Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is not okay, mostly freezing


  • This topic is locked This topic is locked
41 replies to this topic

#1 gheniphre

gheniphre

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 08 January 2011 - 01:27 AM

Thank you for this site, it got this up and running awhile ago but it didn't seem to last so I'm going to ask for specific help please. Here are my logs:


DDS (Ver_10-12-12.02) - NTFSx86
Run by JEN-n-ROB at 22:09:04.02 on Fri 01/07/2011
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============

\??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\JEN-n-ROB\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
\??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe
\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\JEN-n-ROB\My Documents\Downloads\dds.scr
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k netsvcs

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/calendar/render?gsessionid=wM1TDmXMhvnD-DVpc0HCLg
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwa1.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: MRI_DISABLED - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwa1.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwa1.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {EEE1A699-C438-486B-8B23-347A37F77328} - No File
TB: {4E7BD74F-2B8D-469E-DDF9-F165B897FA7D} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {17BFCF1A-B579-48a7-9849-719DDD11D340} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: DF Bar: {67fcef90-073e-11de-8c30-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SmileboxTray] "c:\documents and settings\jen-n-rob\application data\smilebox\SmileboxTray.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Ink Monitor] c:\program files\epson\ink monitor\InkMonitor.exe
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 8\PostUpdate.exe" 1014021
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Filter: text/html - {9d24e1d9-a7ca-44ea-a2e7-42a85278c783} -
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {b605f154-dc61-4758-9c94-a8f229b4dc4f}: {f4cd4b92-2f8a-49c9-8574-16cd451f506b} - c:\windows\system32\xdulwt.dll
LSA: Notification Packages = scecli c:\windows\system32\kawepibo.dll
Hosts: 193.125.23.12 updates.sald.

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jen-n-~1\applic~1\mozilla\firefox\profiles\8itl2mj8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www10.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gapg&hl=en
FF - prefs.js: keyword.URL - hxxp://www10.yoog.com/search.php?q=
FF - component: c:\documents and settings\jen-n-rob\application data\mozilla\firefox\profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RADIOWMPCOREGECKO19.DLL
FF - component: c:\documents and settings\jen-n-rob\application data\mozilla\firefox\profiles\8itl2mj8.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\jen-n-rob\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\jen-n-rob\application data\mozilla\firefox\profiles\8itl2mj8.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\documents and settings\jen-n-rob\local settings\application data\yahoo!\browserplus\2.8.1\plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: Swag Bucks Community Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - %profile%\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
FF - Ext: Facebook PhotoZoom: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} - %profile%\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
FF - Ext: Thumbnail Zoom: {E10A6337-382E-4FE6-96DE-936ADC34DD04} - %profile%\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

---- FIREFOX POLICIES ----
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www10.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www10.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: google.toolbar.linkdoctor.enabled - false

============= SERVICES / DRIVERS ===============

R? AVG Security Toolbar Service;AVG Security Toolbar Service
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog

=============== Created Last 30 ================

2011-01-02 22:10:51 -------- d-----w- c:\docume~1\jen-n-~1\locals~1\applic~1\AVG Security Toolbar
2011-01-02 21:04:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2011-01-02 21:01:52 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-31 22:44:39 -------- d-----w- c:\docume~1\jen-n-~1\applic~1\whitesmoketoolbar
2010-12-30 01:35:40 -------- d-----w- c:\program files\whitesmoketoolbar
2010-12-30 01:34:31 -------- d-----w- c:\windows\system32\%APPDATA%
2010-12-21 05:12:59 -------- d-----w- c:\docume~1\jen-n-~1\applic~1\Disney Mix It Plug-in
2010-12-15 03:46:51 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 03:42:24 45568 ------w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2008-01-10 16:55:45 3457008 ----a-w- c:\program files\SF_US_snapfish-agent.exe
2005-05-19 07:35:51 552096 ----a-w- c:\program files\GoogleToolbarInstaller.exe
2005-05-18 17:45:53 742504 ----a-w- c:\program files\GoogleDesktopSearchSetup.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6Y160M0 rev.YAR51HW0 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T1L0-17

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F4D555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86f537b0]; MOV EAX, [0x86f5382c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F3D5D0]
3 CLASSPNP[0xF7712FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86ECB6A0]
\Driver\atapi[0x86F2C2D0] -> IRP_MJ_CREATE -> 0x86F4D555
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
detected disk devices:
\Device\Ide\IdeDeviceP1T1L0-17 -> \??\IDE#DiskMaxtor_6Y160M0__________________________YAR51HW0#345958383745454a202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86F4D39B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !



==== Installed Programs ======================

Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Express Uploader
Adobe Reader 7.0
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
Banctec Service Agreement
Bonjour
Broadcom Advanced Control Suite 2
BSF v6 US Supplemental Files
Conexant D850 56K V.9x DFVc Modem
Consumer Complete Care Services Agreement
Contextual Platform Globaladsolution
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Networking Guide
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Dell Support
DigiFast
Digital Line Detect
Disney Mix-It Plug-in and Windows Media Player Skin
Disney Mix Central
DrawPlus 3.0
EPSON Printer Software
Facebook Plug-In
Google Desktop Search
H&R Block Deluxe + Efile 2009
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Ink Monitor
Internet Explorer Default Page
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05
Java™ 6 Update 15
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Picture It! Express 7.0
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Mozilla Firefox (3.6.13)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
msxml4SP2
My Way Search Assistant
NVIDIA Drivers
Palm VersaMail™
Photo Click
PowerDVD 5.3
QuickTime
RealPlayer Basic
RON Too1 Globaladsolution
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
Smilebox
Snapfish PictureMover
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Swag_Bucks Toolbar
The Print Shop
The Print Shop 20
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoCam Suite
VideoCam Suite 1.0
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Wizard101
WordPerfect Office 12
Works Suite OS Pack
Works Synchronization
Yahoo! Browser Services
Yahoo! BrowserPlus 2.8.1
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Search Protection

