Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirected/ avast finds: "HTML:IFrame-U [Trj]" , "JS:Pdfka-gen [Expl]" , "Win32:rootkit-gen [Rtk]"


  • This topic is locked This topic is locked
9 replies to this topic

#1 Tizac

Tizac

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 02 September 2010 - 03:32 PM

Avast finds some Trojans running in my C:\Windows\Temp\ and C:\Users\(comp name)\AppData\Local\Temp folders pretty much every day.

Also my browser gets redirected to a diff website when i click on a link (not the intended destination), back and retry clicking sends me to the right location. i am using firefox.

I could not get GMER to work properly all choices were grayed out in the scan except for:

Services
Registry
Files
C:\

ADS


i ran scan anyway, and nothing was found.

when i launch GMER i get a popup stating:

"C:\Windows\system32\config\system: The system cannot find the file specified."



I am posting a Hijack this log at the end just for good measure.

Here is my dds log:


DDS (Ver_10-03-17.01) - NTFSX64
Run by MIKE at 15:49:01.27 on Thu 09/02/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3582.1901 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\lxducoms.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files (x86)\GIGABYTE\Gamer HUD Lite\HUD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\MIKE\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
uRun: [svchost.exe] c:\users\mike\appdata\roaming\microsoft\svchost.exe
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"
mRun: [Lexmark 5600-6600 Series] "c:\program files (x86)\lexmark 5600-6600 series\fm3032.exe" /s
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [BlackBerryAutoUpdate] c:\program files (x86)\common files\research in motion\auto update\RIMAutoUpdate.exe /background
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\gigaby~1.lnk - c:\program files (x86)\gigabyte\gamer hud lite\HUD.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
mRun-x64: [lxdumon.exe] "c:\program files (x86)\lexmark 5600-6600 series\lxdumon.exe"
mRun-x64: [lxduamon] "c:\program files (x86)\lexmark 5600-6600 series\lxduamon.exe"
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - c:\users\mike\appdata\roaming\microsoft\windows\start menu\programs\ub\UB.lnk

================= FIREFOX ===================

FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\pht8d1o6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - component: c:\program files (x86)\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\program files (x86)\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\pht8d1o6.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-2-15 89680]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 173984]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-1-13 202752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-15 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-15 65616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-2-15 138680]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-1-13 6327296]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-1-13 185344]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-2-15 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-2-15 352920]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 202776]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1417240]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 94744]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28ux.sys [2009-8-5 987648]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\drivers\VSTBS26.SYS [2009-7-13 411136]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-4-2 136176]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\x64\3\lxduserv.exe [2009-10-16 29184]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2010-2-26 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-2-26 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 202776]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1417240]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 94744]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A81D.tmp [2010-8-22 6144]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-30 1255736]

=============== Created Last 30 ================

2010-09-02 19:46:21 0 ----a-w- c:\users\mike\defogger_reenable
2010-09-02 19:26:09 0 d-----w- c:\program files (x86)\Trend Micro
2010-08-28 06:30:10 189480 ----a-w- c:\windows\syswow64\PnkBstrB.xtr
2010-08-28 06:15:14 189480 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-08-28 06:15:12 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-08-28 04:11:59 17688 ----a-w- c:\windows\system32\x3daudio1_1.dll
2010-08-28 04:11:59 15128 ----a-w- c:\windows\syswow64\x3daudio1_1.dll
2010-08-25 15:21:10 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-25 15:21:10 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-23 20:53:43 0 d-----w- c:\users\mike\appdata\roaming\UB
2010-08-23 20:53:20 0 d-----w- C:\Poker Application
2010-08-23 02:04:07 0 d-----w- c:\users\mike\appdata\roaming\OverDrive
2010-08-23 02:00:18 0 d-----w- c:\program files (x86)\OverDrive Media Console
2010-08-22 14:57:57 6144 ------w- c:\windows\system32\A81D.tmp
2010-08-22 14:56:22 6144 ------w- c:\windows\system32\35D9.tmp
2010-08-22 14:56:03 0 d-----w- c:\program files (x86)\Sophos
2010-08-22 14:13:46 0 d-----w- c:\program files (x86)\Microsoft Antimalware
2010-08-22 14:13:40 0 d-----w- c:\program files\Microsoft Security Essentials
2010-08-17 00:35:53 40 ----a-w- c:\users\mike\appdata\roaming\cgvhed.dat
2010-08-17 00:35:53 0 d-----w- c:\users\mike\appdata\roaming\Izva
2010-08-17 00:35:53 0 d-----w- c:\users\mike\appdata\roaming\Cyby
2010-08-17 00:35:50 4 ----a-w- c:\users\mike\appdata\roaming\avdrn.dat
2010-08-13 23:41:42 0 d-----w- c:\programdata\vsosdk

==================== Find3M ====================

2010-08-28 06:15:12 794408 ----a-w- c:\windows\syswow64\pbsvc.exe
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-09 23:03:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll
2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-08 05:36:31 1877504 ----a-w- c:\windows\system32\msxml3.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:50:07.78 ===============











