Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.agent.fbx infection


  • This topic is locked This topic is locked
36 replies to this topic

#1 jt922554

jt922554

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 10 February 2011 - 09:04 AM

Hello All.

I have discovered that my Toshiba Satellite laptop is infected with the win32.agent.fbx malware. I have tried several online solutions but have been unable to eradicate the problem.

I have followed the Preparation guide before using removal and reporting guide, but have run into some problems.

- DDS.scr freezes in the same place after several attepts to run programme. I waited approx 1 hour before re-running each program. Laptop freezes and only able to shut down using power on/off button. Could not generate logfile.

- GMER did not show dialogue box for full scan or not.

- HJT could not access Hosts file and generated error warning - (error occurred at procedure: modMain_CheckOther procedure1Item()
error #75 - path/file access area). Logfile saved to HJT folder

EDIT: Please be patient. There are over 180 unanswered topics in this forum at present and the current average wait time to receive help is 6 days. ~BP

Attached Files


Edited by Budapest, 14 February 2011 - 04:31 PM.


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:15 AM

Posted 16 February 2011 - 10:34 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL Report

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


We also need a log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.


#3 jt922554

jt922554
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 17 February 2011 - 04:39 PM

Here is the log from OTL:

OTL logfile created on: 2/17/2011 8:22:50 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\terry\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.00 Mb Total Physical Memory | 180.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 43.55 Gb Free Space | 59.60% Space Free | Partition Type: NTFS

Computer Name: TERRY-PC | User Name: terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/17 20:04:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\terry\Desktop\OTL.exe
PRC - [2011/02/09 20:32:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/30 15:00:00 | 000,608,584 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2009/04/11 06:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/19 07:33:23 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
PRC - [2006/11/29 04:05:38 | 000,523,952 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2006/11/20 20:15:14 | 000,446,128 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2006/09/12 16:03:20 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/24 00:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/07/20 20:54:28 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2006/07/20 20:44:02 | 000,462,848 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\Ivpsvmgr.exe
PRC - [2006/05/26 02:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/04/28 17:14:44 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2011/02/17 20:04:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\terry\Desktop\OTL.exe
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (avg8emc)
SRV - [2011/01/20 13:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/08 19:37:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/04/11 06:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/04/11 06:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/04/11 06:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/12 16:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/24 00:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/07/20 20:54:28 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2006/05/26 02:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:58 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:54 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:52 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/11 04:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/11/14 18:53:10 | 000,014,864 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/01/09 08:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/11/25 05:46:38 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/20 06:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 09:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 09:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 09:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 09:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 19:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/28 03:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/08/31 14:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/02/14 18:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2005/09/27 23:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2005/01/19 10:14:38 | 000,211,712 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Labtec WebCam(PID_0928)
DRV - [2005/01/19 10:11:16 | 000,022,016 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2002/04/11 15:21:38 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1593739338-757228706-3972918797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1593739338-757228706-3972918797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1593739338-757228706-3972918797-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1593739338-757228706-3972918797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/06 00:25:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/09 20:32:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/09 20:32:14 | 000,000,000 | ---D | M]

