Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Website Redirections and Tabs Opening in Firefox


  • This topic is locked This topic is locked
16 replies to this topic

#1 thunderstruck!

thunderstruck!

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:46 AM

Posted 23 May 2010 - 01:12 AM

Hey, smile.gif

I recently got the annoying rogue 'Internet Security 2010' on the my computer...
I managed to get rid of it with rkill and MBAM but i still think somethings on my comp

On firefox, sites will be redircted and random tabs will open automatically.

I have:
AVG Anti-Virus Free 9.0
MBAM
Spybot
Ad-Aware

None of these programs have picked up anything
(Ad-Aware has picked up some cookies e.g. advertis, atdmt)
But it hasn't gotten rid of the redirecting problem...
What is it and can it be removed?

Thanks for the help!

Here's the DDS:



C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vigilia\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [CTCheck] c:\program files\creative\creative zen\zen media explorer\CTCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\vigilia\startm~1\programs\startup\speedfan.lnk - c:\program files\speedfan\speedfan.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\vigilia\applic~1\mozilla\firefox\profiles\f49eml2r.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - );user_pref(yahoo.homepage.dontask, truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-17 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-18 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-18 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-18 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-12 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-10-23 12672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1314704]
S3 CLPCIID;CLPCIID;c:\program files\cyberlink\powerdvd\clpciid.sys [2009-11-25 24772]

=============== Created Last 30 ================

2010-05-24 03:51:38 362 ----a-w- c:\documents and settings\vigilia\defogger_reenable
2010-05-24 03:17:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-19 06:00:53 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-18 10:42:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-18 10:42:03 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-18 10:38:35 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-18 10:37:08 0 d-----w- c:\program files\Lavasoft
2010-05-18 09:01:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 09:01:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-13 05:07:25 0 d-sh--w- c:\windows\ftpcache
2010-05-12 06:40:55 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-10 03:30:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-10 03:30:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-04-22 04:29:22 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 07:33:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-10 08:02:04 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 06:12:23 662016 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12:17 81920 ----a-w- c:\windows\system32\ieencode.dll

============= FINISH: 16:01:43.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:46 PM

Posted 25 May 2010 - 09:59 AM

Hi thunderstruck!, and welcome to Bleeping Computer.

Firstly,
Please restore your Proxy settings as they have been modified by malware...
To do this:
In Internet Explorer: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings".
In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection.

Secondly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Thirdly,
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 thunderstruck!

thunderstruck!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:46 AM

Posted 26 May 2010 - 05:16 AM

Hey, Thanks snemelk for your help...

I fixed the internet Proxy settings i think...

I updated Malwarebyte's Anti-Malware and it found nothing...here's the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4144

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

26/05/2010 19:39:34
mbam-log-2010-05-26 (19-39-34).txt

Scan type: Quick scan
Objects scanned: 126576
Time elapsed: 28 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


By the way, do i need to download hijack this or will a fresh DDS log be enough?



#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:46 PM

Posted 26 May 2010 - 11:34 AM

Hi again thunderstruck!!!.. smile.gif

QUOTE(thunderstruck! @ May 26 2010, 12:16 PM) View Post
By the way, do i need to download hijack this or will a fresh DDS log be enough?

Nope, I've asked you to run OTL.exe in my previous post!.. smile.gif
Do a scan with OTL.exe as instructed and post the logfiles...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 thunderstruck!

thunderstruck!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:46 AM

Posted 27 May 2010 - 02:42 AM

Hey snemelk

Sorry about the OTL logs, I just got confused with step 2...
here are the OTL logs...