==== End Of File ===========================


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3723264 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 66.84 )
0xF606B000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2740224 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 66.84 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF5EAF000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF5CF1000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF5E08000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF731E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB9376000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5C57000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB94A3000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAFE72000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB945B000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xAF632000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF5DC8000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xB92D7000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF5FD1000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)


Thank you for any help,
JEN

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:39 AM

Posted 13 January 2011 - 08:26 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 gheniphre

gheniphre
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 14 January 2011 - 08:36 PM

Hello mOle! Thanks for your reply! I am here and will be waiting for your response.
Thank you,
JEN

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:39 AM

Posted 14 January 2011 - 09:40 PM

TDSSKiller first, we need to remove the rootkit that's conducting this all

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 gheniphre

gheniphre
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 14 January 2011 - 11:36 PM

2011/01/14 20:35:08.0312 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/14 20:35:08.0312 ================================================================================
2011/01/14 20:35:08.0312 SystemInfo:
2011/01/14 20:35:08.0312
2011/01/14 20:35:08.0312 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/14 20:35:08.0312 Product type: Workstation
2011/01/14 20:35:08.0312 ComputerName: KITTRELL
2011/01/14 20:35:08.0312 UserName: JEN-n-ROB
2011/01/14 20:35:08.0312 Windows directory: C:\WINDOWS
2011/01/14 20:35:08.0312 System windows directory: C:\WINDOWS
2011/01/14 20:35:08.0312 Processor architecture: Intel x86
2011/01/14 20:35:08.0312 Number of processors: 2
2011/01/14 20:35:08.0312 Page size: 0x1000
2011/01/14 20:35:08.0312 Boot type: Normal boot
2011/01/14 20:35:08.0312 ================================================================================
2011/01/14 20:35:08.0484 Initialize success
2011/01/14 20:35:10.0187 ================================================================================
2011/01/14 20:35:10.0187 Scan started
2011/01/14 20:35:10.0187 Mode: Manual;
2011/01/14 20:35:10.0187 ================================================================================
2011/01/14 20:35:11.0765 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/14 20:35:11.0812 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/14 20:35:11.0875 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/14 20:35:11.0921 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/14 20:35:12.0031 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/14 20:35:12.0109 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/01/14 20:35:12.0156 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/14 20:35:12.0218 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/14 20:35:12.0250 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/14 20:35:12.0296 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/14 20:35:12.0343 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/14 20:35:12.0406 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/14 20:35:12.0468 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/14 20:35:12.0515 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/14 20:35:12.0578 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/14 20:35:12.0656 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/14 20:35:12.0687 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/14 20:35:12.0734 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/14 20:35:12.0781 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/14 20:35:12.0843 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/01/14 20:35:12.0921 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/14 20:35:13.0015 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/14 20:35:13.0125 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/14 20:35:13.0171 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/14 20:35:13.0234 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/01/14 20:35:13.0281 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/01/14 20:35:13.0328 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/01/14 20:35:13.0390 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/01/14 20:35:13.0468 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/01/14 20:35:13.0515 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/01/14 20:35:13.0546 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/01/14 20:35:13.0625 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/01/14 20:35:13.0703 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/01/14 20:35:13.0843 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/14 20:35:13.0890 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/14 20:35:13.0937 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/14 20:35:14.0000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/14 20:35:14.0062 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/14 20:35:14.0125 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/01/14 20:35:14.0203 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/14 20:35:14.0296 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/14 20:35:14.0343 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/14 20:35:14.0421 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/14 20:35:14.0453 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/14 20:35:14.0515 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/14 20:35:14.0640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/14 20:35:14.0734 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/14 20:35:14.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/14 20:35:14.0859 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/14 20:35:14.0937 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/14 20:35:14.0968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/14 20:35:15.0031 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/01/14 20:35:15.0109 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/01/14 20:35:15.0218 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/14 20:35:15.0281 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/14 20:35:15.0343 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/14 20:35:15.0375 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/14 20:35:15.0453 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/14 20:35:15.0515 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/14 20:35:15.0562 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/14 20:35:15.0656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/14 20:35:15.0718 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/14 20:35:15.0765 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/14 20:35:15.0812 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/14 20:35:15.0859 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/14 20:35:15.0921 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/01/14 20:35:16.0000 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/01/14 20:35:16.0109 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/14 20:35:16.0171 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/14 20:35:16.0203 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/14 20:35:16.0250 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/14 20:35:16.0328 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\drivers\iaStor.sys
2011/01/14 20:35:16.0437 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/14 20:35:16.0515 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/14 20:35:16.0578 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/14 20:35:16.0640 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/14 20:35:16.0687 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/14 20:35:16.0750 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/14 20:35:16.0812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/14 20:35:16.0875 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/14 20:35:16.0937 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/14 20:35:16.0984 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/14 20:35:17.0031 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/14 20:35:17.0078 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/14 20:35:17.0140 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/14 20:35:17.0187 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/14 20:35:17.0234 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/14 20:35:17.0359 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/14 20:35:17.0421 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/14 20:35:17.0484 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/14 20:35:17.0546 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/01/14 20:35:17.0640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/14 20:35:17.0671 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/14 20:35:17.0718 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/14 20:35:17.0796 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/14 20:35:17.0859 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/14 20:35:17.0937 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/14 20:35:18.0000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/14 20:35:18.0062 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/14 20:35:18.0109 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/14 20:35:18.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/14 20:35:18.0218 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/14 20:35:18.0265 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/14 20:35:18.0328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/14 20:35:18.0375 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/14 20:35:18.0421 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/14 20:35:18.0453 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/14 20:35:18.0562 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/14 20:35:18.0625 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/14 20:35:18.0671 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/14 20:35:18.0750 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/14 20:35:18.0796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/14 20:35:18.0859 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/14 20:35:18.0921 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/14 20:35:19.0062 nv (aaa6daac20c08fda35498515ad6c69c3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/14 20:35:19.0187 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/14 20:35:19.0234 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/14 20:35:19.0296 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/14 20:35:19.0343 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/01/14 20:35:19.0468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/14 20:35:19.0562 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/14 20:35:19.0625 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/14 20:35:19.0671 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/14 20:35:19.0734 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/14 20:35:19.0828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/14 20:35:20.0031 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/14 20:35:20.0078 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/14 20:35:20.0140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/14 20:35:20.0187 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/14 20:35:20.0234 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/14 20:35:20.0281 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/14 20:35:20.0328 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/14 20:35:20.0375 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/14 20:35:20.0421 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/14 20:35:20.0468 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/14 20:35:20.0515 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/14 20:35:20.0562 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/14 20:35:20.0625 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/14 20:35:20.0671 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/14 20:35:20.0718 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/14 20:35:20.0781 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/14 20:35:20.0828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/14 20:35:20.0906 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/14 20:35:21.0000 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/14 20:35:21.0062 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/14 20:35:21.0156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/14 20:35:21.0250 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/01/14 20:35:21.0343 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/14 20:35:21.0406 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/14 20:35:21.0453 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/14 20:35:21.0531 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/14 20:35:21.0593 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/01/14 20:35:21.0687 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/01/14 20:35:21.0750 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/14 20:35:21.0781 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/14 20:35:21.0843 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/14 20:35:21.0921 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/14 20:35:21.0968 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/01/14 20:35:22.0031 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/01/14 20:35:22.0093 StMp3Rec (833ac40f6e7be17951d6d9a956829547) C:\WINDOWS\system32\Drivers\StMp3Rec.sys
2011/01/14 20:35:22.0140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/14 20:35:22.0218 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/14 20:35:22.0265 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/14 20:35:22.0328 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/14 20:35:22.0359 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/14 20:35:22.0406 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/14 20:35:22.0453 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/14 20:35:22.0531 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/14 20:35:22.0609 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/14 20:35:22.0687 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/14 20:35:22.0734 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/14 20:35:22.0812 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/01/14 20:35:22.0843 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/01/14 20:35:22.0906 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/01/14 20:35:22.0984 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
2011/01/14 20:35:23.0031 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/01/14 20:35:23.0078 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/01/14 20:35:23.0140 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/01/14 20:35:23.0187 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/01/14 20:35:23.0234 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/01/14 20:35:23.0296 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/14 20:35:23.0375 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/14 20:35:23.0437 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/14 20:35:23.0515 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/14 20:35:23.0609 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/14 20:35:23.0828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/14 20:35:23.0890 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/14 20:35:23.0953 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/14 20:35:24.0000 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/14 20:35:24.0062 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/14 20:35:24.0125 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/14 20:35:24.0187 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/14 20:35:24.0218 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/14 20:35:24.0281 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/14 20:35:24.0328 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/14 20:35:24.0390 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/14 20:35:24.0453 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/14 20:35:24.0578 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/14 20:35:24.0671 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/01/14 20:35:24.0796 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/14 20:35:24.0875 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/14 20:35:24.0921 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/14 20:35:24.0984 ================================================================================
2011/01/14 20:35:24.0984 Scan finished
2011/01/14 20:35:24.0984 ================================================================================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:39 AM