Here is the Hijackthis log:




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:28:48 PM, on 9/2/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files (x86)\GIGABYTE\Gamer HUD Lite\HUD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Lexmark 5600-6600 Series] "C:\Program Files (x86)\Lexmark 5600-6600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKCU\..\Run: [svchost.exe] C:\Users\MIKE\AppData\Roaming\Microsoft\svchost.exe
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: GIGABYTE Gamer HUD Lite.lnk = C:\Program Files (x86)\GIGABYTE\Gamer HUD Lite\HUD.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (HKCU)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10231 bytes













I HOPE YOU GUYS CAN HELP ME FIGURE OUT WHATS CAUSING THE REDIRECTS AND INFECTIONS. THANK YOU!!

Regards,

Tizac

Attached Files



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:04 AM

Posted 11 September 2010 - 04:02 PM

Hi Tizac, and welcome to Bleeping Computer.

Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 Tizac

Tizac
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 11 September 2010 - 09:14 PM

OTL logfile created on: 9/11/2010 5:37:41 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\MIKE\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.90 Gb Total Space | 96.30 Gb Free Space | 43.01% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 8.71 Gb Free Space | 99.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKE-PC
Current User Name: MIKE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/11 17:32:15 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\MIKE\Desktop\OTL.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/28 02:15:13 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/08/25 18:18:56 | 001,191,256 | ---- | M] (Research In Motion) -- C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
PRC - [2010/02/04 05:10:48 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe
PRC - [2010/02/04 05:10:44 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2010/01/27 11:34:24 | 000,376,832 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2009/11/12 10:15:50 | 001,678,848 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\Gamer HUD Lite\HUD.exe
PRC - [2009/06/04 01:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2009/06/04 01:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/09/11 17:32:15 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\MIKE\Desktop\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/02/04 04:29:52 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV:64bit: - [2010/02/04 04:17:14 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV:64bit: - [2010/01/13 23:04:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/08/28 02:15:13 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/05/13 10:45:36 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/02/26 16:07:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/02/26 15:32:53 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/02/04 04:29:43 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxducoms.exe -- (lxdu_device)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\A81D.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/09/07 10:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/04/03 01:33:09 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/01/13 23:26:00 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/01/13 23:26:00 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/13 22:10:56 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/11/18 19:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/05 13:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 17:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 19:12:30 | 000,286,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6232e.sys -- (e1express) Intel®
DRV:64bit: - [2009/06/04 03:49:58 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2009/06/04 03:49:42 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009/06/04 03:49:34 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009/06/04 03:49:26 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009/06/04 03:49:18 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009/06/04 03:49:08 | 000,684,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009/06/04 03:49:00 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009/06/04 03:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2009/06/04 03:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2009/06/04 03:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2009/06/04 03:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2009/06/04 03:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2009/06/04 03:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 A3 6B 6F AC 4F CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {DA7B6170-6A7D-4EBA-8B9F-5F4170B33518}:1.9.1
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/04/02 11:37:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/08 15:58:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/08 15:58:46 | 000,000,000 | ---D | M]