This is the OTL.txt

OTL logfile created on: 27/05/2010 17:35:00 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Vigilia\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 339.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 6.48 Gb Free Space | 17.39% Space Free | Partition Type: NTFS
Drive D: | 3.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CITI-629A97D524
Current User Name: Vigilia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/27 17:25:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vigilia\Desktop\OTL.exe
PRC - [2010/05/20 22:43:16 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/20 22:43:10 | 001,314,704 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/21 16:29:44 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 16:29:20 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/02 16:46:18 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/01 23:59:01 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/12 19:33:37 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 19:33:32 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 19:33:26 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/12 19:33:25 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/23 21:07:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/08/08 21:49:26 | 003,986,552 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/10/25 12:51:48 | 000,380,928 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2007/07/17 11:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/10/22 18:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2004/08/04 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/07/30 04:08:58 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/20 10:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/05/27 17:25:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vigilia\Desktop\OTL.exe
MOD - [2004/08/04 00:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/20 22:43:10 | 001,314,704 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/12 19:33:32 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/12 19:33:26 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/10/23 21:07:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2002/09/20 10:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/04/21 16:29:22 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/12 19:33:36 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 19:33:25 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/04 03:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/01/18 18:43:37 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/26 20:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2007/01/13 06:33:18 | 005,672,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/09/24 01:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/05/10 10:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/07 09:19:32 | 000,067,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2002/01/17 16:14:54 | 000,024,772 | ---- | M] (CyberLink Corp.) [Kernel | On_Demand | Stopped] -- C:\Program Files\CyberLink\PowerDVD\clpciid.sys -- (CLPCIID)
DRV - [1996/04/03 07:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ober&type=gamenextus"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ober&type=gamenextus"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/21 19:33:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/25 17:57:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/14 23:27:43 | 000,000,000 | ---D | M]

[2009/10/24 14:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vigilia\Application Data\Mozilla\Extensions
[2010/03/24 18:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vigilia\Application Data\Mozilla\Firefox\Profiles\f49eml2r.default\extensions
[2010/05/26 18:59:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/09 15:30:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/09 15:29:45 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/24 07:10:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 07:10:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 07:10:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/04/07 14:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober777234.gif
[2010/03/24 18:03:09 | 000,000,202 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober777234.src