Posted 15 January 2011 - 07:57 AM

Please run Combofix - TDSSKiller found nothing which doesn't match with the scan that DDS provided us with.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 gheniphre

gheniphre
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 15 January 2011 - 10:38 PM

I have disabled the AntiVirus software and downloading the ComboFix, however, it will not run. It states that it cannot run with the AVG and to uninstall it.

ComboFix cannot run when AVG is installed.
This is due to AVG's targeting of ComboFix's files/processess.
It would be dangerous to continue.
Please uninstall AVG or use another tool.




Next step please?

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:39 AM

Posted 16 January 2011 - 11:05 AM

Uninstall AVG, if that fails to work then use their uninstaller (links below) to make sure it's completely gone.

32 bit

http://download.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

64 bit

http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe
Posted Image
m0le is a proud member of UNITE

#9 gheniphre

gheniphre
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 16 January 2011 - 04:11 PM

I am still having difficulties removing AVG, with or without the links. However, with the links the ComboFix now gets to this:

AVG Identity Protection
Malware detected
File name: c;\32788R22FWJFW\CMD.CFXXE
Threat name: Malware.gen
Severity level: (4 red boxes)
Category: Downloader
Description: This is a known piece of Malware (malicious software). It is recommened that you quarantine this threat.
->Move to Vault
Will safely quarantine the infected file to Virus Vault until futher decision
->Allow
Will leave the file as it is now



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:39 AM

Posted 16 January 2011 - 08:25 PM

This is why AVG has to go. It is now actively scanning and removing Combofix as malware incorrectly.

As the uninstaller is now not really doing the business either we need to manually remove the AVG program using OTL

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#11 gheniphre

gheniphre
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 16 January 2011 - 10:07 PM

haha, sorry about the AVG. Here's the new stuff:

OTL:

OTL logfile created on: 1/16/2011 6:56:23 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\JEN-n-ROB\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 149.00 Mb Available Physical Memory | 15.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.22 Gb Total Space | 53.92 Gb Free Space | 36.87% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: KITTRELL | User Name: JEN-n-ROB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\JEN-n-ROB\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG10\avgmfapx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsubleepa Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\JEN-n-ROB\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (6to4) -- File not found
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (dlbt_device) -- C:\WINDOWS\System32\dlbtcoms.exe (Dell)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (StMp3Rec) -- C:\WINDOWS\SYSTEM32\DRIVERS\StMp3Rec.sys (Generic)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)
DRV - (drvnddm) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys (Sonic Solutions)
DRV - (tfsnudfa) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys (Sonic Solutions)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/calendar/render?gsessionid=wM1TDmXMhvnD-DVpc0HCLg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwa1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www10.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?source=gapg&hl=en"
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.126
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}:1.9
FF - prefs.js..extensions.enabledItems: {E10A6337-382E-4FE6-96DE-936ADC34DD04}:1.4
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: betterfacebook@mattkruse.com:5.000
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - prefs.js..keyword.URL: "http://www10.yoog.com/search.php?q="

FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www10.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www10.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/28 14:06:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/02 13:02:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/01/02 13:04:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/24 10:28:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 10:24:42 | 000,000,000 | ---D | M]

[2010/02/22 18:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Extensions
[2010/02/22 18:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/01/16 08:01:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions
[2010/09/19 13:10:01 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010/12/07 20:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/12/07 20:44:10 | 000,000,000 | ---D | M] ("Facebook PhotoZoom") -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
[2010/12/05 14:33:16 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2011/01/06 06:05:03 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2010/12/07 20:50:29 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2011/01/13 16:00:09 | 000,000,000 | ---D | M] (Thumbnail Zoom) -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}
[2011/01/14 17:47:24 | 000,000,000 | ---D | M] (Better Facebook!) -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\betterfacebook@mattkruse.com
[2011/01/06 06:05:10 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com
[2010/01/20 12:15:44 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\searchplugins\conduit.xml
[2011/01/10 22:21:40 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\searchplugins\swagbuckscom.xml
[2009/08/03 13:05:43 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\searchplugins\Yoog Search.xml
[2010/02/22 18:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/11 10:24:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/01/02 13:02:09 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/01/02 13:04:13 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.011.025.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/12/11 10:24:32 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/12/11 10:24:32 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/12/11 10:24:37 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2004/12/14 01:19:18 | 000,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/11/23 17:49:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/11/23 17:49:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/11/23 17:49:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/11/23 17:49:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/11/23 17:49:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/11/23 17:49:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/11/23 17:49:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/01/15 16:13:03 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/15 16:13:03 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011/01/02 14:10:47 | 000,002,359 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/12/29 17:34:39 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2010/01/15 16:13:03 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/01/15 16:13:03 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/15 16:13:03 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/15 16:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/15 16:13:03 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/01/07 18:55:09 | 000,005,314 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 microsoft
O1 - Hosts: 127.0.0.1 kaspersky
O1 - Hosts: 127.0.0.1 virustota
O1 - Hosts: 127.0.0.1 virusscan
O1 - Hosts: 127.0.0.1 antivirus
O1 - Hosts: 127.0.0.1 kaspersky
O1 - Hosts: 127.0.0.1 novirus.r
O1 - Hosts: 127.0.0.1 kaspersky
O1 - Hosts: 127.0.0.1 drweb.com
O1 - Hosts: 127.0.0.1 avira.com
O1 - Hosts: 127.0.0.1 free-av.c
O1 - Hosts: 127.0.0.1 esetnod32
O1 - Hosts: 127.0.0.1 allnod.co
O1 - Hosts: 127.0.0.1 nod-32.ru
O1 - Hosts: 127.0.0.1 my-firefo
O1 - Hosts: 127.0.0.1 mozilla.o
O1 - Hosts: 127.0.0.1 ********d
O1 - Hosts: 127.0.0.1 ********d
O1 - Hosts: 127.0.0.1 ********d
O1 - Hosts: 127.0.0.1 ********d
O1 - Hosts: 127.0.0.1 [url]ftp:
O1 - Hosts: 127.0.0.1 [url]ftp:
O1 - Hosts: 127.0.0.1 [url]ftp:
O1 - Hosts: 127.0.0.1 [url]ftp:
O1 - Hosts: 192 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwa1.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwa1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\tbSwa1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] File not found
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe (BillP Studios)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SmileboxTray] C:\Documents and Settings\JEN-n-ROB\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto run of VideoCam Suite 1.0.lnk = C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsubleepa Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Disney [2010/11/25 12:43:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED [2009/08/28 14:51:47 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\MRI_DISABLED: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\JEN-n-ROB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JEN-n-ROB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {f4cd4b92-2f8a-49c9-8574-16cd451f506b} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 10:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0988fd6f-e35f-11de-a3d0-001111a20e51}\Shell - "" = AutoRun
O33 - MountPoints2\{0988fd6f-e35f-11de-a3d0-001111a20e51}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0988fd6f-e35f-11de-a3d0-001111a20e51}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{0988fd70-e35f-11de-a3d0-001111a20e51}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{295a8ea4-5268-11df-a3f3-001111a20e51}\Shell - "" = AutoRun
O33 - MountPoints2\{295a8ea4-5268-11df-a3f3-001111a20e51}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{295a8ea4-5268-11df-a3f3-001111a20e51}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{2f7d83c2-74e5-11de-a37b-001111a20e51}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2f7d83c2-74e5-11de-a37b-001111a20e51}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2010/07/26 22:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{2f7d83c2-74e5-11de-a37b-001111a20e51}\Shell\Explore\command - "" = F:\system.exe
O33 - MountPoints2\{2f7d83c2-74e5-11de-a37b-001111a20e51}\Shell\Open\command - "" = F:\system.exe
O33 - MountPoints2\{4dcaa37a-a30f-11de-a3a5-001111a20e51}\Shell - "" = AutoRun
O33 - MountPoints2\{4dcaa37a-a30f-11de-a3a5-001111a20e51}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4dcaa37a-a30f-11de-a3a5-001111a20e51}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/01/16 13:05:35 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/01/15 12:05:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/12 09:52:16 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JEN-n-ROB\Desktop\TDSSKiller.exe
[2011/01/02 14:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JEN-n-ROB\Local Settings\Application Data\AVG Security Toolbar
[2011/01/02 14:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JEN-n-ROB\My Documents\A PHOTO GALLERY
[2011/01/02 13:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/01/02 13:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/01/02 13:01:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010/12/31 14:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JEN-n-ROB\Application Data\whitesmoketoolbar
[2010/12/29 18:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/12/29 17:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2010/12/29 17:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2010/12/29 17:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2010/12/29 17:34:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%APPDATA%
[2010/12/29 11:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/12/29 11:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/12/20 21:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JEN-n-ROB\Application Data\Disney Mix It Plug-in
[2008/01/10 08:55:39 | 003,457,008 | ---- | C] (Hewlett-Packard Company ) -- C:\Program Files\SF_US_snapfish-agent.exe
[2007/01/30 13:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtiesc.dll
[2007/01/30 13:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtinpa.dll
[2007/01/30 13:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbthbn3.dll
[2005/05/18 23:35:47 | 000,552,096 | ---- | C] (Google) -- C:\Program Files\GoogleToolbarInstaller.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/16 18:57:24 | 104,443,581 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/01/16 13:00:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\onkbecnu.job
[2011/01/16 12:54:38 | 000,007,275 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/16 12:54:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/01/16 12:54:30 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/15 12:16:21 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\JEN-n-ROB\Desktop\Microsoft Word.lnk
