Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
12 replies to this topic

#1 Dazed_&_Confused

Dazed_&_Confused

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 05 October 2010 - 09:04 PM

Hello Everyone!

I just want to first give thanks to whom ever is willing to help me with my problem. I am having problems with my IE browser. Everytime I click on a search link on Google's website and toolbar results, I get redirected to a spam/ad site. Please help!

Thank you again in advance!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:44:41 PM, on 10/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.drexel.edu
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.10.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CLDTVHNService - Unknown owner - C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 12538 bytes


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:50 AM

Posted 13 October 2010 - 09:11 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 Dazed_&_Confused

Dazed_&_Confused
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 14 October 2010 - 10:06 PM

Hello!

Thank you for responding to my problem. Please be patient with me as I am still running the GMER program. I wasn't expecting it to take so long, but I'll be grateful if it can find the problem and help us fix it. I will post all required attachments as soon as the GMER scan finishes.

Thanks!

#4 Dazed_&_Confused

Dazed_&_Confused
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 15 October 2010 - 05:36 PM

Hello!

Thank you again for you help and patience!

Per your request, attached are the files that you had requested, as well as the DDS log.

Please let me know if there is anything else that I can do.

I'm looking forward to your instructions.

Thank You!


DDS (Ver_10-10-10.03) - NTFSx86
Run by Owner at 0:00:34.78 on Thu 10/14/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1529 [GMT -4:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gatewaybiz.com
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - c:\program files\common files\simple adblock\SimpleAdblock.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [AlcFDMonitor] c:\windows\ALCFDRTM.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
IE: &Block This Image (ABP) - c:\program files\adblock pro\blockimg.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: drexel.edu
Trusted Zone: p0rt2.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {E6B8F294-AA38-4BBE-8386-8491C944B1F6} - rundll32.exe "c:\documents and settings\owner\application data\bitrix security\qgace71.dll", DllUnrer

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-4 64288]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-4 11608]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-10-5 532224]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-4 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-4 267432]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-9-3 6104144]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-4 60936]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R2 CLDTVHNService;CLDTVHNService;c:\program files\directv\directv\kernel\dmp\CLDTVHNService.exe [2009-9-17 75048]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1356952]
R2 ntk_dtv;ntk_dtv;c:\program files\directv\directv\kernel\dmp\ntk_dtv.sys [2009-9-17 119792]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]

=============== Created Last 30 ================

2010-10-06 22:54:01 -------- d-----w- c:\docume~1\owner\applic~1\Simple Adblock
2010-10-06 22:53:57 -------- d-----w- c:\program files\common files\Simple Adblock
2010-10-06 22:22:58 -------- d-----w- c:\docume~1\owner\applic~1\Adblock Pro
2010-10-06 22:22:05 -------- d-----w- c:\program files\Adblock Pro
2010-10-06 03:09:51 -------- d-----w- c:\docume~1\owner\applic~1\Avira
2010-10-06 02:57:29 -------- d--h--w- C:\$AVG
2010-10-06 01:34:21 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-06 00:49:34 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-10-06 00:49:32 -------- d-----w- c:\windows\system32\ZoneLabs
2010-10-06 00:49:22 -------- d-----w- c:\program files\Zone Labs
2010-10-06 00:47:33 -------- d-----w- c:\windows\Internet Logs
2010-10-05 08:49:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-05 02:11:17 -------- d-----w- c:\program files\Yahoo!
2010-10-05 02:10:38 -------- d-----w- c:\program files\CCleaner
2010-10-05 01:51:07 -------- d-----w- c:\docume~1\owner\applic~1\Bitrix Security
2010-10-05 01:48:30 -------- d-----w- c:\program files\Trend Micro
2010-10-05 01:41:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-05 01:41:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-04 05:46:22 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-10-04 05:46:16 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-04 05:40:34 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Sunbelt Software
2010-10-04 05:37:52 -------- d-----w- c:\program files\Lavasoft
2010-10-04 05:19:29 -------- d-----w- c:\windows\system32\NtmsData
2010-10-04 05:15:52 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-04 05:15:50 -------- d-----w- c:\program files\Avira
2010-10-04 05:15:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-10-04 05:03:44 -------- d-----w- c:\docume~1\owner\applic~1\AVG10
2010-10-04 05:01:48 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-10-04 04:59:44 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-04 04:59:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-10-04 04:59:24 -------- d-----w- c:\program files\AVG
2010-10-04 04:15:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-10-04 04:10:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-04 04:06:26 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-10-01 04:47:33 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-10-01 04:47:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 04:47:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 04:47:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 04:47:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-01 04:00:49 0 ----a-w- c:\windows\Kfoqepa.bin
2010-10-01 04:00:47 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\{A368ADEA-12D7-4B8B-B2F9-B1210E014416}
2010-10-01 04:00:26 843264 ----a-w- c:\windows\system32\drivers\qvntc.sys
2010-10-01 03:59:09 -------- d-----w- c:\docume~1\owner\applic~1\Genieo
2010-10-01 03:58:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Update

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

============= FINISH: 0:02:27.79 ===============

Attached Files



#5 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:50 PM

Posted 22 October 2010 - 05:39 PM

Hi Dazed_&_Confused,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. :welcome:
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.


Step2

  • Please download OTL and save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste the following bolded text:

    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  • Copy and paste both logs back here in your next reply.


In your next reply, please post back:

1.TDSSKiller.log
2.OTListIt.txt and Extra.txt Thanks

#6 Dazed_&_Confused

Dazed_&_Confused
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 23 October 2010 - 10:24 AM

Hi sundavis!

Thank you so much for taking your time to help me!

As you requested, I've copy and pasted the logs below:

TDSSKiller:

2010/10/23 10:25:30.0750 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/23 10:25:30.0750 ================================================================================
2010/10/23 10:25:30.0750 SystemInfo:
2010/10/23 10:25:30.0750
2010/10/23 10:25:30.0750 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/23 10:25:30.0750 Product type: Workstation
2010/10/23 10:25:30.0750 ComputerName: CVDESKTOP
2010/10/23 10:25:30.0750 UserName: Owner
2010/10/23 10:25:30.0750 Windows directory: C:\WINDOWS
2010/10/23 10:25:30.0750 System windows directory: C:\WINDOWS
2010/10/23 10:25:30.0750 Processor architecture: Intel x86
2010/10/23 10:25:30.0750 Number of processors: 2
2010/10/23 10:25:30.0750 Page size: 0x1000
2010/10/23 10:25:30.0750 Boot type: Normal boot
2010/10/23 10:25:30.0750 ================================================================================
2010/10/23 10:25:31.0781 Initialize success
2010/10/23 10:25:42.0031 ================================================================================
2010/10/23 10:25:42.0031 Scan started
2010/10/23 10:25:42.0031 Mode: Manual;
2010/10/23 10:25:42.0031 ================================================================================
2010/10/23 10:25:42.0812 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/23 10:25:42.0859 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/23 10:25:42.0890 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/23 10:25:42.0921 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/23 10:25:42.0968 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/23 10:25:43.0000 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/10/23 10:25:43.0046 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/23 10:25:43.0093 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/23 10:25:43.0109 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/23 10:25:43.0140 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/23 10:25:43.0156 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/23 10:25:43.0187 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/23 10:25:43.0218 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/23 10:25:43.0234 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/23 10:25:43.0265 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/23 10:25:43.0296 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/23 10:25:43.0343 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/23 10:25:43.0359 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/23 10:25:43.0390 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/23 10:25:43.0421 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/23 10:25:43.0484 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/23 10:25:43.0531 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/23 10:25:43.0562 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/23 10:25:43.0593 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/23 10:25:43.0656 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2010/10/23 10:25:43.0703 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/10/23 10:25:43.0734 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2010/10/23 10:25:43.0765 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2010/10/23 10:25:43.0859 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/10/23 10:25:43.0890 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/10/23 10:25:43.0953 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2010/10/23 10:25:44.0000 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/10/23 10:25:44.0046 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/10/23 10:25:44.0093 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2010/10/23 10:25:44.0187 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/10/23 10:25:44.0218 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/23 10:25:44.0281 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/23 10:25:44.0312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/23 10:25:44.0343 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/23 10:25:44.0390 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/23 10:25:44.0421 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/23 10:25:44.0468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/23 10:25:44.0562 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/23 10:25:44.0593 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/23 10:25:44.0656 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/23 10:25:44.0687 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/23 10:25:44.0734 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/23 10:25:44.0812 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/23 10:25:44.0859 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/23 10:25:44.0906 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/23 10:25:44.0937 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/23 10:25:44.0968 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/23 10:25:45.0015 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/23 10:25:45.0078 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/23 10:25:45.0156 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/23 10:25:45.0187 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/23 10:25:45.0234 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/23 10:25:45.0265 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/23 10:25:45.0296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/23 10:25:45.0343 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/23 10:25:45.0375 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/23 10:25:45.0406 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/23 10:25:45.0453 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/23 10:25:45.0515 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2010/10/23 10:25:45.0593 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
2010/10/23 10:25:45.0656 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/23 10:25:45.0703 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/23 10:25:45.0734 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/23 10:25:45.0781 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/10/23 10:25:45.0859 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/10/23 10:25:45.0968 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/23 10:25:46.0015 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/23 10:25:46.0062 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/23 10:25:46.0093 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/23 10:25:46.0171 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/10/23 10:25:46.0265 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/23 10:25:46.0312 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/23 10:25:46.0468 IntcAzAudAddService (b3ed6daa38bdffa48e453d7d6007ce1b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/23 10:25:46.0515 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/23 10:25:46.0546 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/23 10:25:46.0593 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/23 10:25:46.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/23 10:25:46.0687 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/23 10:25:46.0734 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/23 10:25:46.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/23 10:25:46.0796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/23 10:25:46.0890 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/23 10:25:46.0937 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/23 10:25:47.0000 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/23 10:25:47.0046 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/23 10:25:47.0140 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/10/23 10:25:47.0203 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/10/23 10:25:47.0312 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/23 10:25:47.0375 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/23 10:25:47.0406 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/23 10:25:47.0437 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/23 10:25:47.0468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/23 10:25:47.0515 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/23 10:25:47.0562 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/23 10:25:47.0625 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/23 10:25:47.0703 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/23 10:25:47.0734 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/23 10:25:47.0781 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/23 10:25:47.0796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/23 10:25:47.0843 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/23 10:25:47.0859 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/23 10:25:47.0890 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2010/10/23 10:25:47.0937 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/23 10:25:47.0968 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/23 10:25:48.0000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/23 10:25:48.0031 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/23 10:25:48.0046 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/23 10:25:48.0078 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/23 10:25:48.0109 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/23 10:25:48.0187 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/23 10:25:48.0234 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/23 10:25:48.0296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/23 10:25:48.0406 ntk_dtv (8ad12622c7fa674cb9979e3448ab89c6) C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys
2010/10/23 10:25:48.0484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/23 10:25:48.0687 nv (0ae3a22dbe88dc219f8c0fdd30239e4f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/23 10:25:48.0984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/23 10:25:49.0031 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/23 10:25:49.0093 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/23 10:25:49.0140 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/10/23 10:25:49.0187 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/23 10:25:49.0234 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/23 10:25:49.0296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/23 10:25:49.0328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/23 10:25:49.0468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/23 10:25:49.0531 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/23 10:25:49.0671 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/23 10:25:49.0718 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/23 10:25:49.0796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/23 10:25:49.0828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/23 10:25:49.0859 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/23 10:25:49.0890 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/23 10:25:49.0921 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/23 10:25:49.0937 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/23 10:25:49.0968 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/23 10:25:50.0000 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/23 10:25:50.0031 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/23 10:25:50.0078 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
2010/10/23 10:25:50.0093 Suspicious service (NoAccess): qvntc
2010/10/23 10:25:50.0156 qvntc (686684ef71d7e4b350449a1c359576a0) C:\WINDOWS\system32\drivers\qvntc.sys
2010/10/23 10:25:50.0156 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\qvntc.sys. md5: 686684ef71d7e4b350449a1c359576a0
2010/10/23 10:25:50.0156 qvntc - detected Locked service (1)
2010/10/23 10:25:50.0265 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/23 10:25:50.0406 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/23 10:25:50.0437 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/23 10:25:50.0484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/23 10:25:50.0546 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/23 10:25:50.0578 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/23 10:25:50.0640 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/23 10:25:50.0703 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/23 10:25:50.0765 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/23 10:25:50.0828 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/10/23 10:25:50.0906 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/10/23 10:25:50.0937 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/10/23 10:25:51.0031 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
2010/10/23 10:25:51.0109 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/23 10:25:51.0187 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/23 10:25:51.0218 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/23 10:25:51.0281 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/10/23 10:25:51.0359 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/23 10:25:51.0390 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/23 10:25:51.0437 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/23 10:25:51.0468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/23 10:25:51.0531 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/23 10:25:51.0593 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/23 10:25:51.0656 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2010/10/23 10:25:51.0687 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/23 10:25:51.0734 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/23 10:25:51.0781 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/23 10:25:51.0812 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/23 10:25:51.0875 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/23 10:25:51.0953 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/23 10:25:52.0015 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/23 10:25:52.0078 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/23 10:25:52.0140 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/23 10:25:52.0203 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/23 10:25:52.0234 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/23 10:25:52.0265 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/23 10:25:52.0328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/23 10:25:52.0359 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/23 10:25:52.0421 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/23 10:25:52.0531 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/23 10:25:52.0609 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/23 10:25:52.0656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/23 10:25:52.0687 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/23 10:25:52.0718 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/23 10:25:53.0000 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/23 10:25:53.0031 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/23 10:25:53.0062 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/23 10:25:53.0093 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/23 10:25:53.0125 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/23 10:25:53.0171 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/23 10:25:53.0203 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/23 10:25:53.0281 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2010/10/23 10:25:53.0343 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/23 10:25:53.0421 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/23 10:25:53.0515 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/23 10:25:53.0703 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/10/23 10:25:53.0765 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/23 10:25:53.0812 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/23 10:25:53.0906 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/23 10:25:53.0906 ================================================================================
2010/10/23 10:25:53.0906 Scan finished
2010/10/23 10:25:53.0906 ================================================================================
2010/10/23 10:25:53.0921 Detected object count: 2
2010/10/23 10:26:15.0937 Locked service(qvntc) - User select action: Skip
2010/10/23 10:26:15.0953 \HardDisk0\MBR - will be cured after reboot
2010/10/23 10:26:15.0953 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/23 10:26:55.0359 Deinitialize success

OTListlt:

OTL logfile created on: 10/23/2010 10:46:40 AM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 3750 3750 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.02 Gb Total Space | 31.66 Gb Free Space | 17.39% Space Free | Partition Type: NTFS
Drive D: | 4.27 Gb Total Space | 1.68 Gb Free Space | 39.27% Space Free | Partition Type: FAT32

Computer Name: CVDESKTOP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/23 10:24:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/10/04 01:46:09 | 001,356,952 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/10/04 01:46:09 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/10 01:44:22 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/09/09 04:46:42 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/09/07 03:50:58 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/09/07 03:50:14 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/03 10:35:52 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/17 19:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
PRC - [2009/07/26 22:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/07/13 13:27:16 | 000,528,384 | ---- | M] ( ) -- C:\WINDOWS\system32\lxctcoms.exe
PRC - [2005/11/15 15:49:44 | 005,238,272 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2005/05/12 14:00:54 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2005/05/12 14:00:34 | 002,805,248 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005/02/14 21:37:30 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2004/05/17 22:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe


========== Modules (SafeList) ==========

MOD - [2010/10/23 10:24:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2001/07/03 00:36:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\HKNTDLL.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe -- (WMP54Gv4SVC)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\6to4v32.dll -- (6to4)
SRV - [2010/10/04 01:46:09 | 001,356,952 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/17 19:40:44 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe -- (CLDTVHNService)
SRV - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/07/13 13:27:16 | 000,528,384 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxctcoms.exe -- (lxct_device)
SRV - [2005/02/14 21:37:30 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/12 08:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/12 08:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/17 19:40:52 | 000,119,792 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys -- (ntk_dtv)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/18 14:44:00 | 006,308,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/05/12 14:00:50 | 002,951,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/11/15 21:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/06/17 18:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 18:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001/08/17 14:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.fast-find.net/?sid=10101062100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/08/21 15:45:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A368ADEA-12D7-4B8B-B2F9-B1210E014416}: C:\Documents and Settings\Owner\Local Settings\Application Data\{A368ADEA-12D7-4B8B-B2F9-B1210E014416} [2010/10/01 00:00:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/22 18:40:23 | 000,000,000 | ---D | M]