O1 HOSTS File: ([2010/01/18 01:12:47 | 000,373,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12872 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Vigilia\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.152.116 198.142.0.51
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Vigilia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vigilia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/23 13:41:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/01/18 00:48:20 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/27 17:25:05 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vigilia\Desktop\OTL.exe
[2010/05/23 15:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/05/23 14:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/05/17 22:42:15 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/05/17 22:42:03 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/17 22:38:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/17 22:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/17 22:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/05/17 21:01:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/17 21:01:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/14 23:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/12 17:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vigilia\My Documents\Retreat
[2010/05/12 17:07:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/05/12 17:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vigilia\Application Data\U3
[2010/05/11 18:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/10 19:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/10 19:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vigilia\Local Settings\Application Data\raachdgme
[2010/05/09 15:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/09 15:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/09 15:30:29 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/09 15:30:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/09 15:30:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/09 15:30:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/09 15:30:29 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/09 15:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/09 15:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vigilia\Application Data\Sun
[2010/05/02 20:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vigilia\Desktop\Retreat '10
[2010/04/27 23:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vigilia\My Documents\Video Converter
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Vigilia\My Documents\*.tmp files -> C:\Documents and Settings\Vigilia\My Documents\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/27 17:31:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vigilia\Local Settings\Application Data\prvlcl.dat
[2010/05/27 17:28:01 | 000,015,126 | -HS- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Folder.jpg
[2010/05/27 17:28:01 | 000,015,126 | -HS- | M] () -- C:\Documents and Settings\Vigilia\My Documents\AlbumArt_{8EEE80FC-C8CB-4D86-AAD3-109D515B010C}_Large.jpg
[2010/05/27 17:27:54 | 000,002,754 | -HS- | M] () -- C:\Documents and Settings\Vigilia\My Documents\AlbumArtSmall.jpg
[2010/05/27 17:27:54 | 000,002,754 | -HS- | M] () -- C:\Documents and Settings\Vigilia\My Documents\AlbumArt_{8EEE80FC-C8CB-4D86-AAD3-109D515B010C}_Small.jpg
[2010/05/27 17:26:42 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/27 17:25:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vigilia\Desktop\OTL.exe
[2010/05/27 17:15:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/27 17:14:41 | 060,422,530 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/27 17:08:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/27 17:08:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/26 23:55:37 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Vigilia\NTUSER.DAT
[2010/05/26 23:55:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Vigilia\ntuser.ini
[2010/05/26 00:10:46 | 000,070,765 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\25th may 10.rtf
[2010/05/26 00:06:47 | 000,012,545 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\eng ext oral crime.docx
[2010/05/26 00:03:09 | 000,014,289 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Dead Famous quotes.docx
[2010/05/25 18:11:17 | 002,082,776 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Miss Misery - Nazareth.mp3
[2010/05/25 17:42:40 | 001,304,554 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Answers - Steve Vai.mp3
[2010/05/24 01:51:35 | 000,086,550 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\23rd May 10 - re assignment lol.rtf
[2010/05/24 01:51:10 | 000,017,089 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\bro co 23 may.rtf
[2010/05/24 01:46:23 | 000,021,352 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\re st paul assignment final.docx
[2010/05/24 01:31:09 | 000,021,245 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Religion assessment task 3.docx
[2010/05/24 00:42:46 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\re bib.doc
[2010/05/23 15:59:46 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Vigilia\Desktop\dds.scr
[2010/05/23 15:52:00 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\Vigilia\defogger_reenable
[2010/05/23 15:50:05 | 000,010,346 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\bleeding comps.docx
[2010/05/23 15:44:55 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Vigilia\Desktop\Defogger.exe
[2010/05/23 15:18:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/22 21:52:32 | 000,099,560 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\22 may 10.rtf
[2010/05/22 20:25:07 | 000,017,281 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\MSGES.docx
[2010/05/22 14:29:34 | 002,072,290 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Jailbreak - ACDC.mp3
[2010/05/22 01:38:40 | 000,013,832 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Extract 2.docx
[2010/05/22 00:59:57 | 001,714,998 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Innocent Eyes - Delta Goodrem.mp3
[2010/05/22 00:34:17 | 000,014,598 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\extract 1.docx
[2010/05/22 00:32:38 | 001,463,266 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\According to You - Orianthi.mp3
[2010/05/22 00:06:56 | 000,013,394 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Letters to Alice Quotes.docx
[2010/05/21 20:48:34 | 001,730,798 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\black Pearls - Eric Sardinas.mp3
[2010/05/20 21:57:32 | 000,012,712 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\religion st paul task scaffold.docx
[2010/05/19 23:27:20 | 000,104,778 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\19th may 10.rtf
[2010/05/19 21:57:40 | 001,562,040 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Caught in the Crowd - Kate Miller-Heidke.mp3
[2010/05/19 21:36:26 | 001,625,012 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\And Then We Saw the Dead Rising - Poisonwood.mp3
[2010/05/18 23:59:35 | 000,021,282 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Business Notes - accounting2.docx