[2011/01/14 20:24:22 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JEN-n-ROB\Desktop\TDSSKiller.exe
[2011/01/14 20:16:51 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\JEN-n-ROB\Desktop\Shortcut to eula.lnk
[2011/01/14 20:14:05 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\JEN-n-ROB\Desktop\Shortcut to TDSSKiller.lnk
[2011/01/14 17:47:49 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Disney Mix Central.lnk
[2011/01/13 22:55:51 | 000,132,091 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/01/07 22:07:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\JEN-n-ROB\defogger_reenable
[2011/01/07 20:16:48 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\JEN-n-ROB\My Documents\2010budget.xls
[2011/01/06 05:47:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/01/02 21:50:34 | 000,101,888 | ---- | M] () -- C:\Documents and Settings\JEN-n-ROB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/02 13:03:53 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/12/29 17:33:47 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\Improve Your PC.lnk
[2010/12/23 21:48:08 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\JEN-n-ROB\My Documents\Bowl Pool II.xls
[2010/12/23 04:09:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/17 21:38:35 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\JEN-n-ROB\Desktop\Microsoft Excel.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/16 18:57:24 | 104,443,581 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/01/14 20:16:51 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\JEN-n-ROB\Desktop\Shortcut to eula.lnk
[2011/01/14 20:14:05 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\JEN-n-ROB\Desktop\Shortcut to TDSSKiller.lnk
[2011/01/13 22:55:51 | 000,132,091 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/01/07 22:07:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\JEN-n-ROB\defogger_reenable
[2011/01/02 13:03:53 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/12/29 17:33:41 | 000,001,072 | ---- | C] () -- C:\WINDOWS\System32\Improve Your PC.lnk
[2010/12/17 23:26:06 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\JEN-n-ROB\My Documents\Bowl Pool II.xls
[2010/08/21 22:00:01 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\JEN-n-ROB\Local Settings\Application Data\fusioncache.dat
[2009/01/19 13:06:13 | 001,406,503 | -HS- | C] () -- C:\WINDOWS\System32\rwhdhkwi.ini
[2009/01/11 09:06:17 | 001,346,100 | -HS- | C] () -- C:\WINDOWS\System32\qwdbhonm.ini
[2009/01/08 19:31:29 | 001,346,100 | -HS- | C] () -- C:\WINDOWS\System32\ifgqqhqb.ini
[2009/01/05 20:15:55 | 001,330,829 | -HS- | C] () -- C:\WINDOWS\System32\sixhhxbk.ini
[2009/01/04 12:59:31 | 001,309,271 | -HS- | C] () -- C:\WINDOWS\System32\wsesovxj.ini
[2009/01/01 15:42:48 | 001,309,235 | -HS- | C] () -- C:\WINDOWS\System32\xckanmku.ini
[2008/12/26 11:29:32 | 001,309,235 | -HS- | C] () -- C:\WINDOWS\System32\ehxnpkrp.ini
[2008/12/25 10:44:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/12/24 07:14:31 | 001,748,900 | -HS- | C] () -- C:\WINDOWS\System32\fmoljgrl.ini
[2008/12/23 07:20:32 | 001,748,900 | -HS- | C] () -- C:\WINDOWS\System32\pgwcwvqg.ini
[2008/12/22 07:14:31 | 001,748,900 | -HS- | C] () -- C:\WINDOWS\System32\kawokdgl.ini
[2008/12/15 11:42:55 | 001,748,900 | -HS- | C] () -- C:\WINDOWS\System32\efqnascs.ini
[2008/12/14 18:28:04 | 001,730,777 | -HS- | C] () -- C:\WINDOWS\System32\afsibnks.ini
[2008/12/13 11:41:47 | 001,730,777 | -HS- | C] () -- C:\WINDOWS\System32\wuhvsoos.ini
[2008/12/11 09:50:34 | 001,730,777 | -HS- | C] () -- C:\WINDOWS\System32\axqltvyi.ini
[2008/12/10 09:50:34 | 001,658,469 | -HS- | C] () -- C:\WINDOWS\System32\sdfhexfq.ini
[2008/12/09 09:50:34 | 001,620,759 | -HS- | C] () -- C:\WINDOWS\System32\fxrjoofc.ini
[2008/12/08 09:47:34 | 001,620,759 | -HS- | C] () -- C:\WINDOWS\System32\fsbewflh.ini
[2008/12/07 09:47:51 | 001,479,822 | -HS- | C] () -- C:\WINDOWS\System32\mbwgbxte.ini
[2008/12/07 09:08:26 | 001,479,822 | -HS- | C] () -- C:\WINDOWS\System32\sfuoqjol.ini
[2008/12/06 08:21:49 | 001,479,822 | -HS- | C] () -- C:\WINDOWS\System32\oyfbjnsm.ini
[2008/12/06 08:20:43 | 000,008,198 | -HS- | C] () -- C:\WINDOWS\System32\xxxwFfii.ini2
[2008/12/06 08:20:43 | 000,008,198 | -HS- | C] () -- C:\WINDOWS\System32\xxxwFfii.ini
[2008/04/09 08:27:05 | 000,048,128 | ---- | C] () -- C:\Program Files\Teacher Preference Form.DOC
[2007/02/19 06:20:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2007/02/19 06:17:06 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2007/02/19 06:17:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2007/02/19 06:16:48 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2007/01/22 06:18:28 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcfg.dll
[2006/12/26 15:05:02 | 000,001,917 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/02/02 10:01:00 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2006/02/02 10:00:58 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2005/08/02 13:03:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI
[2005/08/02 12:45:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/08 22:19:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/05/30 09:58:31 | 000,000,770 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/05/30 09:57:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2005/05/30 09:57:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2005/05/30 09:57:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2005/05/30 09:57:24 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2005/05/30 09:57:21 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2005/05/26 11:43:13 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSP925.ini
[2005/05/25 12:07:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtcnv4.dll
[2005/05/18 09:45:25 | 000,742,504 | ---- | C] () -- C:\Program Files\GoogleDesktopSearchSetup.exe
[2005/05/10 18:13:29 | 000,101,888 | ---- | C] () -- C:\Documents and Settings\JEN-n-ROB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/04 20:13:07 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/05/04 20:12:06 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\JEN-n-ROB\Application Data\PFP120JPR.{PB
[2005/05/04 20:12:06 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\JEN-n-ROB\Application Data\PFP120JCM.{PB
[2005/05/04 06:10:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/04 06:04:06 | 000,000,304 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/23 09:59:30 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 19:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 10:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 10:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2011/01/07 19:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/01/02 13:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2006/08/27 21:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/11/22 10:13:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/25 12:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalBlue
[2009/08/28 11:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2010/11/22 10:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/08/27 21:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2006/01/21 21:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra
[2010/04/14 00:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2005/08/21 22:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/22 13:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/10 02:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/11/16 22:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEN-n-ROB\Application Data\Amazon
[2010/11/22 10:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEN-n-ROB\Application Data\AVG10
[2010/11/08 12:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEN-n-ROB\Application Data\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2010/12/20 21:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEN-n-ROB\Application Data\Disney Mix It Plug-in
[2010/06/17 11:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEN-n-ROB\Application Data\Facebook
[2005/05/30 09:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEN-n-ROB\Application Data\Leadertech
[2008/08/23 23:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEN-n-ROB\Application Data\Panasonic
[2011/01/03 20:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEN-n-ROB\Application Data\Smilebox
[2008/01/10 08:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEN-n-ROB\Application Data\Snapfish
[2010/04/14 00:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEN-n-ROB\Application Data\TaxCut
[2010/12/31 14:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEN-n-ROB\Application Data\whitesmoketoolbar
[2011/01/16 13:00:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\onkbecnu.job

