Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked, Please Help Logs attached


  • This topic is locked This topic is locked
31 replies to this topic

#1 Ronnie713

Ronnie713

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 17 October 2010 - 03:30 PM

I do not know what all has been comprimised but I have user accounts and network connections popping up that I did not set up. I think I have been hacked. Any help is appreciated, Thank You.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 12:17:08.45 on Sun 10/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.89 [GMT -5:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\AOL\1144202678\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1144202678\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1144202678\EE\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\AOL\1144202678\EE\aolsoftware.exe
C:\Program Files\AOL 9.5b\waol.exe
C:\Program Files\AOL 9.5b\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\internet download manager\idman5.17.5_full_www.depodepo.fr\idman5.17.5 full\idman5.17.5.full\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Ask Toolbar
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.5b\AOL.EXE" -b
mRun: [CARPService] carpserv.exe
mRun: [HostManager] c:\program files\common files\aol\1144202678\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [HornetMonitor] c:\program files\common files\hornet\MntrHrnt.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: Download all links with IDM - c:\internet download manager\idman5.17.5_full_www.depodepo.fr\idman5.17.5 full\idman5.17.5.full\IEGetAll.htm
IE: Download FLV video content with IDM - c:\internet download manager\idman5.17.5_full_www.depodepo.fr\idman5.17.5 full\idman5.17.5.full\IEGetVL.htm
IE: Download with IDM - c:\internet download manager\idman5.17.5_full_www.depodepo.fr\idman5.17.5 full\idman5.17.5.full\IEExt.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: connwsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-9-27 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-9-27 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-27 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-27 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-27 243024]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-27 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-9-27 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-9-27 5897808]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-9-27 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-9-27 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-9-27 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-9-27 26192]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-12-29 11520]
S3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\alifir.sys [2006-4-4 26624]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-9-27 30104]
S3 JumpShot;Lexar Media USB Compact Flash Driver;c:\windows\system32\drivers\LEXAR2K.SYS [2001-10-19 16969]
S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [2008-3-19 9760]
S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [2010-9-6 131776]

=============== Created Last 30 ================

2010-09-30 22:36:15 0 d-----w- c:\program files\Cobian Backup 8
2010-09-30 01:01:46 0 d-----w- C:\Internet Download Manager
2010-09-29 19:40:45 0 d-----w- c:\program files\AOL 9.5b
2010-09-29 07:42:35 0 d--h--w- C:\$AVG
2010-09-28 23:23:27 54156 ---ha-w- c:\windows\QTFont.qfn
2010-09-28 23:23:27 1409 ----a-w- c:\windows\QTFont.for
2010-09-28 00:55:53 0 d-----w- c:\docume~1\owner\applic~1\AVG9
2010-09-28 00:06:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-27 22:31:40 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-09-27 22:31:39 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-27 22:31:22 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-27 22:31:01 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-27 22:30:55 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-09-27 22:30:16 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-09-27 22:29:01 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-09-27 22:29:01 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-09-27 22:28:56 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-09-27 18:39:34 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-09-27 18:38:54 0 d-----w- c:\program files\PC Connectivity Solution
2010-09-27 18:37:55 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-09-27 15:58:23 5644 ----a-w- c:\windows\desctemp.dat
2010-09-27 14:20:48 0 d-----w- c:\docume~1\owner\applic~1\Samsung
2010-09-27 14:01:56 174592 ----a-w- c:\windows\system32\framedyn.dll
2010-09-27 14:00:17 0 d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-09-27 13:59:39 766 ----a-w- c:\windows\system32\Uninstall.ico
2010-09-27 13:59:13 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-09-20 15:42:22 0 d-----w- c:\docume~1\owner\applic~1\Thinstall
2010-09-18 20:23:25 0 d-----w- c:\docume~1\alluse~1\applic~1\PixelPlanet
2010-09-18 20:23:03 0 d-----w- c:\program files\common files\XpressUpdate
2010-09-18 20:23:02 0 d-----w- c:\program files\PixelPlanet
2010-09-18 20:23:02 0 d-----w- c:\docume~1\owner\applic~1\PixelPlanet
2010-09-18 20:18:46 0 d-----w- c:\program files\WinDjView
2010-09-18 19:47:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Screentime