[2010/05/18 23:16:54 | 001,828,392 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Save - The Rocket Summer.mp3
[2010/05/18 23:10:04 | 001,895,438 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Without You - Breaking Benjamin.mp3
[2010/05/18 18:38:05 | 001,635,971 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Next Contestant - Nickelback.mp3
[2010/05/17 22:41:56 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/17 22:41:51 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/17 22:38:31 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/05/17 21:01:27 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/17 00:12:57 | 000,018,495 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Business Notes - accounting.docx
[2010/05/16 22:00:13 | 002,049,930 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\All About Eve - Steve Vai.mp3
[2010/05/16 21:41:54 | 002,015,500 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Dear Agony - Breaking Benjamin.mp3
[2010/05/16 15:14:18 | 001,656,308 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\No More - Three Days Grace.mp3
[2010/05/16 14:57:46 | 001,763,470 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Crawl - Brekaing Benjamin.mp3
[2010/05/15 18:13:18 | 001,146,936 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\edited photos art bow.docx
[2010/05/15 17:14:17 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Vigilia\My Documents\~$siness Notes - accounting.docx
[2010/05/15 15:06:08 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Vigilia\My Documents\~$ited photos art bow.docx
[2010/05/15 00:13:41 | 000,015,185 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Eng assessment scaffold.docx
[2010/05/14 00:20:17 | 004,842,632 | -H-- | M] () -- C:\Documents and Settings\Vigilia\Local Settings\Application Data\IconCache.db
[2010/05/14 00:11:31 | 001,614,396 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Funhouse - Pink.mp3
[2010/05/13 22:05:38 | 000,702,993 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\photos edited for art.docx
[2010/05/12 23:57:47 | 000,231,569 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\12th May 10 - the future.rtf
[2010/05/12 17:18:39 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Vigilia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/12 00:05:18 | 000,173,326 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\11th may 10 - music.rtf
[2010/05/12 00:03:36 | 000,015,484 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\bro convo 11 may 10 - virusss.rtf
[2010/05/12 00:00:23 | 000,016,857 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Attitudes to Marriage.docx
[2010/05/11 21:06:42 | 002,889,366 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\You Shook Me - Led Zeppelin.mp3
[2010/05/11 19:24:39 | 000,016,492 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\pp quotes.docx
[2010/05/11 18:23:49 | 000,170,062 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\ex 4.8 solutions.pdf
[2010/05/09 23:44:06 | 000,012,019 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Education of Women.docx
[2010/05/09 22:24:27 | 002,032,858 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\allison.docx
[2010/05/09 21:21:33 | 000,011,880 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Hildegard of Bingen.docx
[2010/05/09 15:29:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/09 15:29:44 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/09 15:29:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/09 15:29:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/09 15:29:44 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/09 15:00:11 | 000,021,413 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Vfams Booklist.docx
[2010/05/08 20:40:52 | 000,011,928 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Holly and Vfam's hilarious moments.docx
[2010/05/07 23:07:06 | 000,012,493 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Pride and Prejudice essay for dom.docx
[2010/05/06 23:31:02 | 000,145,388 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\6th may 10.rtf
[2010/05/06 20:43:21 | 000,014,067 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\vfam's Bucket List.docx
[2010/05/04 22:47:33 | 000,015,619 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\P n P chap analysis.docx
[2010/05/04 00:29:08 | 000,012,535 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Religion Hw chrisrian ethics.docx
[2010/05/04 00:27:40 | 012,566,932 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\09 Young Americans [Remix].mp3
[2010/05/04 00:17:36 | 009,931,876 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\06 Jean Genie.mp3
[2010/05/04 00:17:35 | 008,730,232 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\12 Heroes.mp3
[2010/05/04 00:12:03 | 000,011,066 | -HS- | M] () -- C:\Documents and Settings\Vigilia\My Documents\AlbumArt_{20DB9E78-A979-41F6-ACC3-7E27E66B9207}_Large.jpg
[2010/05/04 00:12:03 | 000,002,886 | -HS- | M] () -- C:\Documents and Settings\Vigilia\My Documents\AlbumArt_{20DB9E78-A979-41F6-ACC3-7E27E66B9207}_Small.jpg
[2010/05/02 23:58:41 | 000,014,125 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Evaluate contributions of St Paul to Christianity.docx
[2010/05/02 17:43:26 | 000,196,559 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\ex 4.7 solutions.pdf
[2010/05/01 16:09:35 | 009,557,080 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\01 The Boy in the Bubble.mp3
[2010/05/01 16:09:34 | 003,344,034 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\06 I'm Holdin' on to Love (To Save My Life).wma
[2010/05/01 16:03:02 | 000,006,344 | -HS- | M] () -- C:\Documents and Settings\Vigilia\My Documents\AlbumArt_{465F96DE-8680-4BAE-BB24-EE2FB727E700}_Large.jpg
[2010/05/01 16:03:02 | 000,001,844 | -HS- | M] () -- C:\Documents and Settings\Vigilia\My Documents\AlbumArt_{465F96DE-8680-4BAE-BB24-EE2FB727E700}_Small.jpg
[2010/05/01 15:59:30 | 000,010,087 | -HS- | M] () -- C:\Documents and Settings\Vigilia\My Documents\AlbumArt_{DF13C2E2-61B4-419B-A8A9-C33C44E733D6}_Large.jpg
[2010/05/01 15:59:28 | 000,002,593 | -HS- | M] () -- C:\Documents and Settings\Vigilia\My Documents\AlbumArt_{DF13C2E2-61B4-419B-A8A9-C33C44E733D6}_Small.jpg
[2010/05/01 00:31:13 | 000,015,917 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Hamlet essay for dom.docx
[2010/04/30 20:35:25 | 002,345,394 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\Texas Flood - Stevie Ray Vaughan.mp3
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 00:23:19 | 000,093,353 | ---- | M] () -- C:\Documents and Settings\Vigilia\My Documents\27th april 10 - before yr 12 retreat.rtf
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Vigilia\My Documents\*.tmp files -> C:\Documents and Settings\Vigilia\My Documents\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/26 00:10:46 | 000,070,765 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\25th may 10.rtf
[2010/05/25 23:36:10 | 000,012,545 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\eng ext oral crime.docx
[2010/05/24 01:51:35 | 000,086,550 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\23rd May 10 - re assignment lol.rtf
[2010/05/24 01:51:09 | 000,017,089 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\bro co 23 may.rtf