[2011/02/08 17:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\terry\AppData\Roaming\Mozilla\Extensions
[2011/02/17 20:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\terry\AppData\Roaming\Mozilla\Firefox\Profiles\hlcoxnd9.default\extensions
[2011/02/09 19:07:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\terry\AppData\Roaming\Mozilla\Firefox\Profiles\hlcoxnd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/08 20:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/08 18:28:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/06 00:25:15 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/02/08 18:27:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/02/09 18:40:48 | 000,429,885 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14800 more lines...
O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1593739338-757228706-3972918797-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/17 20:21:33 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\terry\Desktop\OTL.exe
[2011/02/10 02:37:38 | 000,000,000 | ---D | C] -- C:\hjt
[2011/02/10 02:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\hjt
[2011/02/09 22:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/02/09 22:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011/02/09 22:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/02/09 21:54:38 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 21:54:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 21:54:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/09 21:54:25 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 21:54:24 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 21:54:07 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/09 21:54:07 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/09 21:54:07 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/02/09 21:54:06 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/09 21:54:05 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/09 21:54:05 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/09 21:54:05 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/09 21:54:05 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/09 21:54:04 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/09 21:54:04 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/09 21:54:04 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/09 21:54:04 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/09 21:54:03 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/09 21:54:03 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/09 21:54:02 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/09 21:54:02 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/09 21:54:01 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/09 21:54:01 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/09 21:54:01 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/09 21:54:00 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/09 21:53:59 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/09 21:53:59 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/09 21:53:55 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/09 21:53:55 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/09 21:53:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/09 21:52:29 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/09 21:52:29 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 21:52:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 21:52:28 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 21:52:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 21:52:25 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 21:52:25 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/09 21:52:25 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/09 21:52:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/09 21:52:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/09 21:52:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/09 21:52:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 21:52:23 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/09 21:52:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 21:52:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/09 21:52:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/09 21:52:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 20:03:23 | 000,000,000 | ---D | C] -- C:\Users\terry\AppData\Roaming\vlc
[2011/02/09 20:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/02/09 20:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/02/09 18:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/09 18:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/02/09 18:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/09 18:13:46 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\terry\Desktop\spybotsd162.exe
[2011/02/08 20:07:49 | 000,000,000 | ---D | C] -- C:\Users\terry\AppData\Roaming\SUPERAntiSpyware.com
[2011/02/08 20:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/02/08 20:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/02/08 20:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/08 19:59:36 | 010,368,456 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\terry\Desktop\SUPERAntiSpyware.exe
[2011/02/08 18:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/02/08 18:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/08 18:28:52 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/02/08 18:28:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/08 18:28:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/08 18:28:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/08 18:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/02/08 17:55:03 | 000,000,000 | ---D | C] -- C:\Users\terry\AppData\Local\Mozilla
[2011/02/08 17:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/02/08 17:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/02/06 01:33:57 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/02/06 00:32:42 | 000,000,000 | ---D | C] -- C:\Users\terry\AppData\Roaming\AVG10
[2011/02/06 00:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/02/05 23:51:48 | 000,000,000 | ---D | C] -- C:\Users\terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/02/05 23:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/02/05 23:29:34 | 000,000,000 | ---D | C] -- C:\Users\terry\AppData\Roaming\Malwarebytes
[2011/02/05 23:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/05 23:29:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/05 23:29:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/05 23:29:22 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/02/05 23:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/05 22:38:55 | 000,000,000 | ---D | C] -- C:\Users\terry\AppData\Roaming\Local
[2011/02/05 22:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/02/05 22:27:30 | 000,000,000 | ---D | C] -- C:\Users\terry\AppData\Roaming\DivX
[2011/02/05 22:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/02/05 22:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011/02/05 22:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/02/05 22:04:44 | 018,716,872 | ---- | C] (DivX, Inc.) -- C:\Users\terry\Desktop\DivXInstaller.exe
[2011/02/03 00:45:02 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/02/03 00:44:41 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/02/03 00:44:35 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/02/03 00:44:34 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/02/03 00:44:33 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/02/03 00:44:25 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/02/03 00:44:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/02/03 00:43:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