[2007/08/21 15:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6kzcacbh.default\extensions
[2007/08/21 15:49:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6kzcacbh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/08/21 15:49:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/21 15:44:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] File not found
O4 - HKLM..\Run: [LXCTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE File not found
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files\Adblock Pro\blockimg.html ()
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\..Trusted Domains: drexel.edu ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\..Trusted Domains: p0rt2.com ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (MSN Money Charting)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab? (Photo Upload Plugin Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{5ab29321-7eef-11d9-9d2e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{5ab29321-7eef-11d9-9d2e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e779e7e-c488-11dd-a2d0-00132030f282}\Shell\Shell00\Command - "" = L:\Start.exe -- File not found
O33 - MountPoints2\{a3b6205d-18e2-11de-a340-00132030f282}\Shell\AutoRun\command - "" = L:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{a3b6205d-18e2-11de-a340-00132030f282}\Shell\slacker\command - "" = L:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: drwtcess - (C:\WINDOWS\system32\chkdprep.dll) - C:\WINDOWS\System32\chkdprep.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/23 10:24:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/16 21:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Jim_Thorpe_10162010
[2010/10/13 22:33:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/06 22:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Simple Adblock
[2010/10/06 21:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/10/06 18:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Simple Adblock
[2010/10/06 18:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Simple Adblock
[2010/10/06 18:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Adblock Pro
[2010/10/06 18:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\Adblock Pro
[2010/10/05 23:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2010/10/05 22:57:29 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/10/05 20:49:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/10/05 20:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/10/05 20:47:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/10/04 22:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2010/10/04 22:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/10/04 22:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/04 21:54:58 | 003,430,224 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Owner\My Documents\ccsetup236.exe
[2010/10/04 21:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Bitrix Security
[2010/10/04 21:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/04 21:48:21 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\My Documents\HJTInstall.exe
[2010/10/04 21:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/04 21:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/10/04 09:08:00 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/10/04 01:46:22 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/10/04 01:46:16 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/10/04 01:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2010/10/04 01:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/10/04 01:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/10/04 01:19:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/04 01:15:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/04 01:15:52 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/04 01:15:52 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/04 01:15:52 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/04 01:15:52 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/04 01:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/04 01:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/04 01:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/10/04 01:01:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/04 00:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/04 00:59:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010/10/04 00:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/10/04 00:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/04 00:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/04 00:10:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/04 00:06:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/10/03 23:13:52 | 004,283,672 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Owner\My Documents\avg_free_stb_all_2011_1120_cnet.exe
[2010/10/03 23:13:17 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\Owner\Desktop\cwshredder.exe
[2010/10/03 23:10:37 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\My Documents\spybotsd162.exe
[2010/10/03 23:05:51 | 133,582,520 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Owner\My Documents\Ad-AwareInstall.exe
[2010/10/03 23:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/10/03 22:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/10/01 02:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/01 02:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/01 01:53:58 | 006,186,928 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-rules.exe
[2010/10/01 00:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/10/01 00:47:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/01 00:47:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/01 00:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/01 00:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/01 00:42:47 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup-1.46.exe
[2010/10/01 00:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{A368ADEA-12D7-4B8B-B2F9-B1210E014416}
[2010/09/30 23:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Genieo
[2010/09/30 23:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/09/30 18:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/30 18:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/26 15:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\TEMP
[2010/09/15 00:08:40 | 001,207,002 | ---- | C] (astrojargon.net) -- C:\Documents and Settings\Owner\Desktop\setupeosinfo.exe
[2010/09/13 16:27:24 | 000,025,680 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSEH.sys
[2010/09/07 03:49:00 | 000,298,448 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/09/07 03:48:56 | 000,034,384 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/09/07 03:48:54 | 000,249,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/09/07 03:48:50 | 000,026,064 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/08/31 22:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\8_28
[2010/08/19 21:42:38 | 000,030,288 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys
[2010/08/19 21:42:36 | 000,123,472 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2010/08/19 21:42:34 | 000,026,192 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys
[2010/08/12 21:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Canon Easy-PhotoPrint EX
[2010/08/12 21:22:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2010/08/12 20:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Wedding_TEMP
[2010/07/29 23:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Tomato
[2008/01/02 18:42:16 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctinpa.dll
[2008/01/02 18:42:16 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctiesc.dll
[2008/01/02 18:42:15 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctserv.dll
[2008/01/02 18:42:15 | 000,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctusb1.dll
[2008/01/02 18:42:15 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpmui.dll
[2008/01/02 18:42:15 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctprox.dll
[2008/01/02 18:42:15 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpplc.dll
[2008/01/02 18:42:14 | 000,528,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctlmpm.dll
[2008/01/02 18:42:13 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcthbn3.dll
[2008/01/02 18:42:12 | 000,667,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomc.dll
[2008/01/02 18:42:12 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomm.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/23 10:51:59 | 000,843,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\qvntc.sys
[2010/10/23 10:37:39 | 000,206,701 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/23 10:37:27 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/23 10:37:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/23 10:33:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/23 10:30:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/23 10:28:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/23 10:28:05 | 2682,085,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/23 10:24:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/23 10:23:52 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2010/10/23 10:16:48 | 097,485,034 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/10/22 18:40:40 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/10/18 00:22:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/17 18:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/10/17 18:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/10/17 17:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/17 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/10/17 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/10/17 00:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/17 00:52:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/10/17 00:34:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/10/16 23:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/16 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/10/16 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/10/16 21:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/15 18:32:11 | 000,002,086 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ark.zip
[2010/10/15 18:32:01 | 000,005,141 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/10/15 00:24:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/10/14 00:06:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/10/13 23:46:32 | 000,285,168 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/10/13 23:41:28 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/10/13 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/10/13 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/10/13 22:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/13 13:50:14 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010/10/07 22:58:47 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2010/10/06 22:38:53 | 000,420,801 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/10/06 21:57:08 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/06 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/10/06 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/10/06 20:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/06 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/10/06 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/10/06 19:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/10/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/10/06 18:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/06 18:50:36 | 001,193,472 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\simpleadblock-3.msi
[2010/10/05 21:38:38 | 000,000,313 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/10/05 20:50:37 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/10/05 19:11:12 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\HiJackThis.msi
[2010/10/04 22:10:43 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/10/04 21:58:50 | 046,899,712 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ZASETUP_92_057_000_EN.EXE
[2010/10/04 21:54:58 | 003,430,224 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner\My Documents\ccsetup236.exe
[2010/10/04 21:48:21 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\My Documents\HJTInstall.exe
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/10/04 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/10/04 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/10/04 01:58:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/04 01:46:15 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/10/04 00:54:47 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7WVJ7eA.dat
[2010/10/04 00:28:41 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Svenefova.dat
[2010/10/04 00:13:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kfoqepa.bin
[2010/10/03 23:18:50 | 001,292,818 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SmartPopupBlocker120.exe
[2010/10/03 23:16:24 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\avira_antivir_personal_en.exe
[2010/10/03 23:13:57 | 004,283,672 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\My Documents\avg_free_stb_all_2011_1120_cnet.exe
[2010/10/03 23:13:18 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\Owner\Desktop\cwshredder.exe
[2010/10/03 23:10:37 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\My Documents\spybotsd162.exe
[2010/10/03 23:05:55 | 133,582,520 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Owner\My Documents\Ad-AwareInstall.exe
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/10/03 22:46:17 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/03 22:46:17 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/03 22:46:17 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/03 22:46:17 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/01 01:54:00 | 006,186,928 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-rules.exe
[2010/10/01 00:47:31 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/01 00:43:02 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup-1.46.exe
[2010/09/23 00:28:58 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2005-2014 yearly calendar.xls
[2010/09/23 00:09:59 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2010/09/15 00:40:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/15 00:08:42 | 001,207,002 | ---- | M] (astrojargon.net) -- C:\Documents and Settings\Owner\Desktop\setupeosinfo.exe
[2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSEH.sys
[2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys
[2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys
[2010/08/13 18:03:32 | 000,294,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 01:37:25 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 01:37:25 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/12 08:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/12 08:15:20 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/02 15:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/23 10:23:51 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2010/10/23 10:16:48 | 097,485,034 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/10/15 18:32:11 | 000,002,086 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ark.zip
[2010/10/15 18:32:01 | 000,005,141 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/10/15 00:24:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/10/14 00:06:24 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/10/13 23:46:31 | 000,285,168 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/10/13 23:41:27 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/10/13 22:35:17 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/10/13 13:50:14 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010/10/06 21:59:32 | 2682,085,376 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/06 18:53:09 | 001,193,472 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\simpleadblock-3.msi
[2010/10/05 22:44:11 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Owner\avgrep.txt
[2010/10/05 21:34:21 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2010/10/05 21:25:35 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\HiJackThis.msi
[2010/10/05 20:50:37 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/10/05 20:49:26 | 000,420,801 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/10/05 04:49:55 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/10/04 22:10:42 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/10/04 21:58:49 | 046,899,712 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ZASETUP_92_057_000_EN.EXE
[2010/10/04 01:52:21 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/10/03 23:18:48 | 001,292,818 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SmartPopupBlocker120.exe
[2010/10/03 23:16:24 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\avira_antivir_personal_en.exe
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/10/03 22:47:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/10/03 22:47:42 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7WVJ7eA.dat
[2010/10/03 22:46:17 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/01 02:46:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/01 00:47:31 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/01 00:00:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Svenefova.dat
[2010/10/01 00:00:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kfoqepa.bin
[2010/10/01 00:00:26 | 000,843,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\qvntc.sys
[2010/09/23 00:14:02 | 000,100,864 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2005-2014 yearly calendar.xls
[2010/02/20 16:50:05 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/20 23:05:54 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/10/20 23:05:30 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/02/22 22:18:01 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/02/22 22:18:01 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
[2008/06/09 18:47:27 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/02 18:46:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctvs.dll
[2008/01/02 18:46:00 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\lxctcoin.dll
[2008/01/02 18:45:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxctcaps.dll
[2008/01/02 18:45:41 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxctdrs.dll
[2008/01/02 18:45:41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxctcnv4.dll
[2008/01/02 18:45:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctpmon.dll
[2008/01/02 18:45:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXCTFXPU.DLL
[2008/01/02 18:42:16 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCTinst.dll
[2008/01/02 18:42:13 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxctgrd.dll
[2007/09/14 21:45:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MSWHEEL.DLL
[2007/09/14 21:42:57 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/21 15:49:26 | 000,000,313 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/01 12:27:49 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/03/25 11:45:04 | 000,000,248 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2007/02/18 19:23:12 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/15 01:50:29 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/05/18 10:56:29 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/18 10:56:29 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/18 10:56:25 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/18 10:56:21 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/18 10:56:21 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/18 10:56:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/10 02:58:21 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/02/10 02:58:21 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/02/10 02:58:21 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/02/10 01:49:08 | 000,000,545 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/02/07 14:42:43 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2006/01/02 03:32:49 | 000,089,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/02 20:05:19 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/01 13:30:30 | 000,017,597 | ---- | C] () -- C:\WINDOWS\MPTBox.INI
[2005/06/01 13:27:22 | 000,000,049 | ---- | C] () -- C:\WINDOWS\SGEDIT.INI
[2005/06/01 10:21:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/06/01 00:53:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/14 21:37:59 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2005/02/14 21:37:59 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2005/02/14 21:30:53 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/02/14 21:16:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 12:12:43 | 000,001,202 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 000,000,461 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 06:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1998/07/01 10:04:30 | 000,010,144 | ---- | C] () -- C:\WINDOWS\System32\BJCHAIN.DLL