[2010/03/20 11:57:18 | 000,000,000 | ---D | M] -- C:\Users\MIKE\AppData\Roaming\Mozilla\Extensions
[2010/09/11 10:26:50 | 000,000,000 | ---D | M] -- C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\pht8d1o6.default\extensions
[2010/09/10 14:32:16 | 000,000,000 | ---D | M] (WOT) -- C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\pht8d1o6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/19 10:43:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\pht8d1o6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/04 02:21:05 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\pht8d1o6.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/09/04 02:18:28 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\pht8d1o6.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2010/08/25 20:58:34 | 000,000,000 | ---D | M] -- C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\pht8d1o6.default\extensions\LogMeInClient@logmein.com
[2010/07/29 19:22:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/21 11:38:11 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [lxduamon] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe ()
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Lexmark 5600-6600 Series] C:\Program Files (x86)\Lexmark 5600-6600 Series\fm3032.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE Gamer HUD Lite.lnk = C:\Program Files (x86)\GIGABYTE\Gamer HUD Lite\HUD.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/09/11 17:32:14 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\MIKE\Desktop\OTL.exe
[2010/09/11 17:31:51 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\MIKE\Desktop\OTL.exe.part
[2010/09/11 10:54:01 | 000,000,000 | ---D | C] -- C:\Users\MIKE\Documents\BlackBerry
[2010/09/11 10:27:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/11 10:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2010/09/10 20:00:18 | 003,427,248 | ---- | C] (Piriform Ltd) -- C:\Users\MIKE\Desktop\ccsetup235.exe
[2010/09/03 13:54:57 | 000,000,000 | ---D | C] -- C:\Users\MIKE\AppData\Roaming\Malwarebytes
[2010/09/03 13:54:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/03 13:54:50 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/03 13:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/03 13:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/03 10:07:55 | 000,472,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010/09/03 10:07:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/03 10:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/03 10:05:45 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\MIKE\Desktop\TFC.exe
[2010/09/03 10:05:08 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\MIKE\Desktop\mbam-setup-1.46.exe
[2010/09/02 15:26:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/28 02:21:39 | 000,000,000 | ---D | C] -- C:\Users\MIKE\Desktop\punk buster
[2010/08/28 00:14:28 | 000,000,000 | ---D | C] -- C:\Users\MIKE\AppData\Local\PunkBuster
[2010/08/28 00:12:15 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010/08/28 00:12:15 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010/08/28 00:12:14 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/08/28 00:12:14 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/08/28 00:12:14 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010/08/28 00:12:14 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/08/28 00:12:11 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010/08/28 00:12:11 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/08/28 00:12:11 | 000,021,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_2.dll
[2010/08/28 00:12:11 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_2.dll
[2010/08/28 00:12:10 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/08/28 00:12:10 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/08/28 00:12:10 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010/08/28 00:12:10 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/08/28 00:12:09 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010/08/28 00:12:09 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/08/28 00:12:07 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010/08/28 00:12:07 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/08/28 00:12:05 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/08/28 00:12:05 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/08/28 00:12:05 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010/08/28 00:12:05 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/08/28 00:12:04 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010/08/28 00:12:04 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/08/28 00:12:03 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010/08/28 00:12:03 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/08/28 00:12:01 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010/08/28 00:12:01 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/08/28 00:12:01 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010/08/28 00:12:01 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/08/28 00:12:00 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/08/28 00:12:00 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/08/28 00:11:59 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/08/28 00:11:59 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/08/25 11:21:10 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/08/23 16:53:43 | 000,000,000 | ---D | C] -- C:\Users\MIKE\AppData\Roaming\UB
[2010/08/23 16:53:20 | 000,000,000 | ---D | C] -- C:\Poker Application
[2010/08/22 22:04:14 | 000,000,000 | ---D | C] -- C:\Users\MIKE\Documents\My Media
[2010/08/22 22:04:07 | 000,000,000 | ---D | C] -- C:\Users\MIKE\AppData\Roaming\OverDrive
[2010/08/22 22:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OverDrive Media Console
[2010/08/22 21:49:47 | 000,000,000 | ---D | C] -- C:\Users\MIKE\Documents\My Digital Editions
[2010/08/22 21:22:49 | 000,000,000 | ---D | C] -- C:\Users\MIKE\Documents\ebooks
[2010/08/22 17:54:07 | 000,000,000 | ---D | C] -- C:\Users\MIKE\Desktop\Barney Stinson
[2010/08/22 11:17:49 | 000,000,000 | ---D | C] -- C:\Users\MIKE\Desktop\tools
[2010/08/22 10:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/08/22 10:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/08/22 10:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/08/16 20:37:33 | 000,000,000 | ---D | C] -- C:\Users\MIKE\AppData\Local\{DA7B6170-6A7D-4EBA-8B9F-5F4170B33518}
