k
Mbamservice.exe 58,284k
then there are about 10 svchost.exe (whatever that is) running...

#14 Blade

Strong in the Bleepforce

Site Admin
12,704 posts
OFFLINE

Gender:Male
Location:US
Local time:10:08 AM

Posted 18 May 2010 - 06:49 AM

Let's do a comprehensive scan to check for remaining malware on the machine. Please be aware that this scan will take some time to run.

Please go to the Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply .

~Blade

In your next reply, please include the following:
Kaspersky Scan

Edited by Blade Zephon, 18 May 2010 - 06:58 AM.

#15 Caeji1

Topic Starter

Members
18 posts
OFFLINE

Local time:02:08 PM

Posted 18 May 2010 - 09:34 AM

Blade,
I did an Eset Online scan earlier and all it picked up was one threat. This is the log it produced:
C:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent application
Is it still necessary to do the other scan?
Caeji