========== LOP Check ==========

[2008/01/02 18:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5400 Series
[2006/10/20 16:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/10/04 00:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/04 01:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/07/22 22:10:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/07/22 22:48:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/08/12 21:22:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2010/07/22 22:28:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2010/10/22 18:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/07/22 22:28:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2010/10/04 01:01:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/03/12 14:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/10/04 00:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/06/26 01:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2010/02/20 17:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/02/22 22:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010/10/01 02:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2008/07/08 23:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/02/23 00:32:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2008/12/09 00:51:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2010/07/05 17:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/13 19:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/04 01:39:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2005/02/14 21:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2005/02/14 21:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView
[2010/10/06 22:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Simple Adblock
[2008/01/02 18:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\5400 Series
[2010/10/06 18:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adblock Pro
[2005/06/01 14:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2010/10/04 01:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/10/05 06:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bitrix Security
[2008/02/24 17:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2007/06/19 00:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Tiberium Wars
[2010/09/30 23:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Genieo
[2009/06/05 23:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HDRsoft
[2007/09/23 12:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HorizonWimba
[2008/10/30 20:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2008/03/13 23:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2007/07/09 23:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OurPictures
[2009/03/24 22:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2005/02/14 21:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/10/06 22:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Adblock
[2008/05/21 02:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2008/09/21 22:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPORE
[2008/09/07 14:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPORE Creature Creator
[2007/03/25 11:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2008/07/29 14:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2007/06/25 14:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2010/10/23 10:30:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/10/17 00:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/10/17 17:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/10/06 18:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/10/04 01:58:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/10/06 19:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/10/06 20:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/10/16 21:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/10/13 22:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/10/16 23:58:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/10/17 00:34:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/10/17 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/10/04 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/10/03 22:47:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/10/17 18:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/10/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/10/06 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/10/06 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/10/16 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/10/13 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/10/17 00:52:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/10/03 22:46:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/10/17 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010/10/04 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/10/03 22:46:17 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2010/10/04 00:54:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2010/10/17 18:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2010/10/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2010/10/06 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/10/03 22:46:17 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/10/06 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2010/10/16 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2010/10/13 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/10/03 22:46:17 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/10/03 22:46:17 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2005/05/26 15:48:39 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2005/05/26 15:48:40 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/20 17:45:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/08/20 17:45:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/20 17:45:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/20 17:45:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/10/23 11:05:22 | 000,843,264 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\qvntc.sys

< %systemroot%\System32\config\*.sav >
[2004/08/26 06:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/26 06:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/26 06:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys
[2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys
[2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys
[2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys
[2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys
[2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/08/12 08:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys
[2010/10/23 11:05:38 | 000,843,264 | ---- | M] () -- C:\WINDOWS\system32\drivers\qvntc.sys
[2010/10/04 01:46:15 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:A4510F75

< End of report >


Extra:

OTL Extras logfile created on: 10/23/2010 10:46:40 AM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 3750 3750 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.02 Gb Total Space | 31.66 Gb Free Space | 17.39% Space Free | Partition Type: NTFS
Drive D: | 4.27 Gb Total Space | 1.68 Gb Free Space | 39.27% Space Free | Partition Type: FAT32