========== Files - Modified Within 30 Days ==========

[2011/02/17 20:22:00 | 000,632,562 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/17 20:22:00 | 000,111,532 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/17 20:17:41 | 106,349,959 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/02/17 20:06:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/17 20:06:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/17 20:05:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/17 20:05:28 | 000,318,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/17 20:04:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\terry\Desktop\OTL.exe
[2011/02/10 02:47:57 | 000,029,742 | ---- | M] () -- C:\Users\terry\Documents\cc_20110210_024752.reg
[2011/02/10 02:41:35 | 000,000,304 | ---- | M] () -- C:\Users\terry\Desktop\SQ004248V08 ©.lnk
[2011/02/10 02:32:19 | 000,000,184 | ---- | M] () -- C:\Users\terry\Desktop\Lexar (E) - Shortcut.lnk
[2011/02/10 02:24:52 | 000,251,392 | ---- | M] () -- C:\Users\terry\Desktop\hijackthis_sfx.exe
[2011/02/10 00:45:22 | 000,000,000 | ---- | M] () -- C:\Users\terry\defogger_reenable
[2011/02/09 22:05:32 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/02/09 22:05:32 | 000,001,799 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/02/09 22:01:39 | 019,973,448 | ---- | M] () -- C:\Users\terry\Desktop\winzip150.exe
[2011/02/09 21:54:14 | 000,288,107 | ---- | M] () -- C:\Users\terry\Desktop\gmer.zip
[2011/02/09 21:52:30 | 000,624,128 | ---- | M] () -- C:\Users\terry\Desktop\dds.scr
[2011/02/09 20:06:08 | 000,015,872 | ---- | M] () -- C:\Users\terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/09 20:03:08 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/02/09 20:00:04 | 020,364,702 | ---- | M] () -- C:\Users\terry\Desktop\vlc-1.1.7-win32.exe
[2011/02/09 18:44:41 | 000,000,067 | ---- | M] () -- C:\Windows\swupdate.INI
[2011/02/09 18:40:48 | 000,429,885 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/09 18:16:26 | 000,001,090 | ---- | M] () -- C:\Users\terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/09 18:16:26 | 000,001,066 | ---- | M] () -- C:\Users\terry\Desktop\Spybot - Search & Destroy.lnk
[2011/02/09 18:14:16 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\terry\Desktop\spybotsd162.exe
[2011/02/08 22:32:17 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/02/08 22:21:03 | 000,026,684 | ---- | M] () -- C:\Users\terry\Documents\cc_20110208_222058.reg
[2011/02/08 20:12:11 | 010,368,456 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\terry\Desktop\SUPERAntiSpyware.exe
[2011/02/08 20:07:40 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/08 19:56:46 | 000,050,477 | ---- | M] () -- C:\Users\terry\Desktop\Defogger.exe
[2011/02/08 18:55:28 | 000,050,477 | ---- | M] () -- C:\Users\terry\Desktop\Defogger.exe.part
[2011/02/08 18:27:55 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/08 18:27:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/08 18:27:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/08 18:27:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/02/08 17:54:57 | 000,001,759 | ---- | M] () -- C:\Users\terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/08 17:54:57 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/06 00:26:48 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/02/06 00:16:45 | 000,100,850 | ---- | M] () -- C:\Users\terry\Documents\cc_20110206_001637.reg
[2011/02/05 23:51:48 | 000,000,815 | ---- | M] () -- C:\Users\terry\Desktop\CCleaner.lnk
[2011/02/05 23:29:26 | 000,000,611 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/05 22:39:04 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/02/05 22:06:08 | 000,000,090 | ---- | M] () -- C:\Users\terry\AppData\Local\kebebwsw.bat
[2011/02/03 01:04:34 | 000,003,798 | ---- | M] () -- C:\Windows\machine.ver
[2011/01/20 16:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/01/20 16:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/01/20 16:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/01/20 16:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/01/20 16:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/01/20 16:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/01/20 16:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/01/20 16:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/01/20 16:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/01/20 16:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/01/20 14:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/01/20 14:27:50 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/01/20 14:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/01/20 14:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/01/20 14:24:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/01/20 14:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/01/20 14:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/01/20 14:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/01/20 14:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/01/20 14:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/01/20 14:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/01/20 14:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/01/20 13:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/01/20 13:44:05 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/01/20 13:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll

========== Files Created - No Company Name ==========

[2011/02/10 02:47:55 | 000,029,742 | ---- | C] () -- C:\Users\terry\Documents\cc_20110210_024752.reg
[2011/02/10 02:41:35 | 000,000,304 | ---- | C] () -- C:\Users\terry\Desktop\SQ004248V08 ©.lnk
[2011/02/10 02:40:49 | 000,251,392 | ---- | C] () -- C:\Users\terry\Desktop\hijackthis_sfx.exe
[2011/02/10 02:32:19 | 000,000,184 | ---- | C] () -- C:\Users\terry\Desktop\Lexar (E) - Shortcut.lnk
[2011/02/10 00:45:22 | 000,000,000 | ---- | C] () -- C:\Users\terry\defogger_reenable
[2011/02/09 22:05:32 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/02/09 22:05:32 | 000,001,799 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/02/09 22:00:57 | 019,973,448 | ---- | C] () -- C:\Users\terry\Desktop\winzip150.exe
[2011/02/09 21:54:56 | 000,288,107 | ---- | C] () -- C:\Users\terry\Desktop\gmer.zip
[2011/02/09 21:53:08 | 000,624,128 | ---- | C] () -- C:\Users\terry\Desktop\dds.scr
[2011/02/09 20:03:08 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/02/09 19:58:45 | 020,364,702 | ---- | C] () -- C:\Users\terry\Desktop\vlc-1.1.7-win32.exe
[2011/02/09 18:16:26 | 000,001,090 | ---- | C] () -- C:\Users\terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/09 18:16:26 | 000,001,066 | ---- | C] () -- C:\Users\terry\Desktop\Spybot - Search & Destroy.lnk
[2011/02/08 22:21:01 | 000,026,684 | ---- | C] () -- C:\Users\terry\Documents\cc_20110208_222058.reg
[2011/02/08 20:07:40 | 000,001,811 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/08 18:55:27 | 000,050,477 | ---- | C] () -- C:\Users\terry\Desktop\Defogger.exe
[2011/02/08 18:54:59 | 000,050,477 | ---- | C] () -- C:\Users\terry\Desktop\Defogger.exe.part
[2011/02/08 17:54:57 | 000,001,759 | ---- | C] () -- C:\Users\terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/08 17:54:57 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/06 00:48:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/06 00:26:48 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/02/06 00:16:42 | 000,100,850 | ---- | C] () -- C:\Users\terry\Documents\cc_20110206_001637.reg
[2011/02/05 23:51:48 | 000,000,815 | ---- | C] () -- C:\Users\terry\Desktop\CCleaner.lnk
[2011/02/05 23:29:26 | 000,000,611 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/05 22:35:17 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/02/03 00:12:49 | 000,000,090 | ---- | C] () -- C:\Users\terry\AppData\Local\kebebwsw.bat
[2010/08/19 15:44:17 | 000,000,091 | ---- | C] () -- C:\Users\terry\AppData\Local\nffddvvn.bat
[2010/03/14 09:21:07 | 000,000,091 | ---- | C] () -- C:\Users\terry\AppData\Local\uudcrq.bat
[2009/11/19 11:31:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/26 18:03:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/05/25 19:40:25 | 000,000,089 | ---- | C] () -- C:\Users\terry\AppData\Local\icdghcv.bat
[2008/02/16 18:04:31 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/02/16 17:56:35 | 000,000,019 | ---- | C] () -- C:\Windows\SoundConverter.INI
[2008/02/15 06:09:39 | 000,001,829 | ---- | C] () -- C:\ProgramData\Nokia Connectivity Cable Driver 1.00.150.2.LOG
[2008/02/15 06:07:33 | 000,001,732 | ---- | C] () -- C:\ProgramData\Nokia PC Suite 6.60.16.LOG
[2007/12/15 13:30:45 | 000,000,680 | ---- | C] () -- C:\Users\terry\AppData\Local\d3d9caps.dat
[2007/09/12 06:00:43 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2007/08/06 18:44:42 | 000,663,552 | ---- | C] () -- C:\Windows\System32\libeay32_1-1-0_DDR.dll
[2007/08/06 18:44:42 | 000,532,594 | ---- | C] () -- C:\Windows\System32\xerces-c_1_40_0_DDR.dll
[2007/08/06 18:44:42 | 000,524,377 | ---- | C] () -- C:\Windows\System32\stlport_4_0_0_DDR.dll
[2007/08/06 18:44:42 | 000,307,329 | ---- | C] () -- C:\Windows\System32\BJBase_2-2-2_DDR.dll
[2007/08/06 18:44:42 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32_1-1-0_DDR.dll
[2007/08/06 07:48:52 | 000,015,872 | ---- | C] () -- C:\Users\terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/01 01:17:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2006/12/01 01:06:21 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2006/12/01 01:06:21 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2006/12/01 01:06:21 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2006/12/01 01:06:21 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2006/12/01 01:06:21 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2006/12/01 01:06:21 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2006/12/01 00:54:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2006/12/01 00:54:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2006/12/01 00:54:34 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2006/12/01 00:54:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/01/19 08:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA701346