========== Purity Check ==========



< End of report >
Extras.Txt:

OTL Extras logfile created on: 1/16/2011 6:56:23 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\JEN-n-ROB\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 149.00 Mb Available Physical Memory | 15.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.22 Gb Total Space | 53.92 Gb Free Space | 36.87% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: KITTRELL | User Name: JEN-n-ROB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:explorer -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\WINLOGON.EXE" = C:\WINDOWS\SYSTEM32\WINLOGON.EXE:*:Enabled:winlogon -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\LSASS.EXE" = C:\WINDOWS\SYSTEM32\LSASS.EXE:*:Enabled:lsass -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04E7A3BB-DB38-481C-A809-35FA60C78EDF}" = AVG 2011
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1445ECFA-AD4B-4f22-A1D2-DDB81354EC1D}" = Snapfish PictureMover
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20292BBB-C7D7-4526-9E38-42C4A5C2A3A6}" = H&R Block Deluxe + Efile 2009
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{24F009D2-7A41-4534-BA08-160E1E7E0DDB}" = msxml4SP2
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2EFF632D-67BF-7E89-BF57-AED9651A18E2}" = Adobe Photoshop Express Uploader
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{5F638781-7754-411F-974C-F20F27292E24}" = VideoCam Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7B0ADD54-01D9-45E7-964A-B4A334F12034}" = Palm VersaMail™
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{863DCE5B-D6CA-4DC5-9F95-7DCFED15DE8F}" = The Print Shop 20
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0
"{A84EB063-10A9-49D5-B64F-EB1192E7EA6F}" = Disney Mix Central
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{E18BCEBF-805F-4D20-BFE2-103BCBFF3C96}" = Disney Mix-It Plug-in and Windows Media Player Skin
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AVG" = AVG 2011
"b7011d88-4676-43bd-1ea8-0c45281b8712" = Contextual Platform Globaladsolution
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop Express Uploader
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"DrawPlus 3.0" = DrawPlus 3.0
"EPSON Printer and Utilities" = EPSON Printer Software
"Google Desktop" = Google Desktop Search
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Ink Monitor" = Ink Monitor
"InstallShield_{24F009D2-7A41-4534-BA08-160E1E7E0DDB}" = msxml4SP2
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mllgpkxocihnp" = RON Too1 Globaladsolution
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyWaySearchAssistantDE" = My Way Search Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Shockwave" = Shockwave
"Swag_Bucks Toolbar" = Swag_Bucks Toolbar
"The Print Shop 10.0" = The Print Shop
"US Supplemental Files" = BSF v6 US Supplemental Files
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"digifast" = DigiFast
"Facebook Plug-In" = Facebook Plug-In
"InstallShield_{7B0ADD54-01D9-45E7-964A-B4A334F12034}" = Palm VersaMail™
"Smilebox" = Smilebox
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/8/2011 12:21:36 AM | Computer Name = KITTRELL | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 1/11/2011 4:52:38 PM | Computer Name = KITTRELL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 1/11/2011 5:16:50 PM | Computer Name = KITTRELL | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 1/13/2011 10:49:18 AM | Computer Name = KITTRELL | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 1/13/2011 7:16:41 PM | Computer Name = KITTRELL | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 1/13/2011 8:23:30 PM | Computer Name = KITTRELL | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 1/14/2011 10:12:24 PM | Computer Name = KITTRELL | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 1/15/2011 4:21:17 PM | Computer Name = KITTRELL | Source = MsiInstaller | ID = 11921
Description = Product: AVG 2011 -- Error 1921. Service 'AVG WatchDog' (avgwd) could
not be stopped. Verify that you have sufficient privileges to stop system services.