Computer Name: CVDESKTOP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe" = C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe:*:Enabled:DIRECTV2PC™ -- (DIRECTV Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe" = C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:*:Enabled:World in Conflict -- (Massive Entertainment AB)
"C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe" = C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Online Only -- (Massive Entertainment AB)
"C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe" = C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server -- ()
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe" = C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2 -- ()
"C:\WINDOWS\system32\lxctcoms.exe" = C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe" = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 -- ()
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe" = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update -- (Ubisoft)
"C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe" = C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe:*:Enabled:DIRECTV2PC™ -- (DIRECTV Corp.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe Edition
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0FE6C844-4243-4F5B-BC5B-E8B4C3450946}" = USB CASIO Digital Camera Device Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23C13FAA-3D67-45A6-BEF0-8F9665D3933F}" = GemAdviser 2.0
"{23DD8A17-65DB-4D49-A2E0-164C6F460E3F}" = Adobe Photoshop Lightroom 3
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 20
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon Camera WIA Driver
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{479F8C12-576B-4A58-AB78-4B70F7012AA8}" = DIRECTV2PC Playback Advisor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A81B632-07AB-4CAC-BB04-DF20DFFBFFA0}" = ArcSoft PhotoStudio 5.5
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{536BF792-7C08-4633-8ED4-28889630FC8C}" = Web Viewer
"{544FB392-069D-4BA5-9DC7-FFD47230AEE5}" = Photohands 1.0E
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta)
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty® 4 - Modern Warfare™ Demo
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{704BA20C-E4D5-4265-92B4-9768345AB76B}" = AVG 2011
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.3E
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{739F4CE3-6443-40AB-ACB3-2CF6FD3702AE}" = AVG 2011
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7CBD8A89-45F4-4203-9923-673F72603747}" = Adobe Photoshop Lightroom 2.3
"{8043219B-D2C0-4561-90AB-3F1113ED5A87}" = Zeus & Poseidon
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB6AF1C-7B7B-42F9-BAAF-7592AC9819E6}" = AVG 2011
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5770FD5-7345-47E0-BEB8-54522270D58F}" = AVG 2011
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB473954-13A0-4474-A35B-FEF29DA90C84}" = XVID Codec Installation
"{CC23FF9A-989C-4DEB-8970-50E6E4862315}" = EOSInfo
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDC63227-BA06-4855-B002-BDB49E9F677E}" = Symantec Technical Support Web Controls
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only
"{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC™
"{EC255660-F987-41C8-8416-7376305A3FE5}" = Restaurant Empire
"{EC9C7E86-A4C7-4024-87B5-707A2F1A337C}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F85D2E97-015D-4B26-8C20-20F9C7A7BAD0}" = Simple Adblock
"{F8C04C5B-8876-424D-B428-23626373D2A0}" = BlackBerry Desktop Software 5.0
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"AOL Instant Messenger" = AOL Instant Messenger
"AVG" = AVG 2011
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Axis & Allies Iron Blitz" = Axis & Allies Iron Blitz
"Axis and Allies" = Axis and Allies
"Battlefield2 Map Bocage 2005 Bot Support" = Battlefield2 Map Bocage 2005 Bot Support
"Battlefield2 Map El Alamein Day1 Bot Support" = Battlefield2 Map El Alamein Day1 Bot Support
"Battlefield2 Map Hamburger Hill 2005 Bot Support" = Battlefield2 Map Hamburger Hill 2005 Bot Support
"BF2: Melbourne - CO-OP" = BF2: Melbourne - CO-OP
"BigFix" = BigFix
"BlackBerry_{F8C04C5B-8876-424D-B428-23626373D2A0}" = BlackBerry Desktop Software 5.0
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon iP4700 series User Registration" = Canon iP4700 series User Registration
"Canon MOV Decoder" = Canon MOV Decoder
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"Community Map Pack IV" = Community Map Pack IV 1.0
"Crysis WARHEAD®" = Crysis WARHEAD®
"CSCLIB" = Canon Camera Support Core Library
"Data Entry Test 2004_is1" = Data Entry Test 2004 Version 5.0.1
"DoremiSoft AVI to MP4 Converter" = DoremiSoft AVI to MP4 Converter 1.0
"DPP" = Canon Utilities Digital Photo Professional 3.6
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint" = Easy-WebPrint
"eGames GameButler" = eGames GameButler
"EOS Utility" = Canon Utilities EOS Utility
"EphPod" = EphPod
"Excel QM 2" = Excel QM 2
"Free WMV to AVI MPEG Converter_is1" = Free WMV to AVI MPEG Converter v1.2
"Galactic Civilizations II" = Galactic Civilizations II
"Inquisition Daemonhunt" = Inquisition Daemonhunt
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon EOS-1D Mark II N WIA Driver
"InstallShield_{479F8C12-576B-4A58-AB78-4B70F7012AA8}" = DIRECTV2PC Playback Advisor
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty® 4 - Modern Warfare™ Demo
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC™
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Lexmark 5400 Series" = Lexmark 5400 Series
"L'île du Diable" = L'île du Diable
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matrah City v2.0 with Single Player Support" = Matrah City v2.0 with Single Player Support
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Money2006a" = MSN Money Investment Toolbox
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NAW BF2 Kyzyl Kum Map" = NAW BF2 Kyzyl Kum Map
"Neat Image_is1" = Neat Image v5 Demo (with plug-in)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NVIDIA Drivers" = NVIDIA Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotomatixPro3_is1" = Photomatix Pro version 3.1.3
"PhotoStage" = PhotoStage Slideshow Producer
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"PLATO Web Learning Network Clients" = PLATO Web Learning Network Clients
"PROSet" = Intel® PRO Network Adapters and Drivers
"PunkBusterSvc" = PunkBuster Services
"QM for Windows (Version 2)" = QM for Windows (Version 2)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sins of a Solar Empire" = Sins of a Solar Empire
"Stardock Central" = Stardock Central
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SystemRequirementsLab" = System Requirements Lab
"The General_is1" = The General 3.4
"Tyranid_Mod_v04" = Dawn of War - Tyranid Mod v0.4
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2630321381-1652112855-2686922921-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"I-Doser v4" = I-Doser v4
"myHomey" = Homey

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2010 6:31:36 PM | Computer Name = CVDESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/22/2010 6:41:12 PM | Computer Name = CVDESKTOP | Source = MsiInstaller | ID = 1013
Description = Product: AVG 2011 -- We have detected that ZoneAlarm is already installed
on your system, therefore the installation can not continue. We recommend that
you uninstall this product first and then try to launch the installation again.

Error - 10/22/2010 6:41:13 PM | Computer Name = CVDESKTOP | Source = MsiInstaller | ID = 1013
Description = Product: AVG 2011 -- We have detected that ZoneAlarm is already installed
on your system, therefore the installation can not continue. We recommend that
you uninstall this product first and then try to launch the installation again.

Error - 10/22/2010 6:44:44 PM | Computer Name = CVDESKTOP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 10/22/2010 6:44:47 PM | Computer Name = CVDESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/22/2010 6:44:47 PM | Computer Name = CVDESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/22/2010 6:44:50 PM | Computer Name = CVDESKTOP | Source = Application Error | ID = 1001
Description = Fault bucket 1271752061.

Error - 10/23/2010 10:10:49 AM | Computer Name = CVDESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/23/2010 10:23:18 AM | Computer Name = CVDESKTOP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module mshtml.dll, version 6.0.2900.6003, fault address 0x000bf28b.

Error - 10/23/2010 10:23:24 AM | Computer Name = CVDESKTOP | Source = Application Error | ID = 1001
Description = Fault bucket 2000964981.

[ System Events ]
Error - 10/23/2010 10:23:47 AM | Computer Name = CVDESKTOP | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 10/23/2010 10:23:57 AM | Computer Name = CVDESKTOP | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 10/23/2010 10:28:38 AM | Computer Name = CVDESKTOP | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 10/23/2010 10:28:38 AM | Computer Name = CVDESKTOP | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%2

Error - 10/23/2010 10:41:22 AM | Computer Name = CVDESKTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
CVNOTEBOOK that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{7201365F-F83F-42A. The master browser is stopping or an election is
being forced.

Error - 10/23/2010 10:43:42 AM | Computer Name = CVDESKTOP | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 10/23/2010 10:43:46 AM | Computer Name = CVDESKTOP | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 10/23/2010 10:58:00 AM | Computer Name = CVDESKTOP | Source = Schedule | ID = 7901
Description = The At11.job command failed to start due to the following error: %%2147942402

Error - 10/23/2010 11:00:00 AM | Computer Name = CVDESKTOP | Source = Schedule | ID = 7901
Description = The At36.job command failed to start due to the following error: %%2147942402

Error - 10/23/2010 11:00:00 AM | Computer Name = CVDESKTOP | Source = Schedule | ID = 7901
Description = The At60.job command failed to start due to the following error: %%2147942402


< End of report >


Please let me know if there is anything else you need or I can do. Thank you once again!

#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:50 PM

Posted 23 October 2010 - 11:14 AM

Hi Dazed_&_Confused,



I do not recommend that you have more than one anti virus product installed and running on your computer at a time. In your case, you have an AVG Antivirus, and Avira.
The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".
It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

If AVG is likely to be removed, please uninstall it via Add/Remove programs. After that, go to Here to download AVG remover to clean the leftovers.



Step1


  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\6to4v32.dll -- (6to4)
    IE - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O4 - HKLM..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE File not found
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] File not found
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE File not found
    O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O15 - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\..Trusted Domains: drexel.edu ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\..Trusted Domains: p0rt2.com ([]* in Trusted sites)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O32 - Unable to obtain root file information for disk D:\
    O33 - MountPoints2\{5ab29321-7eef-11d9-9d2e-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{5ab29321-7eef-11d9-9d2e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9e779e7e-c488-11dd-a2d0-00132030f282}\Shell\Shell00\Command - "" = L:\Start.exe -- File not found
    O33 - MountPoints2\{a3b6205d-18e2-11de-a340-00132030f282}\Shell\AutoRun\command - "" = L:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{a3b6205d-18e2-11de-a340-00132030f282}\Shell\slacker\command - "" = L:\slacker.synclauncher.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O36 - AppCertDlls: drwtcess - (C:\WINDOWS\system32\chkdprep.dll) - C:\WINDOWS\System32\chkdprep.dll File not found
    [2010/10/04 21:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Bitrix Security
    [2010/10/18 00:22:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/10/04 00:54:47 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7WVJ7eA.dat
    [2010/08/13 01:37:25 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/13 01:37:25 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    
    :Files
    C:\WINDOWS\tasks\At*.job
    C:\WINDOWS\system32\drivers\qvntc.sys
    C:\WINDOWS\System32\6to4v32.dll 
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [start explorer]
    [Reboot]
    
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.

Step2

  • If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  • Please visit this webpage for download links, and instructions for running the tool:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow Combofix to continue scanning for malware.
  • When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.
  • Do not mouse click on Combofix while it is running. That may cause it to stall.


In your next reply, please post back:

1.OTL delete log
2.ComboFix log

Let me know if you have any remaining issues on your pc.

#8 Dazed_&_Confused

Dazed_&_Confused
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 23 October 2010 - 03:09 PM

Hi sundavis!

Thank you for the quick reply!!!

Which would you recommend, Avira or AVG? Or, do have another program that you would recommend?