[2010/05/24 01:31:40 | 000,021,352 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\re st paul assignment final.docx
[2010/05/24 00:37:51 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\re bib.doc
[2010/05/23 15:59:45 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Vigilia\Desktop\dds.scr
[2010/05/23 15:51:38 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\Vigilia\defogger_reenable
[2010/05/23 15:50:05 | 000,010,346 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\bleeding comps.docx
[2010/05/23 15:44:54 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Vigilia\Desktop\Defogger.exe
[2010/05/23 15:17:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/22 21:46:17 | 000,099,560 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\22 may 10.rtf
[2010/05/22 00:39:52 | 000,013,832 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\Extract 2.docx
[2010/05/21 22:01:35 | 000,014,598 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\extract 1.docx
[2010/05/20 21:57:31 | 000,012,712 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\religion st paul task scaffold.docx
[2010/05/19 23:27:20 | 000,104,778 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\19th may 10.rtf
[2010/05/18 20:46:38 | 000,021,282 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\Business Notes - accounting2.docx
[2010/05/18 18:00:53 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/17 22:44:46 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/17 22:38:31 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/05/17 21:01:27 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/15 17:14:17 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Vigilia\My Documents\~$siness Notes - accounting.docx
[2010/05/15 17:14:16 | 000,018,495 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\Business Notes - accounting.docx
[2010/05/15 15:06:08 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Vigilia\My Documents\~$ited photos art bow.docx
[2010/05/15 15:06:04 | 001,146,936 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\edited photos art bow.docx
[2010/05/14 20:46:31 | 000,015,185 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\Eng assessment scaffold.docx
[2010/05/13 19:25:11 | 000,702,993 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\photos edited for art.docx
[2010/05/12 23:57:46 | 000,231,569 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\12th May 10 - the future.rtf
[2010/05/12 21:27:09 | 000,021,245 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\Religion assessment task 3.docx
[2010/05/12 00:05:17 | 000,173,326 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\11th may 10 - music.rtf
[2010/05/12 00:03:36 | 000,015,484 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\bro convo 11 may 10 - virusss.rtf
[2010/05/11 18:23:47 | 000,170,062 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\ex 4.8 solutions.pdf
[2010/05/11 16:10:54 | 000,016,857 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\Attitudes to Marriage.docx
[2010/05/09 20:46:46 | 000,011,880 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\Hildegard of Bingen.docx
[2010/05/09 15:06:56 | 000,012,019 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\Education of Women.docx
[2010/05/09 13:45:04 | 000,013,394 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\Letters to Alice Quotes.docx
[2010/05/08 17:34:49 | 002,032,858 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\allison.docx
[2010/05/07 20:05:47 | 000,012,493 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\Pride and Prejudice essay for dom.docx
[2010/05/07 17:47:13 | 000,014,289 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\Dead Famous quotes.docx
[2010/05/06 23:31:02 | 000,145,388 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\6th may 10.rtf
[2010/05/06 00:00:25 | 000,016,492 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\pp quotes.docx
[2010/05/04 21:06:32 | 000,015,619 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\P n P chap analysis.docx
[2010/05/03 20:56:01 | 000,012,535 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\Religion Hw chrisrian ethics.docx
[2010/05/02 17:43:26 | 000,196,559 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\ex 4.7 solutions.pdf
[2010/05/02 17:33:28 | 000,014,125 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\Evaluate contributions of St Paul to Christianity.docx
[2010/05/01 16:03:06 | 000,006,344 | -HS- | C] () -- C:\Documents and Settings\Vigilia\My Documents\AlbumArt_{465F96DE-8680-4BAE-BB24-EE2FB727E700}_Large.jpg
[2010/05/01 16:03:06 | 000,001,844 | -HS- | C] () -- C:\Documents and Settings\Vigilia\My Documents\AlbumArt_{465F96DE-8680-4BAE-BB24-EE2FB727E700}_Small.jpg
[2010/05/01 15:59:31 | 000,010,087 | -HS- | C] () -- C:\Documents and Settings\Vigilia\My Documents\AlbumArt_{DF13C2E2-61B4-419B-A8A9-C33C44E733D6}_Large.jpg
[2010/05/01 15:59:31 | 000,002,593 | -HS- | C] () -- C:\Documents and Settings\Vigilia\My Documents\AlbumArt_{DF13C2E2-61B4-419B-A8A9-C33C44E733D6}_Small.jpg
[2010/04/28 00:23:19 | 000,093,353 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\27th april 10 - before yr 12 retreat.rtf
[2010/04/27 18:03:55 | 003,344,034 | ---- | C] () -- C:\Documents and Settings\Vigilia\My Documents\06 I'm Holdin' on to Love (To Save My Life).wma
[2010/01/17 23:58:04 | 000,000,145 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/25 20:35:43 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/10/23 21:29:34 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/10/23 20:04:56 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/10/23 20:04:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2004/08/04 00:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1996/04/03 07:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/27 17:08:25 | 000,003,804 | ---- | M] () -- C:\aaw7boot.log
[2009/10/23 13:41:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/18 00:43:32 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/10/23 13:41:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/12/30 15:58:37 | 001,962,870 | ---- | M] () -- C:\dad mas.jpg
[2009/10/23 13:41:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/23 13:41:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 00:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/10/24 04:10:41 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/27 17:08:26 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/02/25 18:12:16 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/02/25 18:12:17 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/01/17 12:25:59 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/01/18 00:14:54 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/01/17 12:25:59 | 022,282,240 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/01/17 12:25:59 | 005,767,168 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/12 19:33:25 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/03/12 19:33:36 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/04/21 16:29:22 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/05/17 22:41:56 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB338B9
< End of report >