Error - 1/15/2011 4:21:52 PM | Computer Name = KITTRELL | Source = MsiInstaller | ID = 11921
Description = Product: AVG 2011 -- Error 1921. Service 'AVG WatchDog' (avgwd) could
not be stopped. Verify that you have sufficient privileges to stop system services.

Error - 1/15/2011 4:22:23 PM | Computer Name = KITTRELL | Source = MsiInstaller | ID = 11921
Description = Product: AVG 2011 -- Error 1921. Service 'AVG WatchDog' (avgwd) could
not be stopped. Verify that you have sufficient privileges to stop system services.

[ System Events ]
Error - 1/15/2011 12:27:34 AM | Computer Name = KITTRELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep iaStor

Error - 1/15/2011 7:21:22 AM | Computer Name = KITTRELL | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 1/15/2011 7:21:23 AM | Computer Name = KITTRELL | Source = Print | ID = 6161
Description = The document <<<*** EPSON EBAPI Dummy Document Data ***>>> owned by
JEN-n-ROB failed to print on printer Dell Photo AIO Printer 922. Data type: RAW.
Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of
pages in the document: 1. Number of pages printed: 0. Client machine: \\KITTRELL.
Win32 error code returned by the print processor: 0 (0x0).

Error - 1/15/2011 7:21:32 AM | Computer Name = KITTRELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep iaStor

Error - 1/15/2011 11:29:45 PM | Computer Name = KITTRELL | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 1/15/2011 11:29:45 PM | Computer Name = KITTRELL | Source = Print | ID = 6161
Description = The document <<<*** EPSON EBAPI Dummy Document Data ***>>> owned by
JEN-n-ROB failed to print on printer Dell Photo AIO Printer 922. Data type: RAW.
Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of
pages in the document: 1. Number of pages printed: 0. Client machine: \\KITTRELL.
Win32 error code returned by the print processor: 0 (0x0).

Error - 1/15/2011 11:29:55 PM | Computer Name = KITTRELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep iaStor

Error - 1/16/2011 4:54:47 PM | Computer Name = KITTRELL | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 1/16/2011 4:54:48 PM | Computer Name = KITTRELL | Source = Print | ID = 6161
Description = The document <<<*** EPSON EBAPI Dummy Document Data ***>>> owned by
JEN-n-ROB failed to print on printer Dell Photo AIO Printer 922. Data type: RAW.
Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of
pages in the document: 1. Number of pages printed: 0. Client machine: \\KITTRELL.
Win32 error code returned by the print processor: 0 (0x0).

Error - 1/16/2011 4:54:56 PM | Computer Name = KITTRELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep iaStor


< End of report >

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:39 AM

Posted 17 January 2011 - 10:20 AM

Okay, we might be able to deal with the infection by using OTL instead of removing AVG to use Combofix. The Whitesmoke toolbar seems to be the problem here,

First, a question:

FF - user.js..browser.search.defaultenginename: "Yoog Search"


This shows Yoog as your search engine choice. Are you aware of this?
Posted Image
m0le is a proud member of UNITE

#13 gheniphre

gheniphre
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 17 January 2011 - 12:47 PM

no, I have no idea what Yoog is, for a search engine.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:39 AM

Posted 17 January 2011 - 08:00 PM

Okay, we'll remove that too. I'm also removing Swag Bucks but if you did want it then you can redownload it without any problems. If you feel confident enough you can remove any entries below with "swag bucks" in them if you want to avoid removing it at all. Your choice.

This list below will also tell you how infected you are...