==================== Find3M ====================

2010-09-29 18:38:58 35840 ----a-w- c:\windows\system32\rcimlby11.exe
2010-09-07 02:37:49 290816 ------w- c:\windows\Setup1.exe
2010-09-07 02:37:47 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-13 12:53:02 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2008-09-18 10:10:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 12:18:42.67 ===============




Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 AM

Posted 27 October 2010 - 06:47 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    winlogon.exe
    wininit.exe
    explorer.exe
    hlp.dat
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Ronnie713

Ronnie713
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 30 October 2010 - 09:51 PM

Thanks so much for the reply, The otl scans are attached.


OTL logfile created on: 10/30/2010 9:25:10 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 71.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 24.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 7.91 Gb Free Space | 21.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 569.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1862.36 Gb Total Space | 484.83 Gb Free Space | 26.03% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MISERY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/01 18:24:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/09/29 14:19:24 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/27 19:06:04 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/27 19:06:04 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/27 19:05:56 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/09/27 19:05:47 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/09/27 19:05:46 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/09/27 19:05:15 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/09/27 19:05:04 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/27 19:04:58 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/27 19:04:39 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/02/10 08:19:09 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1144202678\EE\aolsoftware.exe
PRC - [2009/09/04 15:23:56 | 008,975,680 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/09/04 15:23:56 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/09/04 15:22:22 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/02 07:33:32 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
PRC - [2006/10/23 14:04:42 | 000,001,536 | ---- | M] () -- c:\Program Files\Common Files\AOL\1144202678\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/07 12:19:27 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2003/05/21 15:35:50 | 000,004,608 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\carpserv.exe