#6 thunderstruck!

thunderstruck!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:46 AM

Posted 27 May 2010 - 02:43 AM

...and this is the Extras.Txt

OTL Extras logfile created on: 27/05/2010 17:35:00 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Vigilia\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 339.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 6.48 Gb Free Space | 17.39% Space Free | Partition Type: NTFS
Drive D: | 3.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CITI-629A97D524
Current User Name: V
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5300" = Canon iP5300
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom NetXtreme Ethernet Controller
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114070993}" = Family Restaurant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Age of Empires" = Microsoft Age of Empires
"AVG9Uninstall" = AVG Free 9.0
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"SpeedFan" = SpeedFan (remove only)
"SysInfo" = Creative System Information
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/01/2010 01:53:47 | Computer Name = CITI-629A97D524 | Source = Application Hang | ID = 1002
Description = Hanging application Photoshop.exe, version 10.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15/01/2010 04:09:38 | Computer Name = CITI-629A97D524 | Source = Application Error | ID = 1000
Description = Faulting application war3_install.exe, version 1.5.0.0, faulting module
war3_install.exe, version 1.5.0.0, fault address 0x0000e48a.

Error - 15/01/2010 09:30:51 | Computer Name = CITI-629A97D524 | Source = Application Error | ID = 1000
Description = Faulting application powerdvd.exe, version 4.0.0.1308, faulting module
pwrdvdx.dll, version 0.0.0.0, fault address 0x000805b6.

Error - 17/01/2010 07:48:29 | Computer Name = CITI-629A97D524 | Source = Application Error | ID = 1000
Description = Faulting application powerdvd.exe, version 4.0.0.1308, faulting module
pwrdvdx.dll, version 0.0.0.0, fault address 0x000805b6.