[2010/08/16 20:35:53 | 000,000,000 | ---D | C] -- C:\Users\MIKE\AppData\Roaming\Izva
[2010/08/16 20:35:53 | 000,000,000 | ---D | C] -- C:\Users\MIKE\AppData\Roaming\Cyby
[2010/08/13 20:49:11 | 000,000,000 | ---D | C] -- C:\Users\MIKE\Desktop\New folder (3)
[2010/08/13 19:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2010/06/06 11:28:06 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
[2010/06/06 11:28:06 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
[2010/06/06 11:28:06 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
[2010/06/06 11:28:06 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
[2010/06/06 11:28:06 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
[2010/06/06 11:28:06 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
[2010/06/06 11:28:05 | 000,761,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
[2010/06/06 11:28:05 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
[2010/06/06 11:28:05 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
[2010/04/03 01:33:09 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\MIKE\AppData\Roaming\pcouffin.sys
[2009/06/04 01:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/09/11 17:39:45 | 002,883,584 | -HS- | M] () -- C:\Users\MIKE\NTUSER.DAT
[2010/09/11 17:32:15 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\MIKE\Desktop\OTL.exe
[2010/09/11 17:31:56 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\MIKE\Desktop\OTL.exe.part
[2010/09/11 16:52:11 | 003,422,327 | ---- | M] () -- C:\Users\MIKE\Desktop\Materials.pdf
[2010/09/11 16:46:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/11 10:58:49 | 000,022,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/11 10:58:49 | 000,022,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/11 10:53:35 | 000,003,584 | ---- | M] () -- C:\Users\MIKE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/11 10:26:41 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2010/09/11 09:47:20 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/11 09:45:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/11 09:45:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/11 09:45:32 | 2817,126,400 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/11 01:49:02 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2010/09/11 01:49:02 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2010/09/11 01:49:02 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2010/09/11 01:48:52 | 008,232,066 | -H-- | M] () -- C:\Users\MIKE\AppData\Local\IconCache.db
[2010/09/10 20:00:25 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Users\MIKE\Desktop\ccsetup235.exe
[2010/09/09 10:16:58 | 000,001,029 | ---- | M] () -- C:\Users\MIKE\Desktop\nes roms - Shortcut.lnk
[2010/09/08 16:27:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/09/08 10:08:38 | 000,720,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/08 10:08:38 | 000,619,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/08 10:08:38 | 000,105,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/09/07 10:54:10 | 000,472,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010/09/07 10:52:29 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/09/07 10:52:09 | 000,121,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/09/07 10:47:49 | 000,028,752 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/09/07 10:47:33 | 000,061,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/09/07 10:47:10 | 000,020,048 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/09/06 01:12:51 | 000,040,885 | ---- | M] () -- C:\Users\MIKE\Desktop\bookmarks-2010-09-06.json
[2010/09/03 18:58:40 | 000,001,057 | ---- | M] () -- C:\Users\MIKE\AppData\Roaming\vso_ts_preview.xml
[2010/09/03 13:54:53 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/03 10:07:57 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010/09/03 10:05:58 | 053,970,344 | ---- | M] () -- C:\Users\MIKE\Desktop\setup_av_pro.exe
[2010/09/03 10:05:45 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\MIKE\Desktop\TFC.exe
[2010/09/03 10:05:42 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\MIKE\Desktop\mbam-setup-1.46.exe
[2010/09/02 23:05:09 | 000,189,480 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/09/02 23:05:09 | 000,189,480 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/02 15:51:43 | 000,284,915 | ---- | M] () -- C:\Users\MIKE\Desktop\gmer.zip
[2010/09/02 15:47:17 | 000,525,824 | ---- | M] () -- C:\Users\MIKE\Desktop\dds.scr
[2010/09/02 15:46:21 | 000,000,000 | ---- | M] () -- C:\Users\MIKE\defogger_reenable
[2010/09/02 15:44:19 | 000,050,477 | ---- | M] () -- C:\Users\MIKE\Desktop\Defogger.exe
[2010/09/02 15:26:12 | 000,002,971 | ---- | M] () -- C:\Users\MIKE\Desktop\HiJackThis.lnk
[2010/09/01 09:29:52 | 019,657,194 | ---- | M] () -- C:\Users\MIKE\Desktop\vlc-1.1.4-win32.exe
[2010/08/28 02:15:13 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/08/28 02:15:12 | 000,794,408 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/08/28 02:06:28 | 000,794,408 | ---- | M] () -- C:\Users\MIKE\Desktop\pbsvc.exe
[2010/08/28 02:01:45 | 000,001,546 | ---- | M] () -- C:\Users\MIKE\Desktop\AA3Game - Shortcut.lnk
[2010/08/25 19:25:17 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/23 16:59:22 | 000,000,762 | ---- | M] () -- C:\Users\MIKE\Desktop\UB.lnk
[2010/08/23 15:39:59 | 000,085,230 | ---- | M] () -- C:\Users\MIKE\Documents\stef2.jpg
[2010/08/23 15:39:56 | 000,083,622 | ---- | M] () -- C:\Users\MIKE\Documents\stef.jpg
[2010/08/22 22:00:19 | 000,002,525 | ---- | M] () -- C:\Users\Public\Desktop\OverDrive Media Console.lnk
[2010/08/22 21:49:37 | 000,002,202 | ---- | M] () -- C:\Users\MIKE\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2010/08/22 21:49:37 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2010/08/22 10:13:41 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/19 11:36:18 | 000,247,808 | ---- | M] () -- C:\Users\MIKE\Documents\Transcripts-
[2010/08/18 10:46:47 | 000,000,040 | ---- | M] () -- C:\Users\MIKE\AppData\Roaming\cgvhed.dat
[2010/08/18 10:41:52 | 000,000,120 | ---- | M] () -- C:\Users\MIKE\AppData\Local\Agimoyopogica.dat
[2010/08/18 10:41:52 | 000,000,000 | ---- | M] () -- C:\Users\MIKE\AppData\Local\Vdacimo.bin
[2010/08/17 18:12:37 | 000,013,514 | ---- | M] () -- C:\Users\MIKE\Documents\ASF ALL NATURAL INGREDIENTS.docx
[2010/08/17 18:09:00 | 000,011,654 | ---- | M] () -- C:\Users\MIKE\Documents\asf call and Use on.docx
[2010/08/17 18:08:47 | 000,016,252 | ---- | M] () -- C:\Users\MIKE\Documents\ASF sample.docx