< End of report >


Here is the log from EXTRA:

OTL Extras logfile created on: 2/17/2011 8:22:50 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\terry\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.00 Mb Total Physical Memory | 180.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 43.55 Gb Free Space | 59.60% Space Free | Partition Type: NTFS

Computer Name: TERRY-PC | User Name: terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1593739338-757228706-3972918797-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3AE4E6DD-C8DD-4493-96B4-BB602BA2C7D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7A6070DC-4E00-4C07-8053-EFA64303B484}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BF003092-D964-4D20-8E1F-41F7F8869F19}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E91E913A-2574-47A2-8528-BBE374CA7EED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F930AF69-53C0-48A7-A550-6A0C38D9666C}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26E5EF69-EB97-45CA-A40F-7BEFA547195B}" = protocol=6 | dir=in | app=c:\program files\voipstunt.com\voipstunt\voipstunt.exe |
"{41C57BE7-A49C-484A-97D1-DCCCA43D0AA4}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{4BBB1BD1-7011-4767-BEBC-74C8BB722964}" = protocol=6 | dir=out | app=system |
"{60FD4011-FB65-4943-92D2-698EF5616673}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{6477000F-BB20-44F9-A40F-B78B182D62AE}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{6EDA7EC0-EEB5-48C6-9775-34690397EE7A}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{7C8D6665-75DF-41D4-9F92-1ACD980ABE44}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{8B443B56-B143-47E9-8FF6-23980A68D068}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{A03D76BB-D76A-41D2-A7E2-C595C31C94B4}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{A4C8BEE6-D124-4277-A158-EC40CFBB5029}" = protocol=17 | dir=in | app=c:\program files\voipstunt.com\voipstunt\voipstunt.exe |
"{A5E1497F-4A13-44C7-9E91-DCE1B941FDE7}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{BE1B8ABE-52EC-4924-9562-7090CDFB5F13}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{C1227AD1-5914-42CD-8F6D-10AA3C2DFD28}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{C1D7B265-B53A-4471-B953-0AF82BFE5C7C}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{C529568A-39D3-4D09-B180-B8805FC50567}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{C6D879B3-0D5F-4399-A294-E0DF5B08422C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{C7B4F2DC-B30E-4775-BAE1-6EB1632936F0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{DE1CF0C3-3114-4DDF-B770-69B49D55FE16}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{E3CB13B6-921F-4750-A9EB-5FEC351E6A70}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"TCP Query User{021E2CB8-6FF9-4510-AA1A-CC8B37768409}C:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe |
"TCP Query User{15FDDA4E-0E81-4027-857B-F81334DAA15B}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{1D204E7B-A2BD-4320-82FF-AC7DE26344FD}C:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe |
"TCP Query User{3E64BD92-00DA-4310-B243-28F2A60CF104}C:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe |
"TCP Query User{424F1BD1-A264-4C78-B2C2-D936132A6919}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{426F83FF-609D-453D-B43E-07A6F995E1EE}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{5358CFDC-7D7C-48AA-AFEC-3582E6AE2C95}C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-engb-downloader.exe |
"TCP Query User{659ECD9B-3BFA-4BDD-A7D7-888E5BFE01BE}C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-engb-downloader.exe |
"TCP Query User{6807683C-C41F-4A77-AA38-FBED3EF55F29}C:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{71389A4F-E55E-43E7-95BE-71EE6BEC96E1}C:\users\terry\appdata\local\microsoft\windows\temporary internet files\content.ie5\d4leflwf\web-wowex-english-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\terry\appdata\local\microsoft\windows\temporary internet files\content.ie5\d4leflwf\web-wowex-english-downloader[1].exe |
"TCP Query User{88365400-FEBE-4540-9BF5-6C6E41310C34}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{99FAA51A-F6E8-4B94-B560-2B6F92781DFA}C:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe |
"TCP Query User{A0F2D9C7-D29A-4413-8521-B79C3BBE8745}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A3D6852D-C6A7-41DE-979C-06FF05D0ED90}C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-engb-downloader.exe |
"TCP Query User{A85E27C2-BFBF-4296-980C-A01861A22A22}C:\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
"TCP Query User{AAE277B3-028F-4BC9-A762-A06D84490FA8}C:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe |
"TCP Query User{AB394A1C-C8D1-403E-9358-5683B5A111B8}C:\world of warcraft\wow-3.3.5.12340-x86-win-engb-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.3.5.12340-x86-win-engb-bkgnd-downloader.exe |
"TCP Query User{B4D48B86-ECE7-42B7-8969-CA46869C47B6}C:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe |
"TCP Query User{BDB6E0A9-EAB5-4A49-94A4-D86B5DC2F982}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{CB9FC0B0-7911-44FB-82AC-9A43AEAC63C9}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"TCP Query User{F61427E5-EFB8-40CB-93E0-6786CA7574EB}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{0F404C60-EE3C-47BF-A37D-4835316EB5CA}C:\users\terry\appdata\local\microsoft\windows\temporary internet files\content.ie5\d4leflwf\web-wowex-english-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\terry\appdata\local\microsoft\windows\temporary internet files\content.ie5\d4leflwf\web-wowex-english-downloader[1].exe |
"UDP Query User{2301A45E-BF57-4079-A398-93D5DB004122}C:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe |
"UDP Query User{27B0D2FA-3888-41CE-A121-DA17AFEE2C49}C:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe |
"UDP Query User{2A717C1F-4D75-4A7D-BD66-E91D76F5BFF6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{324F1D7F-5656-43F1-AB27-73EDE55798F8}C:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{3DB6A9C0-9435-4ED0-9C96-3CE6CC5FA083}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{508BE8D7-019E-4E54-B059-CFC40EC40F9A}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{537EDAE8-A27D-44BD-9B74-8F937A868BB3}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{7364A777-9825-4AA2-B52B-D72F0257A59D}C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-engb-downloader.exe |
"UDP Query User{7725FADC-F36C-4279-9B52-B8722630A317}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{7CF66F24-EEEB-4305-923C-CC6A232745EE}C:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe |
"UDP Query User{94562EC4-FBFD-4573-A1B8-A64A105911CE}C:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe |
"UDP Query User{ABD7E706-2430-4575-9C07-6AB80DB07429}C:\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
"UDP Query User{B8BF79A6-FBBC-4540-ACCA-94C96A474211}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{C3A930AB-327E-46E6-B729-716D7DE967FD}C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-engb-downloader.exe |
"UDP Query User{D2D7C9BA-E24C-47C5-ABC6-818C2050F0DB}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{DE6800B2-7419-44CF-9425-4ACC6B38E5E8}C:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe |
"UDP Query User{E0C44B02-6D58-46DD-901B-325B17F681A6}C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-engb-downloader.exe |
"UDP Query User{E9862829-C566-4A1E-BB64-C534F0EA66EA}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{E9A1CC9E-5BE9-4597-A03B-82A91DD2EAFD}C:\world of warcraft\wow-3.3.5.12340-x86-win-engb-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.3.5.12340-x86-win-engb-bkgnd-downloader.exe |
"UDP Query User{EA964609-FC08-482B-96D4-F5BB991BD3EF}C:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2564A40D-2216-99F0-2AC1-5F7FF0291EFE}" = ATI Catalyst Control Center Ex
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{271BFE2F-CDC1-4E2B-A04A-0FEE27083B58}" = TOSHIBA Supervisor Password
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E619CE4-15A9-4540-B0CC-FF2331F563B5}" = TOSHIBA Hardware Setup
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A46AA50A-5A57-3A6B-B09E-628C09CB7679}" = ATI Catalyst Install Manager
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"AVG" = AVG 2011
"BroadJump Client Foundation" = BroadJump Client Foundation
"bymjqnc" = Favorit
"CCleaner" = CCleaner
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"VLC media player" = VLC media player 1.1.7