Error - 19/01/2010 06:11:23 | Computer Name = CITI-629A97D524 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, faulting module
msvcr80.dll, version 8.0.50727.4053, fault address 0x0004f029.

Error - 27/01/2010 19:50:05 | Computer Name = CITI-629A97D524 | Source = Application Hang | ID = 1002
Description = Hanging application DEMO32.EXE, version 7.53.100.1011, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 27/01/2010 19:53:41 | Computer Name = CITI-629A97D524 | Source = Application Hang | ID = 1002
Description = Hanging application DEMO32.EXE, version 7.53.100.1011, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/01/2010 05:48:59 | Computer Name = CITI-629A97D524 | Source = Application Error | ID = 1000
Description = Faulting application powerdvd.exe, version 4.0.0.1308, faulting module
pwrdvdx.dll, version 0.0.0.0, fault address 0x000805b6.

Error - 30/01/2010 07:39:34 | Computer Name = CITI-629A97D524 | Source = Application Error | ID = 1000
Description = Faulting application powerdvd.exe, version 4.0.0.1308, faulting module
pwrdvdx.dll, version 0.0.0.0, fault address 0x000805b6.

Error - 22/02/2010 05:01:30 | Computer Name = CITI-629A97D524 | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8089.726, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 26/05/2010 05:29:51 | Computer Name = CITI-629A97D524 | Source = Service Control Manager | ID = 7000
Description = The Themes service failed to start due to the following error: %%1053

Error - 27/05/2010 02:46:09 | Computer Name = CITI-629A97D524 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 27/05/2010 02:46:09 | Computer Name = CITI-629A97D524 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 27/05/2010 02:47:09 | Computer Name = CITI-629A97D524 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Themes service to connect.

Error - 27/05/2010 02:47:09 | Computer Name = CITI-629A97D524 | Source = Service Control Manager | ID = 7000
Description = The Themes service failed to start due to the following error: %%1053

Error - 27/05/2010 02:47:56 | Computer Name = CITI-629A97D524 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 27/05/2010 02:47:58 | Computer Name = CITI-629A97D524 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 28/05/2010 01:08:31 | Computer Name = CITI-629A97D524 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 28/05/2010 01:08:31 | Computer Name = CITI-629A97D524 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 28/05/2010 01:18:29 | Computer Name = CITI-629A97D524 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >


#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:46 PM

Posted 27 May 2010 - 11:55 AM

Hi again thunderstruck!!!.. smile.gif

QUOTE(thunderstruck! @ May 27 2010, 09:42 AM) View Post
Sorry about the OTL logs, I just got confused with step 2...

Ahh, my bad - outdated canned speech, sorry...

Ok, logfiles look clean to me - we'll only remove a few leftovers... Does any problem persist??..

Also, have you already tried running Gmer as instructed in the Preparation Guide??.. If no, please run it and post the logfile... If yes, and it crashes, please run it with only boxes for Sections and your drive (c:\) checked...

Then,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O4 - HKLM..\Run: [] File not found
    [2010/05/10 19:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vigilia\Local Settings\Application Data\raachdgme
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 thunderstruck!

thunderstruck!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:46 AM

Posted 30 May 2010 - 08:12 AM

Hey snemelk,
Sorry for the late reply, I had stuff going on.
I tried to do a gmer scan but it just slows my computer down 1000 percent and then it crashes. sad.gif

I can attach the OTL though

I still have the website redirections/random tabs opening and sometimes when i boot up the computer i can't connect to the internet. It says my IP is invalid.
But I don't know it it's related to anything. Other then that, nothing else is wrong

Thanks for your help...






#9 thunderstruck!

thunderstruck!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:46 AM

Posted 30 May 2010 - 08:15 AM

Sorry, here's the attached OTL

Attached Files



#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:46 PM

Posted 30 May 2010 - 08:44 AM

Hi again thunderstruck!!!.. smile.gif

QUOTE(thunderstruck! @ May 30 2010, 03:12 PM) View Post
Sorry for the late reply, I had stuff going on.

No problem!..

QUOTE
I still have the website redirections/random tabs opening and sometimes when i boot up the computer i can't connect to the internet. It says my IP is invalid.