========== Files Created - No Company Name ==========

[2010/09/11 16:52:04 | 003,422,327 | ---- | C] () -- C:\Users\MIKE\Desktop\Materials.pdf
[2010/09/11 10:53:31 | 000,003,584 | ---- | C] () -- C:\Users\MIKE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/11 10:53:11 | 000,000,077 | ---- | C] () -- C:\Users\MIKE\AppData\Roaming\Rim.Desktop.Exception.log
[2010/09/11 10:26:47 | 000,000,807 | ---- | C] () -- C:\Users\MIKE\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/09/11 10:26:41 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2010/09/09 10:16:58 | 000,001,029 | ---- | C] () -- C:\Users\MIKE\Desktop\nes roms - Shortcut.lnk
[2010/09/06 01:12:51 | 000,040,885 | ---- | C] () -- C:\Users\MIKE\Desktop\bookmarks-2010-09-06.json
[2010/09/05 13:18:50 | 000,012,568 | ---- | C] () -- C:\ProgramData\lxduJSW.log
[2010/09/03 13:54:53 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/03 10:07:57 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010/09/03 10:03:23 | 053,970,344 | ---- | C] () -- C:\Users\MIKE\Desktop\setup_av_pro.exe
[2010/09/02 15:52:23 | 000,293,376 | ---- | C] () -- C:\Users\MIKE\Desktop\gmer.exe
[2010/09/02 15:51:41 | 000,284,915 | ---- | C] () -- C:\Users\MIKE\Desktop\gmer.zip
[2010/09/02 15:47:03 | 000,525,824 | ---- | C] () -- C:\Users\MIKE\Desktop\dds.scr
[2010/09/02 15:46:21 | 000,000,000 | ---- | C] () -- C:\Users\MIKE\defogger_reenable
[2010/09/02 15:44:18 | 000,050,477 | ---- | C] () -- C:\Users\MIKE\Desktop\Defogger.exe
[2010/09/02 15:26:12 | 000,002,971 | ---- | C] () -- C:\Users\MIKE\Desktop\HiJackThis.lnk
[2010/09/01 09:28:41 | 019,657,194 | ---- | C] () -- C:\Users\MIKE\Desktop\vlc-1.1.4-win32.exe
[2010/08/28 02:30:10 | 000,189,480 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/08/28 02:15:14 | 000,189,480 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/08/28 02:15:12 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/08/28 02:06:16 | 000,794,408 | ---- | C] () -- C:\Users\MIKE\Desktop\pbsvc.exe
[2010/08/28 02:01:45 | 000,001,546 | ---- | C] () -- C:\Users\MIKE\Desktop\AA3Game - Shortcut.lnk
[2010/08/28 00:12:18 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/08/23 16:59:22 | 000,000,762 | ---- | C] () -- C:\Users\MIKE\Desktop\UB.lnk
[2010/08/23 15:39:50 | 000,085,230 | ---- | C] () -- C:\Users\MIKE\Documents\stef2.jpg
[2010/08/23 15:39:44 | 000,083,622 | ---- | C] () -- C:\Users\MIKE\Documents\stef.jpg
[2010/08/22 22:00:19 | 000,002,525 | ---- | C] () -- C:\Users\Public\Desktop\OverDrive Media Console.lnk
[2010/08/22 21:49:37 | 000,002,202 | ---- | C] () -- C:\Users\MIKE\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2010/08/22 21:49:37 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2010/08/22 10:13:41 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/19 11:36:03 | 000,247,808 | ---- | C] () -- C:\Users\MIKE\Documents\Transcripts-
[2010/08/17 18:12:36 | 000,013,514 | ---- | C] () -- C:\Users\MIKE\Documents\ASF ALL NATURAL INGREDIENTS.docx
[2010/08/17 18:08:59 | 000,011,654 | ---- | C] () -- C:\Users\MIKE\Documents\asf call and Use on.docx
[2010/08/17 18:08:46 | 000,016,252 | ---- | C] () -- C:\Users\MIKE\Documents\ASF sample.docx
[2010/08/16 20:37:35 | 000,000,120 | ---- | C] () -- C:\Users\MIKE\AppData\Local\Agimoyopogica.dat
[2010/08/16 20:37:35 | 000,000,000 | ---- | C] () -- C:\Users\MIKE\AppData\Local\Vdacimo.bin
[2010/08/16 20:35:53 | 000,000,040 | ---- | C] () -- C:\Users\MIKE\AppData\Roaming\cgvhed.dat
[2010/06/18 21:23:43 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2010/06/18 21:14:39 | 000,000,017 | ---- | C] () -- C:\Users\MIKE\AppData\Local\resmon.resmoncfg
[2010/06/06 11:28:06 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
[2010/06/06 11:28:06 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
[2010/06/05 21:26:53 | 000,000,179 | ---- | C] () -- C:\Windows\WinInit.Ini
[2010/06/05 21:19:16 | 000,000,364 | ---- | C] () -- C:\ProgramData\lxdu.log
[2010/06/05 21:00:36 | 000,000,431 | ---- | C] () -- C:\ProgramData\lxduDiagnostics.log
[2010/06/05 19:47:43 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2010/06/05 19:47:43 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2010/06/05 19:47:43 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2010/06/05 19:45:09 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/04/21 11:43:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/03 01:34:15 | 000,001,057 | ---- | C] () -- C:\Users\MIKE\AppData\Roaming\vso_ts_preview.xml
[2010/04/03 01:33:51 | 000,000,034 | ---- | C] () -- C:\Users\MIKE\AppData\Roaming\pcouffin.log
[2010/04/03 01:33:09 | 000,099,384 | ---- | C] () -- C:\Users\MIKE\AppData\Roaming\inst.exe
[2010/04/03 01:33:09 | 000,007,859 | ---- | C] () -- C:\Users\MIKE\AppData\Roaming\pcouffin.cat
[2010/04/03 01:33:09 | 000,001,167 | ---- | C] () -- C:\Users\MIKE\AppData\Roaming\pcouffin.inf
[2010/02/26 15:30:55 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/02/26 15:30:55 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/04 02:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/06/04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/06/04 01:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2009/05/27 10:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/09/11 09:45:32 | 2817,126,400 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/09/11 09:45:37 | 3756,171,264 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