Per your request:

OTL delete log:

All processes killed
========== OTL ==========
Service 6to4 stopped successfully!
Service 6to4 deleted successfully!
File C:\WINDOWS\System32\6to4v32.dll not found.
HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2630321381-1652112855-2686922921-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AlcFDMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\High Definition Audio Property Page Shortcut deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Recguard deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ShowWnd deleted successfully.
C:\WINDOWS\ShowWnd.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2630321381-1652112855-2686922921-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drexel.edu\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2630321381-1652112855-2686922921-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\p0rt2.com\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ab29321-7eef-11d9-9d2e-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ab29321-7eef-11d9-9d2e-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ab29321-7eef-11d9-9d2e-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ab29321-7eef-11d9-9d2e-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e779e7e-c488-11dd-a2d0-00132030f282}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e779e7e-c488-11dd-a2d0-00132030f282}\ not found.
File L:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3b6205d-18e2-11de-a340-00132030f282}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3b6205d-18e2-11de-a340-00132030f282}\ not found.
File L:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3b6205d-18e2-11de-a340-00132030f282}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3b6205d-18e2-11de-a340-00132030f282}\ not found.
File L:\slacker.synclauncher.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\drwtcess:C:\WINDOWS\system32\chkdprep.dll deleted successfully.
C:\Documents and Settings\Owner\Application Data\Bitrix Security folder moved successfully.
C:\WINDOWS\system32\d3d9caps.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\7WVJ7eA.dat moved successfully.
C:\WINDOWS\system32\perfh009.dat moved successfully.
C:\WINDOWS\system32\perfc009.dat moved successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
File move failed. C:\WINDOWS\system32\drivers\qvntc.sys scheduled to be moved on reboot.
File\Folder C:\WINDOWS\System32\6to4v32.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Guest
->Temp folder emptied: 64 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 51719 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 52267809 bytes
->Flash cache emptied: 12683 bytes

User: Owner
->Temp folder emptied: 2380343634 bytes
->Temporary Internet Files folder emptied: 161637283 bytes
->Java cache emptied: 165438072 bytes
->FireFox cache emptied: 1555587 bytes
->Flash cache emptied: 89514 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 46705 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 410565117 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 77579328 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 157232 bytes

Total Files Cleaned = 3,099.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Guest

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.16.0 log created on 10232010_140110

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\qvntc.sys scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WV6FY1QH\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1193959;content=;section=;;rsi=D05509_10656;rsi=D05509_10549;dcopt=ist;tile=6;sz=468x6[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WV6FY1QH\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1193966;content=;section=;;rsi=D05509_10549;dcopt=ist;tile=6;sz=468x60,728x90;ord=6968[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WV6FY1QH\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1193966;content=;section=;;rsi=D05509_10549;tile=3;sz=120x160;ord=6968629582146735[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WV6FY1QH\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1194122;content=;section=;;rsi=D05509_10549;tile=3;sz=120x160;ord=3473648071742538[1].5 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WV6FY1QH\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=MOL_SKY_ART;page=art;article=1193966;content=;section=;;rsi=D05509_10549;tile=2;sz=120x600;ord=696862958[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JUN1P9ZZ\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1193959;content=;section=;;rsi=D05509_10656;rsi=D05509_10549;tile=5;sz=300x250;ord=992[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JUN1P9ZZ\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1193966;content=;section=;;rsi=D05509_10549;tile=5;sz=300x250;ord=6968629582146735[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JUN1P9ZZ\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1194122;content=;section=;;rsi=D05509_10549;dcopt=ist;tile=6;sz=468x60,728x90;ord=347364[1].5 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JUN1P9ZZ\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1194122;content=;section=;;rsi=D05509_10549;tile=1;sz=468x15;ord=3473648071742538[1].5 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JUN1P9ZZ\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=MOL_SKY_ART;page=art;article=1193959;content=;section=;;rsi=D05509_10656;rsi=D05509_10549;tile=2;sz=120x[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I5SVYXWP\clowney_Classic-Toys_W0QQcatrefZC6QQdfspZ32QQfposZ19128QQfromZR2QQfsooZ2QQfsopZ32QQftrtZ1QQftrvZ1QQsabfmtsZ1QQsacatZ19016QQsadisZ200QQsaobfmtsZinsifQQsargnZQ2d1QQsaslcZ2QQs[1].htm not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I5SVYXWP\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1193959;content=;section=;;rsi=D05509_10656;rsi=D05509_10549;tile=1;sz=468x15;ord=9929[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I5SVYXWP\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1193959;content=;section=;;rsi=D05509_10656;rsi=D05509_10549;tile=3;sz=120x160;ord=992[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I5SVYXWP\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1193959;content=;section=;;rsi=D05509_10656;rsi=D05509_10549;tile=4;sz=120x240;ord=992[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I5SVYXWP\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1193966;content=;section=;;rsi=D05509_10549;tile=4;sz=120x240;ord=6968629582146735[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I5SVYXWP\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1193966;content=;section=;;rsi=D05509_10549;tile=7;sz=1x1;ord=6968629582146735[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I5SVYXWP\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1194122;content=;section=;;rsi=D05509_10549;tile=4;sz=120x240;ord=3473648071742538[1].5 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I5SVYXWP\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1194122;content=;section=;;rsi=D05509_10549;tile=5;sz=300x250;ord=3473648071742538[1].5 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I5SVYXWP\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1194122;content=;section=;;rsi=D05509_10549;tile=7;sz=1x1;ord=3473648071742538[1].5 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ER03ZGTW\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1193959;content=;section=;;rsi=D05509_10656;rsi=D05509_10549;tile=7;sz=1x1;ord=9929432[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ER03ZGTW\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=;page=art;article=1193966;content=;section=;;rsi=D05509_10549;tile=1;sz=468x15;ord=6968629582146735[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ER03ZGTW\dm_dmtvshowbiz_tvshowbizart;area=tvshowbiz;subarea=tvshowbiz;target=MOL_SKY_ART;page=art;article=1194122;content=;section=;;rsi=D05509_10549;tile=2;sz=120x600;ord=34736480717[1].5 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CZBTZT32\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=F;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=f;F10=f;F11=f;F12=f;F13=f;F14=f;F15=f;F16=f;F17=t[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CZBTZT32\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=F;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=f;F10=f;F11=f;F12=f;F13=f;F14=f;F15=f;F16=f;F17=t[3] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\9129HTPE\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=F;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=f;F10=f;F11=f;F12=f;F13=f;F14=f;F15=f;F16=f;F17=t[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\9129HTPE\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=F;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=f;F10=f;F11=f;F12=f;F13=f;F14=f;F15=f;F16=f;F17=t[3] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8XUJWL6F\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=F;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=f;F10=f;F11=f;F12=f;F13=f;F14=f;F15=f;F16=f;F17=t[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\6U23Y6ZX\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=F;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=f;F10=f;F11=f;F12=f;F13=f;F14=f;F15=f;F16=f;F17=t[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\6U23Y6ZX\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=F;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=f;F10=f;F11=f;F12=f;F13=f;F14=f;F15=f;F16=f;F17=t[3] not found!
C:\Documents and Settings\Owner\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF73C0.tmp moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IJPU5CVA\topic351966[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\ZLT05301.TMP not found!

Registry entries deleted on Reboot...


ComboFix log:

ComboFix 10-10-22.05 - Owner 10/23/2010 14:53:55.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1846 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\{A368ADEA-12D7-4B8B-B2F9-B1210E014416}
c:\documents and settings\Owner\Local Settings\Application Data\{A368ADEA-12D7-4B8B-B2F9-B1210E014416}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{A368ADEA-12D7-4B8B-B2F9-B1210E014416}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{A368ADEA-12D7-4B8B-B2F9-B1210E014416}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{A368ADEA-12D7-4B8B-B2F9-B1210E014416}\install.rdf
c:\windows\Downloaded Program Files\Temp
c:\windows\system32\spool\prtprocs\w32x86\CNMPP75.DLL
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-23 18:01 . 2010-10-23 18:01 -------- d-----w- C:\_OTL
2010-10-07 02:49 . 2010-10-07 02:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\Simple Adblock
2010-10-07 01:28 . 2010-10-07 01:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-06 22:54 . 2010-10-07 02:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Simple Adblock
2010-10-06 22:53 . 2010-10-06 22:53 -------- d-----w- c:\program files\Common Files\Simple Adblock
2010-10-06 22:22 . 2010-10-06 22:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Adblock Pro
2010-10-06 22:22 . 2010-10-06 22:27 -------- d-----w- c:\program files\Adblock Pro
2010-10-06 03:09 . 2010-10-06 03:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-10-06 02:57 . 2010-10-06 02:57 -------- d-----w- C:\$AVG
2010-10-06 01:34 . 2010-10-06 01:34 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-06 00:50 . 2010-06-23 17:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-10-06 00:49 . 2010-06-23 17:51 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-10-06 00:49 . 2010-06-23 17:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-10-06 00:49 . 2010-10-06 00:50 -------- d-----w- c:\windows\system32\ZoneLabs
2010-10-06 00:49 . 2010-10-06 00:49 -------- d-----w- c:\program files\Zone Labs
2010-10-06 00:47 . 2010-10-23 18:36 -------- d-----w- c:\windows\Internet Logs
2010-10-05 08:49 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-05 02:11 . 2010-10-05 02:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-10-05 02:11 . 2010-10-06 01:38 -------- d-----w- c:\program files\Yahoo!
2010-10-05 02:10 . 2010-10-05 02:11 -------- d-----w- c:\program files\CCleaner
2010-10-05 01:48 . 2010-10-05 01:48 -------- d-----w- c:\program files\Trend Micro
2010-10-05 01:41 . 2010-10-05 10:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-05 01:41 . 2010-10-05 02:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-04 05:46 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-10-04 05:46 . 2010-10-04 05:46 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-04 05:40 . 2010-10-04 05:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2010-10-04 05:37 . 2010-10-04 05:37 -------- d-----w- c:\program files\Lavasoft
2010-10-04 05:37 . 2010-10-04 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-10-04 05:19 . 2010-10-06 21:49 -------- d-----w- c:\windows\system32\NtmsData
2010-10-04 05:15 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-04 05:15 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-04 05:15 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-04 05:15 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-04 05:15 . 2010-10-04 05:15 -------- d-----w- c:\program files\Avira
2010-10-04 05:15 . 2010-10-04 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-10-04 05:03 . 2010-10-04 05:03 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG10
2010-10-04 05:01 . 2010-10-04 05:01 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-04 04:59 . 2010-10-23 14:16 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-04 04:59 . 2010-10-04 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-04 04:59 . 2010-10-04 04:59 -------- d-----w- c:\program files\AVG
2010-10-04 04:15 . 2010-10-04 04:15 -------- d-----w- c:\program files\Alwil Software
2010-10-04 04:15 . 2010-10-04 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-04 04:10 . 2010-10-04 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-04 04:06 . 2010-10-04 05:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-10-01 04:47 . 2010-10-01 04:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-10-01 04:47 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 04:47 . 2010-10-01 04:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 04:47 . 2010-10-01 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-01 04:47 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 04:00 . 2010-10-04 04:13 0 ----a-w- c:\windows\Kfoqepa.bin
2010-10-01 04:00 . 2010-10-23 19:14 843264 ----a-w- c:\windows\system32\drivers\qvntc.sys
2010-10-01 03:59 . 2010-10-01 03:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Genieo
2010-10-01 03:58 . 2010-10-01 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-09-30 22:11 . 2010-09-30 22:11 -------- d-s---w- c:\documents and settings\NetworkService\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 20:27 . 2010-09-13 20:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-07 07:49 . 2010-09-07 07:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 07:48 . 2010-09-07 07:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 07:48 . 2010-09-07 07:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 07:48 . 2010-09-07 07:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-20 01:42 . 2010-08-20 01:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-20 01:42 . 2010-08-20 01:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-20 01:42 . 2010-08-20 01:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-17 13:17 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\spoolsv.exe
.
<pre>
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\QuickTime\qttask  .exe
c:\windows\ALCFDRTM .exe
c:\windows\SMINST\RECGUARD .exe
c:\windows\system32\HDAShCut .exe
c:\windows\system32\rundll32 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"CHotkey"="zHotkey.exe" [2004-05-18 543232]
"SoundMan"="SOUNDMAN.EXE" [2005-05-12 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-12 2805248]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 106496]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0lsdelete\0c:\progra~1\avg\avg10\avgchsvx.exe /sync\0c:\progra~1\avg\avg10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-05-14 02:05 623888 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-06-07 03:05 98304 ----a-w- c:\program files\Lexmark 5400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
2006-07-10 23:30 294912 ----a-w- c:\program files\Lexmark 5400 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
2006-06-20 13:37 286720 ----a-w- c:\program files\Lexmark 5400 Series\lxctmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-02-18 18:44 13680640 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 03:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System32]
c:\windows\system32\winds32.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\DirecTV\\DirecTV\\DIRECTV2PC™.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/4/2010 1:46 AM 64288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 298448]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/4/2010 1:15 AM 135336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [9/3/2010 10:35 AM 6104144]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [9/10/2010 1:45 AM 265400]
R2 CLDTVHNService;CLDTVHNService;c:\program files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [9/17/2009 7:40 PM 75048]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1356952]
R2 ntk_dtv;ntk_dtv;c:\program files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys [9/17/2009 7:40 PM 119792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/8/2008 11:20 PM 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 26192]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 8:15 AM 15008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 2:10 AM 135664]

--- Other Services/Drivers In Memory ---

*Deregistered* - qvntc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E6B8F294-AA38-4BBE-8386-8491C944B1F6}]
c:\documents and settings\Owner\Application Data\Bitrix Security\qgace71.dll [N/A]
.
Contents of the 'Scheduled Tasks' folder

2010-10-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 05:46]

2010-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 06:09]

2010-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 06:09]

2005-05-26 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]

2005-05-26 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gatewaybiz.com
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java
.
- - - - ORPHANS REMOVED - - - -

AddRemove-NAW BF2 Kyzyl Kum Map - c:\windows\NAW BF2 Kyzyl Kum Map\N.A.W



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 15:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qvntc]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2630321381-1652112855-2686922921-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2630321381-1652112855-2686922921-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e8,4c,99,06,4f,6d,fd,f9,94,56,a4,c0,f2,6a,bb,35,7a,8e,eb,46,aa,bc,44,
63,b2,a4,b7,11,33,40,8d,87,c9,71,cf,9c,1f,bc,c0,83,01,e9,3c,4b,49,8f,a5,d8,\
"??"=hex:f9,0c,7c,67,67,d1,43,0e,b6,57,97,9f,a1,ff,a6,9a

[HKEY_USERS\S-1-5-21-2630321381-1652112855-2686922921-1003\Software\SecuROM\License information*]
"datasecu"=hex:26,42,d8,33,72,3a,aa,66,3e,2c,f9,a5,90,87,2e,4d,ad,31,93,47,12,
f6,2e,9b,f7,fc,27,c3,f8,ea,1d,7b,e3,e8,90,b9,eb,6f,ed,46,d0,51,54,7e,da,0a,\
"rkeysecu"=hex:61,42,02,05,e9,68,94,86,06,71,99,53,44,08,22,0f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-10-23 15:36:43
ComboFix-quarantined-files.txt 2010-10-23 19:36

Pre-Run: 36,752,609,280 bytes free
Post-Run: 36,711,297,024 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9C1F77197E12BD6E1F55C2192D8D095F

Thank you again!!!

#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:50 PM

Posted 23 October 2010 - 03:53 PM

Hi Dazed_&_Confused,


Which would you recommend, Avira or AVG? Or, do have another program that you would recommend?

The answer seemed to be responsed already as follows:

If AVG is likely to be removed, please uninstall it via Add/Remove programs. After that, go to Here to download AVG remover to clean the leftovers


After that, Go into the Control Panel (Classic View) and double-click the Java Icon. (looks like a coffee cup)

On the Update tab, click on Update Now buttons. When done, press Apply and OK the button. Then clear your java cache as instructed in this thread .




Step1

  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
c:\windows\system32\drivers\qvntc.sys
c:\windows\system32\winds32.exe 
RenV:: 
c:\program files\Common Files\Symantec Shared\ccApp .exe 
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe 
c:\program files\QuickTime\qttask  .exe 
c:\windows\ALCFDRTM .exe 
c:\windows\SMINST\RECGUARD .exe 
c:\windows\system32\HDAShCut .exe 
c:\windows\system32\rundll32 .exe
Driver::
qvntc
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qvntc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System32]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E6B8F294-AA38-4BBE-8386-8491C944B1F6}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"=-
"5000:TCP"=-
"5001:TCP"=-
"5002:TCP"=-
"5003:TCP"=-
"5004:TCP"=-
"5005:TCP"=-
"5006:TCP"=-
"5007:TCP"=-
"5008:TCP"=-
"5009:TCP"=-
"5010:TCP"=-
"5011:TCP"=-
"5012:TCP"=-
"5013:TCP"=-
"5014:TCP"=-
"5015:TCP"=-
"5016:TCP"=-
"5017:TCP"=-
"5018:TCP"=-
"5019:TCP"=-
"5020:TCP"=-


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step2


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step3


Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.