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwa1.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www10.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www10.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www10.yoog.com/search.php?q="
[2011/01/06 06:05:03 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/01/06 06:05:10 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com
[2011/01/10 22:21:40 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\searchplugins\swagbuckscom.xml
[2009/08/03 13:05:43 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\searchplugins\Yoog Search.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwa1.dll (Conduit Ltd.)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwa1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\tbSwa1.dll (Conduit Ltd.)
[2010/12/29 17:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2010/12/29 17:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2011/01/16 13:00:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\onkbecnu.job
[2009/01/19 13:06:13 | 001,406,503 | -HS- | C] () -- C:\WINDOWS\System32\rwhdhkwi.ini
[2009/01/11 09:06:17 | 001,346,100 | -HS- | C] () -- C:\WINDOWS\System32\qwdbhonm.ini
[2009/01/08 19:31:29 | 001,346,100 | -HS- | C] () -- C:\WINDOWS\System32\ifgqqhqb.ini
[2009/01/05 20:15:55 | 001,330,829 | -HS- | C] () -- C:\WINDOWS\System32\sixhhxbk.ini
[2009/01/04 12:59:31 | 001,309,271 | -HS- | C] () -- C:\WINDOWS\System32\wsesovxj.ini
[2009/01/01 15:42:48 | 001,309,235 | -HS- | C] () -- C:\WINDOWS\System32\xckanmku.ini
[2008/12/26 11:29:32 | 001,309,235 | -HS- | C] () -- C:\WINDOWS\System32\ehxnpkrp.ini
[2008/12/24 07:14:31 | 001,748,900 | -HS- | C] () -- C:\WINDOWS\System32\fmoljgrl.ini
[2008/12/23 07:20:32 | 001,748,900 | -HS- | C] () -- C:\WINDOWS\System32\pgwcwvqg.ini
[2008/12/22 07:14:31 | 001,748,900 | -HS- | C] () -- C:\WINDOWS\System32\kawokdgl.ini
[2008/12/15 11:42:55 | 001,748,900 | -HS- | C] () -- C:\WINDOWS\System32\efqnascs.ini
[2008/12/14 18:28:04 | 001,730,777 | -HS- | C] () -- C:\WINDOWS\System32\afsibnks.ini
[2008/12/13 11:41:47 | 001,730,777 | -HS- | C] () -- C:\WINDOWS\System32\wuhvsoos.ini
[2008/12/11 09:50:34 | 001,730,777 | -HS- | C] () -- C:\WINDOWS\System32\axqltvyi.ini
[2008/12/10 09:50:34 | 001,658,469 | -HS- | C] () -- C:\WINDOWS\System32\sdfhexfq.ini
[2008/12/09 09:50:34 | 001,620,759 | -HS- | C] () -- C:\WINDOWS\System32\fxrjoofc.ini
[2008/12/08 09:47:34 | 001,620,759 | -HS- | C] () -- C:\WINDOWS\System32\fsbewflh.ini
[2008/12/07 09:47:51 | 001,479,822 | -HS- | C] () -- C:\WINDOWS\System32\mbwgbxte.ini
[2008/12/07 09:08:26 | 001,479,822 | -HS- | C] () -- C:\WINDOWS\System32\sfuoqjol.ini
[2008/12/06 08:21:49 | 001,479,822 | -HS- | C] () -- C:\WINDOWS\System32\oyfbjnsm.ini
[2008/12/06 08:20:43 | 000,008,198 | -HS- | C] () -- C:\WINDOWS\System32\xxxwFfii.ini2
[2008/12/06 08:20:43 | 000,008,198 | -HS- | C] () -- C:\WINDOWS\System32\xxxwFfii.ini
[2010/12/31 14:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEN-n-ROB\Application Data\whitesmoketoolbar
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Posted Image
m0le is a proud member of UNITE

#15 gheniphre

gheniphre
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 17 January 2011 - 09:03 PM

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\ deleted successfully.
C:\Program Files\Swag_Bucks\tbSwa1.dll moved successfully.
Prefs.js: "Yoog Search" removed from browser.search.defaultenginename
Prefs.js: "Swag Bucks Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://www10.yoog.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "Yoog Search" removed from browser.search.selectedEngine
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\FireFox\Profiles\8itl2mj8.default\user.js moved successfully.
Folder move failed. C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\searchplugin scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\META-INF scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\lib scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com\searchplugin scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com\META-INF scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com\lib scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com\DualPackage scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com\components scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com\chrome scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com scheduled to be moved on reboot.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\searchplugins\swagbuckscom.xml moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\searchplugins\Yoog Search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\ not found.
File C:\Program Files\Swag_Bucks\tbSwa1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ not found.
File C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\ not found.
File C:\Program Files\Swag_Bucks\tbSwa1.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}\ not found.
File C:\Program Files\Swag_Bucks\tbSwa1.dll not found.
C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar folder moved successfully.
C:\Program Files\whitesmoketoolbar\components folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\options folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\weather folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\search folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\rss folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\dynamicElements folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\newtab\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\newtab folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\modules folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\lib folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome folder moved successfully.
C:\Program Files\whitesmoketoolbar folder moved successfully.
C:\WINDOWS\tasks\onkbecnu.job moved successfully.
C:\WINDOWS\SYSTEM32\rwhdhkwi.ini moved successfully.
C:\WINDOWS\SYSTEM32\qwdbhonm.ini moved successfully.
C:\WINDOWS\SYSTEM32\ifgqqhqb.ini moved successfully.
C:\WINDOWS\SYSTEM32\sixhhxbk.ini moved successfully.
C:\WINDOWS\SYSTEM32\wsesovxj.ini moved successfully.
C:\WINDOWS\SYSTEM32\xckanmku.ini moved successfully.
C:\WINDOWS\SYSTEM32\ehxnpkrp.ini moved successfully.
C:\WINDOWS\SYSTEM32\fmoljgrl.ini moved successfully.
C:\WINDOWS\SYSTEM32\pgwcwvqg.ini moved successfully.
C:\WINDOWS\SYSTEM32\kawokdgl.ini moved successfully.
C:\WINDOWS\SYSTEM32\efqnascs.ini moved successfully.
C:\WINDOWS\SYSTEM32\afsibnks.ini moved successfully.
C:\WINDOWS\SYSTEM32\wuhvsoos.ini moved successfully.
C:\WINDOWS\SYSTEM32\axqltvyi.ini moved successfully.
C:\WINDOWS\SYSTEM32\sdfhexfq.ini moved successfully.
C:\WINDOWS\SYSTEM32\fxrjoofc.ini moved successfully.
C:\WINDOWS\SYSTEM32\fsbewflh.ini moved successfully.
C:\WINDOWS\SYSTEM32\mbwgbxte.ini moved successfully.
C:\WINDOWS\SYSTEM32\sfuoqjol.ini moved successfully.
C:\WINDOWS\SYSTEM32\oyfbjnsm.ini moved successfully.
C:\WINDOWS\SYSTEM32\xxxwFfii.ini2 moved successfully.
C:\WINDOWS\SYSTEM32\xxxwFfii.ini moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\whitesmoketoolbar folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.20.2 log created on 01172011_175607

Files\Folders moved on Reboot...
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\searchplugin folder moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\META-INF folder moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\lib folder moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\defaults folder moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components folder moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\chrome folder moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} folder moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Documents and Settings\JEN-n-ROB\Application Data\Mozilla\Firefox\Profiles\8itl2mj8.default\extensions\engine@conduit.com folder moved successfully.

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users