========== Modules (SafeList) ==========

MOD - [2010/10/01 18:24:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/01/15 07:18:31 | 000,034,488 | ---- | M] (Tonec Inc.) -- C:\Internet Download Manager\idman5.17.5_full_www.depodepo.fr\idman5.17.5 full\idman5.17.5.full\idmmkb.dll
MOD - [2006/09/07 12:18:56 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/09/27 19:05:56 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/09/27 19:05:46 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/27 19:05:15 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2009/09/04 15:22:22 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ivusb.sys -- (ivusb)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - [2010/09/27 19:06:08 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/27 19:06:04 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/09/27 19:05:49 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/09/27 19:05:48 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/09/27 19:05:48 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/09/27 19:05:48 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/09/27 19:05:21 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/09/27 19:05:21 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/09/27 19:05:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/27 19:04:41 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/09/27 09:08:02 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/06/25 11:00:08 | 000,042,240 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2005/12/17 17:25:12 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/12/11 20:36:00 | 000,009,760 | R--- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\softctrl.sys -- (softctrl)
DRV - [2004/05/15 18:29:12 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/05/21 15:35:56 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/05/21 15:33:54 | 000,179,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
DRV - [2003/05/21 15:32:32 | 000,631,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/05/21 15:31:22 | 001,063,040 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/08/29 15:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2002/08/28 18:00:48 | 000,231,552 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 08:49:02 | 000,026,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alifir.sys -- (ALiIRDA)
DRV - [2001/08/17 07:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)
DRV - [2001/04/12 14:04:54 | 000,131,776 | ---- | M] (Intel ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx3.SYS -- (STVqx3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-583907252-706699826-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKU\S-1-5-21-583907252-706699826-854245398-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-583907252-706699826-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2002/08/29 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Internet Download Manager\idman5.17.5_full_www.depodepo.fr\idman5.17.5 full\idman5.17.5.full\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-583907252-706699826-854245398-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-583907252-706699826-854245398-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-583907252-706699826-854245398-1003\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-583907252-706699826-854245398-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [HornetMonitor] C:\Program Files\Common Files\Hornet\MntrHrnt.exe File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144202678\EE\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Pure Networks Port Magic] C:\Program Files\Pure Networks\Port Magic\PortAOL.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-583907252-706699826-854245398-1003..\Run: [AOL Fast Start] C:\Program Files\AOL 9.5b\AOL.EXE (AOL Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-706699826-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Internet Download Manager\idman5.17.5_full_www.depodepo.fr\idman5.17.5 full\idman5.17.5.full\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Internet Download Manager\idman5.17.5_full_www.depodepo.fr\idman5.17.5 full\idman5.17.5.full\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Internet Download Manager\idman5.17.5_full_www.depodepo.fr\idman5.17.5 full\idman5.17.5.full\IEExt.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O15 - HKU\S-1-5-21-583907252-706699826-854245398-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.55.5.10 209.55.5.11
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{015fb38a-dd5c-11df-89d8-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{015fb38a-dd5c-11df-89d8-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{015fb38a-dd5c-11df-89d8-00038a000015}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- [2009/09/04 17:20:42 | 002,770,208 | R--- | M] (Western Digital)
O33 - MountPoints2\{1e77cc20-45b2-11df-88ed-001167000000}\Shell - "" = AutoRun
O33 - MountPoints2\{1e77cc20-45b2-11df-88ed-001167000000}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e77cc20-45b2-11df-88ed-001167000000}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{5548cdb5-8d47-11df-8914-00038a000015}\Shell\AutoRun\command - "" = G:\Info.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ae594d5e-dd07-4e54-8252-daa5aebbd4ec} - KB905915
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msvideo3 - C:\WINDOWS\System32\STVqx3TG.DLL (Intel)
Drivers32: VIDC.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\vvlcodec.dll (Vision)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\vvlcodec.dll (Vision)
Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\vvlcodec.dll (Vision)
Drivers32: vidc.YV12 - C:\WINDOWS\System32\vvlcodec.dll (Vision)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/19 15:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Western_Digital
[2010/10/19 15:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Western Digital
[2010/10/19 15:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/10/19 15:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/10/19 15:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/10/14 10:18:46 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 10:18:46 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 10:18:30 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/01 18:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2010/10/01 18:24:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/30 22:44:55 | 000,316,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner\Desktop\tcpview.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/30 21:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/30 20:33:53 | 067,023,910 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/30 20:21:50 | 000,000,724 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/30 20:13:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/30 20:13:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/30 20:12:59 | 468,766,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/29 12:55:28 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/28 08:41:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/10/28 08:41:25 | 011,010,048 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/10/25 22:50:21 | 000,127,488 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/23 18:02:53 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/23 13:48:09 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Start Unlocker Assistant.lnk
[2010/10/23 08:08:05 | 000,625,796 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/10/19 15:25:11 | 003,941,302 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EssentialElite_FirmwareUpdater_v2.010(1.0.8.3).zip
[2010/10/19 15:15:43 | 000,001,118 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/10/19 15:15:42 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/10/18 20:42:14 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/18 08:14:23 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/15 18:38:06 | 000,005,675 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Favorite Theme.theme
[2010/10/14 10:39:04 | 000,433,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/14 10:39:03 | 000,489,148 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/14 10:39:03 | 000,067,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/01 18:24:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/01 18:22:54 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/09/30 22:44:56 | 000,316,280 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner\Desktop\tcpview.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/23 18:02:52 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/23 13:48:09 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Start Unlocker Assistant.lnk
[2010/10/19 15:24:58 | 003,941,302 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\EssentialElite_FirmwareUpdater_v2.010(1.0.8.3).zip
[2010/10/19 15:15:43 | 000,001,118 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/10/19 15:15:41 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/10/15 18:38:02 | 000,005,675 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\My Favorite Theme.theme
[2010/10/01 18:22:53 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/10/01 10:14:27 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/09/27 09:10:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/09/27 08:59:13 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/06/28 11:16:32 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/19 19:31:40 | 000,127,488 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/19 21:39:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/06/19 20:41:03 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/06/19 20:40:56 | 000,454,162 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/06/19 20:40:55 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/19 20:40:55 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/19 20:40:54 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/19 20:40:50 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/19 20:40:46 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/04/04 21:18:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/04/04 13:53:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/04 13:53:47 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/04 13:53:46 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/27 19:05:21 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgfwdx.sys
[2010/09/27 19:05:49 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\AVGIDSxx.sys
[2010/09/27 19:05:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/09/27 19:06:04 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/09/27 19:04:41 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys
[2010/09/27 19:06:08 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/08/26 08:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/09/27 09:08:02 | 000,005,632 | ---- | M] () -- C:\WINDOWS\system32\drivers\StarOpen.sys