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/20/2010 4:43:48 PM | Computer Name = terry-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/20/2010 5:02:12 PM | Computer Name = terry-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/20/2010 5:02:16 PM | Computer Name = terry-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/20/2010 5:02:22 PM | Computer Name = terry-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/23/2010 2:13:01 PM | Computer Name = terry-PC | Source = EventSystem | ID = 4621
Description =

Error - 12/27/2010 4:39:11 PM | Computer Name = terry-PC | Source = EventSystem | ID = 4621
Description =

Error - 1/5/2011 2:37:09 PM | Computer Name = Connor-PC | Source = Windows Backup | ID = 4104
Description =

Error - 2/2/2011 7:56:54 PM | Computer Name = Connor-PC | Source = System Restore | ID = 8199
Description =

Error - 2/2/2011 8:11:30 PM | Computer Name = terry-PC | Source = ESENT | ID = 455
Description = Catalog Database (1528) Catalog Database: Error -1811 occurred while
opening logfile C:\Windows\system32\CatRoot2\edb0014B.log.

Error - 2/2/2011 8:11:33 PM | Computer Name = terry-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

[ System Events ]
Error - 2/10/2011 7:09:56 AM | Computer Name = terry-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/10/2011 8:29:31 AM | Computer Name = terry-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:14:43 PM on 2/10/2011 was unexpected.

Error - 2/10/2011 8:30:04 AM | Computer Name = TERRY-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 2/10/2011 8:30:04 AM | Computer Name = TERRY-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/10/2011 8:29:25 AM | Computer Name = terry-PC | Source = R300 | ID = 43015
Description = I2c return failed

Error - 2/10/2011 8:29:25 AM | Computer Name = terry-PC | Source = R300 | ID = 43015
Description = I2c return failed

Error - 2/17/2011 4:04:32 PM | Computer Name = terry-PC | Source = R300 | ID = 43015
Description = I2c return failed

Error - 2/17/2011 4:04:32 PM | Computer Name = terry-PC | Source = R300 | ID = 43015
Description = I2c return failed

Error - 2/17/2011 4:05:56 PM | Computer Name = terry-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 2/17/2011 4:05:56 PM | Computer Name = terry-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >

#4 jt922554

jt922554
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 17 February 2011 - 08:27 PM

Here's the GMER Log:


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-17 21:22:04
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541680J9SA00 rev.SB2OC70P
Running: gmer.exe; Driver: C:\Users\terry\AppData\Local\Temp\kwlcipob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9945B780]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9945B830]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9945B8D0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9945B970]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 5E1 8246EBD8 4 Bytes [80, B7, 45, 99]
.text ntoskrnl.exe!KeInsertQueue + 811 8246EE08 8 Bytes [30, B8, 45, 99, D0, B8, 45, ...] {XOR [EAX-0x472f66bb], BH; INC EBP; CDQ }
.text ntoskrnl.exe!KeInsertQueue + 871 8246EE68 4 Bytes [70, B9, 45, 99] {JO 0xffffffffffffffbb; INC EBP; CDQ }

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[404] ntdll.dll!LdrLoadDll 772A93A8 5 Bytes JMP 008713F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:15 PM

Posted 19 February 2011 - 05:13 AM

Hi, and sorry for the delay.