Ok, so we really need an antirootkit scan here... Please do the following:

Please re-run Gmer application - this time, though, with only boxes for Sections and your drive (c:\) checked... This time it should run without a crash (tell me if it doesn't)... Post the logfile...

Also, do you have a Windows CD??.. It might be needed...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 thunderstruck!

thunderstruck!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:46 AM

Posted 31 May 2010 - 08:02 AM

Hey snemelk!

Just in case I don't manage to get back on the internet,
I managed to run gmer...it came up with quite a bit of stuff before freezing the comp before it could finish
the scan. I think it got stuck because it scanned the gmer zip file on my desktop..i deleted the zip and hopefully
it'll work now...

Just off the top of my head, I remember one file being a redbook...in C: WINDOWS/system 32 or something.

I'll hopefully post the actual gmer log soon. This is just in case I can't reply again tonight.

Thanks once more for all your help!
It's really appreciated

#12 thunderstruck!

thunderstruck!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:46 AM

Posted 01 June 2010 - 06:06 AM

Hey snemelk,

gmer managed to scan a little bit, but then it would just randomly reboot my computer
without actually finishing the scan fully...however, i managed to save a log of what it had
scanned before crashing...

I'll attach it smile.gif

Attached Files



#13 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:46 PM

Posted 01 June 2010 - 12:48 PM

Hi again thunderstruck!!!.. smile.gif

Ok, infection is clearly visible now...
You did not tell me if you have Windows CD... If yes, use method one, if not, use method #2...

Method #1:

This quick fix will require a Windows XP CD...
Please print out this set of instructions or save them in a Notepad. Read the entire post before proceeding, because it will make following the instructions easier.

Firstly,
Go to Start --> Run --> write cmd and click OK...

In the command prompt write (or copy and right-click paste):
copy C:\WINDOWS\system32\drivers\redbook.sys C:\redbook.sys

Then click Enter

Close the command prompt and ensure the file C:\redbook.sys has been created...

If yes, please start the Recovery Console from Windows CD...

Once in Recovery Console, execute the following commands (watch the spaces) in bold - click Enter after every one of them:

ren C:\Windows\system32\DRIVERS\redbook.sys redbook.vir
copy C:\redbook.sys C:\Windows\system32\DRIVERS\redbook.sys
exit


It should reboot automatically - boot into Normal Mode... If these commands were executed properly, infection should be removed now...

Finally, to confirm a successfull removal, please re-run Gmer as instructed earlier - all boxes checked except for ‘Show All’ - and post the logfile... smile.gif..

Method #2:

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Post the log from ComboFix when you've accomplished that.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#14 thunderstruck!

thunderstruck!
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:46 AM

Posted 03 June 2010 - 02:34 AM

Hey snemelk smile.gif

I opted to use conbofix instead of method 1.
Here is the log from combofix.

Thanks once again for your help!

(By the way, what was the infection on my computer?)

Attached Files



#15 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:46 PM

Posted 03 June 2010 - 09:24 AM

Hi again thunderstruck!!!.. smile.gif

QUOTE(thunderstruck! @ Jun 3 2010, 09:34 AM) View Post
(By the way, what was the infection on my computer?)

Logs look ok now!... Well, that was a pretty nasty rootkit infection - described as TDSS, TDL3, Alureon, etc. : Tdss rootkit silently owns the net, Win32/Alureon - probably got into your system by security vulnerabilities in your Windows or outdated programs...

Please do the following:

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Then,
We need to update outdated programs (with security vulnerabilities) on your machine:

- Adobe Acrobat Reader:

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities...
Get the latest update of your 8.0 version: Adobe Reader for Windows or upgrade to version 9 ...

- Mozilla Firefox

Mozilla Firefox (3.5.9) - update it to the latest version: 3.6.3

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

Then,
Please, set up a new System Restore point:

Turn off System Restore

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

The to turn it back on
1. Wait for Windows to finish clearing Restore Points.
2. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.


Please update to Service Pack 3 - link - this is crucial for your computer security! Should be available via Windows Update or as a manual download/install...

Please check my site - snemelk.hekko.pl:
Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users