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rcimlby11.exe:SummaryInformation
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4252FE0
< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 AM

Posted 01 November 2010 - 09:39 AM

Hi,

could you please give me an example of a user account that was created?

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Ronnie713

Ronnie713
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 01 November 2010 - 05:41 PM

Thank you for the help, a week or so ago on a safemode startup the comp. asked "Which user name do you want to use?" I have never had any user names other than "owner" or "administrator" there was 3 more user accounts listed. I stumbled across this and have not been able to duplicate it again. the comp. is running as slow as a commodore 64K. I also found numerous network connections that I never created. "1394 Net Adapter", "Network Bridge 3 Mac bridge miniport", "Local Area Connection National Semiconductor DP83815-Based PCI Fast Ethernet Adapter". "Internet Connection". Please let me know if you need any more details and thanks again for your help.
Ronnie

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 AM

Posted 02 November 2010 - 04:40 AM

Hi,

did the user account appear randomly named, or where they names you could recognize?\

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Ronnie713

Ronnie713
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 02 November 2010 - 07:53 AM

myrti, yes they appeared to be random, (no names or text that I could identify).

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 AM

Posted 03 November 2010 - 05:31 AM

Please download this program to your desktop.
http://noahdfear.net/downloads/profiles.exe
Double click and run it.
Post the log

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Ronnie713

Ronnie713
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 05 November 2010 - 08:34 PM

Thanks again for the help.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-583907252-706699826-854245398-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Owner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-583907252-706699826-854245398-501
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Guest

SystemRoot REG_SZ C:\WINDOWS

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 AM

Posted 08 November 2010 - 05:16 AM

Hi,

I only see your own user account in this list. Have the other accounts vanished or are they still present?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Ronnie713

Ronnie713
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 08 November 2010 - 07:59 AM

Myrti, I can not see them when I go to "Change User" , all that shows is "Guest" or "administrator". However, a lot of task show that even when logged on as administrator, it will still say something like, "You are not authorized, contact system adminstrator".
I do not know what is going on but this laptop is a decent laptop but from power on to log on takes 15+ minutes. Just power on and load AOL used to take just a few minutes, now it takes the 10-15 minutes to get to the browser. Also, nearly every command to launch a program takes several minutes now for it to start executing, then again, it will slow down to a snails pace executing and loading.
Thanks Again :)

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 AM

Posted 08 November 2010 - 08:42 AM

Hi,

please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Unfortunately AVG currently does not allow ComboFix to run normally, I hence have to ask you to uninstall AVG so that we can run ComboFix.

Please also run junction:
We need to scan the system with this special tool.
  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Ronnie713

Ronnie713
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 12 November 2010 - 08:17 PM

thanks, i am running combofix.

#14 Ronnie713

Ronnie713
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 16 November 2010 - 07:24 PM

Combofix keeps locking up, still trying, any ideas? thanks!

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 AM

Posted 17 November 2010 - 05:14 AM

Hi,

at which stade does it lock up? Can you please try to download a fresh copy (from the second link) and rename it to fun.com and run it with that name.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users