  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.


1.ComboFix log
2.Kas Online Scan Report

Let me know if you have any remaining issues on your pc.

#10 Dazed_&_Confused

Dazed_&_Confused
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 24 October 2010 - 04:43 PM

Hi sundavis!

Thank you again for the help and the quick reply!

I've removed AVG as directed and ran the scans are you requested - logs are posted below.

Thank you again!

ComboFix_log:

ComboFix 10-10-22.05 - Owner 10/23/2010 22:43:36.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2041 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\system32\drivers\qvntc.sys"
"c:\windows\system32\winds32.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\qvntc.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QVNTC
-------\Service_qvntc


((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 )))))))))))))))))))))))))))))))
.

2010-10-24 02:29 . 2010-10-24 02:29 -------- d-----w- c:\program files\Common Files\Java
2010-10-23 18:01 . 2010-10-23 18:01 -------- d-----w- C:\_OTL
2010-10-07 02:49 . 2010-10-07 02:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\Simple Adblock
2010-10-07 01:28 . 2010-10-07 01:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-06 22:54 . 2010-10-07 02:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Simple Adblock
2010-10-06 22:53 . 2010-10-06 22:53 -------- d-----w- c:\program files\Common Files\Simple Adblock
2010-10-06 22:22 . 2010-10-06 22:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Adblock Pro
2010-10-06 22:22 . 2010-10-06 22:27 -------- d-----w- c:\program files\Adblock Pro
2010-10-06 03:09 . 2010-10-06 03:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-10-06 01:34 . 2010-10-06 01:34 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-06 00:50 . 2010-06-23 17:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-10-06 00:49 . 2010-06-23 17:51 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-10-06 00:49 . 2010-06-23 17:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-10-06 00:49 . 2010-10-06 00:50 -------- d-----w- c:\windows\system32\ZoneLabs
2010-10-06 00:49 . 2010-10-06 00:49 -------- d-----w- c:\program files\Zone Labs
2010-10-06 00:47 . 2010-10-24 02:56 -------- d-----w- c:\windows\Internet Logs
2010-10-05 08:49 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-05 02:11 . 2010-10-05 02:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-10-05 02:11 . 2010-10-06 01:38 -------- d-----w- c:\program files\Yahoo!
2010-10-05 02:10 . 2010-10-05 02:11 -------- d-----w- c:\program files\CCleaner
2010-10-05 01:48 . 2010-10-05 01:48 -------- d-----w- c:\program files\Trend Micro
2010-10-05 01:41 . 2010-10-05 10:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-05 01:41 . 2010-10-05 02:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-04 05:46 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-10-04 05:46 . 2010-10-04 05:46 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-04 05:40 . 2010-10-04 05:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2010-10-04 05:37 . 2010-10-04 05:37 -------- d-----w- c:\program files\Lavasoft
2010-10-04 05:37 . 2010-10-04 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-10-04 05:19 . 2010-10-06 21:49 -------- d-----w- c:\windows\system32\NtmsData
2010-10-04 05:15 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-04 05:15 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-04 05:15 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-04 05:15 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-04 05:15 . 2010-10-04 05:15 -------- d-----w- c:\program files\Avira
2010-10-04 05:15 . 2010-10-04 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-10-04 05:03 . 2010-10-04 05:03 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG10
2010-10-04 05:01 . 2010-10-04 05:01 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-04 04:15 . 2010-10-04 04:15 -------- d-----w- c:\program files\Alwil Software
2010-10-04 04:15 . 2010-10-04 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-04 04:10 . 2010-10-04 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-04 04:06 . 2010-10-04 05:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-10-01 04:47 . 2010-10-01 04:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-10-01 04:47 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 04:47 . 2010-10-01 04:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 04:47 . 2010-10-01 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-01 04:47 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 04:00 . 2010-10-04 04:13 0 ----a-w- c:\windows\Kfoqepa.bin
2010-10-01 03:59 . 2010-10-01 03:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Genieo
2010-10-01 03:58 . 2010-10-01 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-09-30 22:11 . 2010-09-30 22:11 -------- d-s---w- c:\documents and settings\NetworkService\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 08:50 . 2010-05-12 03:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 06:29 . 2009-03-21 01:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-17 13:17 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"CHotkey"="zHotkey.exe" [2004-05-18 543232]
"SoundMan"="SOUNDMAN.EXE" [2005-05-12 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-12 2805248]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 106496]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-05-14 02:05 623888 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-06-07 03:05 98304 ----a-w- c:\program files\Lexmark 5400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
2006-07-10 23:30 294912 ----a-w- c:\program files\Lexmark 5400 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
2006-06-20 13:37 286720 ----a-w- c:\program files\Lexmark 5400 Series\lxctmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-02-18 18:44 13680640 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 03:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-18 17:52 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\DirecTV\\DirecTV\\DIRECTV2PC™.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/4/2010 1:46 AM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/4/2010 1:15 AM 135336]
R2 CLDTVHNService;CLDTVHNService;c:\program files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [9/17/2009 7:40 PM 75048]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1356952]
R2 ntk_dtv;ntk_dtv;c:\program files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys [9/17/2009 7:40 PM 119792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/8/2008 11:20 PM 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 2:10 AM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 8:15 AM 15008]
.
Contents of the 'Scheduled Tasks' folder

2010-10-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 05:46]

2010-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 06:09]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 06:09]

2005-05-26 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]

2005-05-26 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gatewaybiz.com
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 22:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2630321381-1652112855-2686922921-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2630321381-1652112855-2686922921-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e8,4c,99,06,4f,6d,fd,f9,94,56,a4,c0,f2,6a,bb,35,7a,8e,eb,46,aa,bc,44,
63,b2,a4,b7,11,33,40,8d,87,c9,71,cf,9c,1f,bc,c0,83,01,e9,3c,4b,49,8f,a5,d8,\
"??"=hex:f9,0c,7c,67,67,d1,43,0e,b6,57,97,9f,a1,ff,a6,9a

[HKEY_USERS\S-1-5-21-2630321381-1652112855-2686922921-1003\Software\SecuROM\License information*]
"datasecu"=hex:26,42,d8,33,72,3a,aa,66,3e,2c,f9,a5,90,87,2e,4d,ad,31,93,47,12,
f6,2e,9b,f7,fc,27,c3,f8,ea,1d,7b,e3,e8,90,b9,eb,6f,ed,46,d0,51,54,7e,da,0a,\
"rkeysecu"=hex:61,42,02,05,e9,68,94,86,06,71,99,53,44,08,22,0f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4008)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxctcoms.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\zHotkey.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-10-23 23:05:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-24 03:04
ComboFix2.txt 2010-10-23 19:36

Pre-Run: 40,716,771,328 bytes free
Post-Run: 40,591,224,832 bytes free

- - End Of File - - 726C9CB45FAF6269985377B946E17E37


KAS log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 24, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, October 24, 2010 12:23:42
Records in database: 4176408
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 166542
Threats found: 1
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 06:40:13


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\qvntc.sys.vir Infected: Rootkit.Win32.Bubnix.azv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_qvntc_.sys.zip Infected: Rootkit.Win32.Bubnix.azv 1
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP10\A0008502.sys Infected: Rootkit.Win32.Bubnix.azv 1

Selected area has been scanned.

#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:50 PM

Posted 24 October 2010 - 06:55 PM

Hi Dazed_&_Confused,




As far as those infected objects listed in the Kaspersky report, Qoobox is ComboFix quarantine folder and System restored points will be purified by flushing the System Restore Points, which we are going to do now.

Other than that, your system appears to be clean now. :thumbsup: If you have no remaining issues on your pc, lets do some tidy up and you should be good to go.



Step1

Click START then RUN
Now copy/paste ComboFix /Uninstall in the runbox and click OK.
Note the space between the X and the /Uninstall, it needs to be there.

Posted Image

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Step2

Start OTL from your desktop.
  • Double click OTL and let it run
  • Then Click the Cleanup button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:


  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Update all programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  • Backup your valid registry -ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Due to malware affects, a corrupt registry can prevent a system from booting. You're well advised to backup your valid registry while the system is clean now. For more info: Here and Here .


Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

#12 Dazed_&_Confused

Dazed_&_Confused
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 24 October 2010 - 10:33 PM

sundavis,

Thank you, thank you, thank you!

I am extremely grateful and appreciative for all your help and patience!

Thank you, once again!

Sincerely,

Dazed_&_Confused

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:50 PM

Posted 25 October 2010 - 01:24 PM

Since this issue appears resolved ... this Topic is closed.

Glad to have helped.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users