Edited by Tizac, 12 September 2010 - 02:42 PM.


#4 Tizac

Tizac
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 11 September 2010 - 09:16 PM

OTL Extras logfile created on: 9/11/2010 5:37:41 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\MIKE\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.90 Gb Total Space | 96.30 Gb Free Space | 43.01% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 8.71 Gb Free Space | 99.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKE-PC
Current User Name: MIKE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1238B565-1705-8CA8-A9D6-902E83D820E7}" = ATI Problem Report Wizard
"{29D2FBFB-4442-A5F1-BC52-1F9823A87050}" = ATI AVIVO64 Codecs
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C7F4054-5AF1-9259-9E95-046801F0EFCC}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E85F6404-FC45-FC20-07F0-88F08FD87CD9}" = ATI Catalyst Install Manager
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0182AC49-EDA5-CF2F-4102-901BF772BEF2}" = CCC Help English
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0EE046C6-9853-DA0C-5FBA-D7D235C9E23A}" = CCC Help Russian
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{14B9D8E9-F122-E749-E655-83E012A38967}" = CCC Help Portuguese
"{15A4BDA9-2408-946D-B0AF-FDEC96289659}" = CCC Help Dutch
"{1F09D8CC-457A-DBED-3DDD-3AA9B7EDE5A1}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2E1E6250-3316-2BC9-39E9-A4723DF6E871}" = CCC Help Italian
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{391E2D0A-2CCC-07FD-9BED-04C157A73A17}" = CCC Help German
"{3F08634B-A83B-46C6-6E64-DD3D526617B4}" = CCC Help Danish
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{51879686-2F72-ACEF-8C30-B9F67040573C}" = CCC Help Spanish
"{5663026B-BDBE-747E-EF93-2A673D5E3BD3}" = CCC Help Chinese Traditional
"{5EC0DE66-4EFA-3E77-01FA-DD591F6642A8}" = CCC Help Thai
"{622B2319-26A8-D92C-660E-40420D25E234}" = CCC Help Greek
"{6489E70C-B3E8-8380-161F-940E08A03D99}" = Catalyst Control Center Graphics Light
"{6A39AD42-B47C-BE88-2AF5-40DE9A289577}" = Catalyst Control Center InstallProxy
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CC3CB3-8E03-B478-6AEA-1E80A5F0BF78}" = Catalyst Control Center Graphics Previews Vista
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}" = Gamer HUD Lite
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D01D752-5B06-D866-6D51-1F07CB5F5055}" = Catalyst Control Center Localization All
"{A214FB64-0105-2515-C4C9-8716776E28AB}" = HydraVision
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AE0EA4C1-3628-51EA-EEA2-8BE84ADA1EE6}" = CCC Help Polish
"{AF70FBC2-BF25-42EB-086F-DC5AB584A723}" = CCC Help French
"{B1E1F1BC-84ED-D8CF-1A11-5B08C83D3E6C}" = CCC Help Hungarian
"{B1E9DF5F-04F4-2A7D-CEC1-EBB0369321B3}" = ccc-core-static
"{B2F3FB19-D848-479C-818E-130ABC9366DB}" = BlackBerry Device Software Updater
"{B649C164-CBEF-A5DA-E33B-ACA2B14F9475}" = CCC Help Swedish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C1B5F3DB-68CB-64B5-7205-F74C6734CA61}" = CCC Help Japanese
"{D0396BD0-D207-4863-BC4F-6349FECD664D}" = CCC Help Czech
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D4FE00C6-3D7C-942C-FB3E-8FF903B4EEC6}" = Catalyst Control Center Core Implementation
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{DC9156F6-8863-C1F9-1335-3521DE39C183}" = Catalyst Control Center Graphics Full Existing
"{E2A07378-C520-D8AD-25B1-595A8ADA46C6}" = Catalyst Control Center Graphics Full New
"{E58437BD-A90C-6BE6-1E8D-1908CA7CC754}" = CCC Help Finnish
"{E6C74254-EDFF-66F8-E612-577629029A89}" = CCC Help Korean
"{EB466A84-3394-7C8C-EC07-17597F68FA6B}" = Catalyst Control Center HydraVision Full
"{ED606D75-8396-251E-2411-711E540410B0}" = CCC Help Turkish
"{ED7EE245-2A8D-6DC2-03F5-CA28D372C4FA}" = CCC Help Chinese Standard
"{FA283E8F-9D50-D66E-E5DC-16EA66ED637A}" = Catalyst Control Center Graphics Previews Common
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"avast5" = avast! Pro Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Digital Editions" = Adobe Digital Editions
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FileZilla Client" = FileZilla Client 3.3.2.1
"Foxit PDF Editor" = Foxit PDF Editor
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Steam App 13140" = America's Army 3
"Steam App 17460" = Mass Effect
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 630" = Alien Swarm
"Steam App 640" = Alien Swarm - SDK
"Steam App 80" = Condition Zero
"thinkorswim" = thinkorswim
"Trillian" = Trillian
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.0
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UB" = UB
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/3/2010 1:31:02 AM | Computer Name = MIKE-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 9/8/2010 9:47:33 PM | Computer Name = MIKE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 9/8/2010 9:47:33 PM | Computer Name = MIKE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 9/8/2010 9:47:33 PM | Computer Name = MIKE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 9/9/2010 1:12:46 PM | Computer Name = MIKE-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 9/10/2010 9:37:54 AM | Computer Name = MIKE-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 9/10/2010 8:41:32 PM | Computer Name = MIKE-PC | Source = Application Hang | ID = 1002
Description = The program winamp.exe version 5.5.7.2830 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 9d4 Start
Time: 01cb5149c004cc6b Termination Time: 60000 Application Path: C:\Program Files
(x86)\Winamp\winamp.exe Report Id: 0849596b-bd3d-11df-b07c-001372260f9b

Error - 9/10/2010 9:56:13 PM | Computer Name = MIKE-PC | Source = Application Hang | ID = 1002
Description = The program winamp.exe version 5.5.7.2830 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 744 Start
Time: 01cb514b463ddea5 Termination Time: 35 Application Path: C:\Program Files (x86)\Winamp\winamp.exe

Report
Id: 0078b5d4-bd47-11df-b07c-001372260f9b

Error - 9/10/2010 10:01:54 PM | Computer Name = MIKE-PC | Source = Application Hang | ID = 1002
Description = The program winamp.exe version 5.5.7.2830 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 944 Start
Time: 01cb515516d4cd73 Termination Time: 47 Application Path: C:\Program Files (x86)\Winamp\winamp.exe

Report
Id: 8848d564-bd48-11df-bbaf-001372260f9b

Error - 9/11/2010 9:46:05 AM | Computer Name = MIKE-PC | Source = Google Update | ID = 20
Description =

Error - 9/11/2010 10:05:03 AM | Computer Name = MIKE-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 9/3/2010 9:47:53 AM | Computer Name = MIKE-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.89.834.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error
code: 0x80070643 Error description: Fatal error during installation.

Error - 9/3/2010 9:48:04 AM | Computer Name = MIKE-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Microsoft Security Essentials - KB972696
(Definition 1.89.901.0).

Error - 9/3/2010 10:08:39 AM | Computer Name = MIKE-PC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 9/3/2010 10:09:39 AM | Computer Name = MIKE-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService
service to connect.

Error - 9/3/2010 10:09:39 AM | Computer Name = MIKE-PC | Source = Service Control Manager | ID = 7000
Description = The lxduCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 9/3/2010 10:11:58 AM | Computer Name = MIKE-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 9/3/2010 9:17:15 PM | Computer Name = MIKE-PC | Source = Service Control Manager | ID = 7034
Description = The Creative Audio Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/3/2010 9:18:49 PM | Computer Name = MIKE-PC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 9/3/2010 9:19:42 PM | Computer Name = MIKE-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService
service to connect.

Error - 9/3/2010 9:19:42 PM | Computer Name = MIKE-PC | Source = Service Control Manager | ID = 7000
Description = The lxduCATSCustConnectService service failed to start due to the
following error: %%1053


< End of report >


#5 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:04 AM

Posted 12 September 2010 - 06:57 AM

Hi again Tizac!!.. smile.gif

I notice that you are using more than one antivirus program - avast! Antivirus and Microsoft Security Essentials.
It's not recommended to run more than one antivirus program in resident mode because they can conflict with each other.
I strongly suggest you either disable a real time protection or uninstall one of these programs.

Please do the following:

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\A81D.tmp -- (MEMSWEEP2)
    FF - prefs.js..extensions.enabledItems: {DA7B6170-6A7D-4EBA-8B9F-5F4170B33518}:1.9.1
    [2010/08/16 20:37:33 | 000,000,000 | ---D | C] -- C:\Users\MIKE\AppData\Local\{DA7B6170-6A7D-4EBA-8B9F-5F4170B33518}
    [2010/08/16 20:35:53 | 000,000,000 | ---D | C] -- C:\Users\MIKE\AppData\Roaming\Izva
    [2010/08/16 20:35:53 | 000,000,000 | ---D | C] -- C:\Users\MIKE\AppData\Roaming\Cyby
    [2010/09/02 15:51:43 | 000,284,915 | ---- | M] () -- C:\Users\MIKE\Desktop\gmer.zip
    [2010/09/02 15:47:17 | 000,525,824 | ---- | M] () -- C:\Users\MIKE\Desktop\dds.scr
    [2010/08/18 10:46:47 | 000,000,040 | ---- | M] () -- C:\Users\MIKE\AppData\Roaming\cgvhed.dat
    [2010/08/18 10:41:52 | 000,000,120 | ---- | M] () -- C:\Users\MIKE\AppData\Local\Agimoyopogica.dat
    [2010/08/18 10:41:52 | 000,000,000 | ---- | M] () -- C:\Users\MIKE\AppData\Local\Vdacimo.bin
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#6 Tizac

Tizac
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 12 September 2010 - 11:10 AM

Hi snemelk, thanks for helping me out.

i figured out the danger of having the 2 AV programs running. and that sometimes i would get a false positive from one of them because of the other. so i disabled the real time on security essentials.

here are the logs from the OTL and ESET.


All processes killed
========== OTL ==========
Service MEMSWEEP2 stopped successfully!
Service MEMSWEEP2 deleted successfully!
File C:\Windows\SysNative\A81D.tmp not found.
Prefs.js: {DA7B6170-6A7D-4EBA-8B9F-5F4170B33518}:1.9.1 removed from extensions.enabledItems
C:\Users\MIKE\AppData\Local\{DA7B6170-6A7D-4EBA-8B9F-5F4170B33518}\chrome\content folder moved successfully.
C:\Users\MIKE\AppData\Local\{DA7B6170-6A7D-4EBA-8B9F-5F4170B33518}\chrome folder moved successfully.
C:\Users\MIKE\AppData\Local\{DA7B6170-6A7D-4EBA-8B9F-5F4170B33518} folder moved successfully.
C:\Users\MIKE\AppData\Roaming\Izva folder moved successfully.
C:\Users\MIKE\AppData\Roaming\Cyby folder moved successfully.
C:\Users\MIKE\Desktop\gmer.zip moved successfully.
C:\Users\MIKE\Desktop\dds.scr moved successfully.
C:\Users\MIKE\AppData\Roaming\cgvhed.dat moved successfully.
C:\Users\MIKE\AppData\Local\Agimoyopogica.dat moved successfully.
C:\Users\MIKE\AppData\Local\Vdacimo.bin moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MIKE
->Temp folder emptied: 13248952 bytes
->Temporary Internet Files folder emptied: 1442610 bytes
->Java cache emptied: 161136 bytes
->FireFox cache emptied: 91866308 bytes
->Flash cache emptied: 41764 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 175155 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49621 bytes
RecycleBin emptied: 576000 bytes

Total Files Cleaned = 103.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: MIKE
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09122010_104353

Files\Folders moved on Reboot...
C:\Users\MIKE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...








ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b0de2dd027c73f4ca300b9b0b8a4554a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-12 03:39:58
# local_time=2010-09-12 11:39:58 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776893 100 100 0 13814697 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=169745
# found=0
# cleaned=0
# scan_time=2679


#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:04 AM

Posted 12 September 2010 - 02:07 PM

Hi again Tizac!!.. smile.gif

QUOTE(Tizac @ Sep 12 2010, 06:10 PM) View Post
i figured out the danger of having the 2 AV programs running. and that sometimes i would get a false positive from one of them because of the other. so i disabled the real time on security essentials.

thumbup2.gif

That looks good, I reckon no problem persists (the script removed a Firefox Add-on causing the redirects)??..

If there are no remaining problems, please do the following:

Firstly,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Secondly,
Please set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.

Please check my site - snemelk.hekko.pl:
Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 Tizac

Tizac
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 14 September 2010 - 07:46 PM

Thank you again snemelk, I have spent the last few days checking and thankfully no redirects. can you tell what addon to firefox was causing the problem? (that way i can avoid it like the plague)

#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:04 AM

Posted 15 September 2010 - 01:52 PM

Hi again Tizac!!.. smile.gif

QUOTE(Tizac @ Sep 15 2010, 02:46 AM) View Post
I have spent the last few days checking and thankfully no redirects.

Good! thumbup2.gif

QUOTE
can you tell what addon to firefox was causing the problem? (that way i can avoid it like the plague)

Well, that Add-on wasn't installed by you, I suppose - malware installed it, so that criminals could get paid for those redirections... It's known as a "goored" infection...
The best way not to have such a problem in the future is to keep your security products updated, having the latest versions of programs installed (so that no vulnerable program versions are installed), not using cracks/keygens and not visiting risky sites... ;)
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:04 AM

Posted 03 October 2010 - 02:45 PM

Glad we could help. smile.gif

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users