First of all, can you describe any problems with your computer; I don't see very much wrong here. Do you have typical symptoms like google redirects, pop ups, extreme slowness, strange error message... ?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 jt922554

jt922554
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 19 February 2011 - 06:09 AM

Hello

The infection was found using SpyBot S+D. No other programme picked it up

The computer is running Vista Home edition

Firefox is browser of choice

Well, the main thing is that when I download programmes, the download dialogue box pops up, everything seems ok. But when I try to open the programme, nothing happens. Checking the download folder location reveals no download!! This has happened several times. I now resort to downloading the required programme onto a memory stick from my computer (the problem laptop belongs to my wife). I have checked and rechecked the download location and searched the computer but the download isnt there

I have also noticed that the computer slows down the longer it is left on, but I'm not sure if this is just the computer specs. My wife only uses it to surf the web.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:15 PM

Posted 19 February 2011 - 06:43 AM

Can you please verify if you have the same download problem using Internet Explorer. That way we can see if the problem is firefox related or more general.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 jt922554

jt922554
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 19 February 2011 - 07:43 AM

Hello again

Just tried downloading cccleaner and spywareblaster using IE.

Same problem as before, seems to download ok but cant find the download on the computer

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:15 PM

Posted 19 February 2011 - 08:09 AM

Please try the following (download using a working computer):

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 jt922554

jt922554
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 19 February 2011 - 10:04 AM

Hi

I followed the instructions on how to disable the various antivirus/spyware guide but ran into a few problems.
I disconnected from the internet
I disabled AVG 2011 (had to unistalled program in the end)
I turned off windows firewall
SpyBot Tea timer wasn't running anyway
Defender was already turned off
Ran ComboFix

ComboFix reported that it could not run while AVG was running - even though I had already disabled AVG
Then I had trouble uninstalling AVG but eventually managed to successfully uninstall the program
restarted computer

Started ComboFix and it ran ok for about 15-20 minutes, then the "drive Busy" light stopped. Waited a further 15 minutes but now the keyboard and mouse has frozen. ComboFix is still showing the "Autoscan - scanning for infected files..." window

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:15 PM

Posted 19 February 2011 - 10:27 AM

Give it another 10-15 minutes and if nothing has changed, manually reboot your computer and let me know what happens (does combofix restart and produce a log, or doesn't it come up at all).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 jt922554

jt922554
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 19 February 2011 - 11:54 AM

Thanks for all your help so far. Its much appreciated.

Computer still frozen after 15 mins

Restarted computer as instructed

Rebooted into safe mode

Ran Combofix. "Drive busy" light stopped working after approx 15 mins but didnt freeze. Was able to use mouse and keyboard

Rebooted into normal windows

There is no log in C:\combofix.txt

There is an icon in c:\ which wasn't there before. Its named "Combofix". When I mouseover the icon it says "Shows the disk drives and hardware connected to this computer". The icon is similar to the one used by "My Computer". When the icon is clicked it brings up the C:\ window, showing drives connected to the computer

Combofix did not restart

Edited by jt922554, 19 February 2011 - 11:59 AM.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:15 PM

Posted 19 February 2011 - 12:35 PM

That Icon is normal when combofix doesn't finish successfully. Can you please try to rerun it from safe mode?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 jt922554

jt922554
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 19 February 2011 - 01:55 PM

Right, just noticed something that popped up when Combofix started to run. (I normally start the programme then go into the living room for 10-20 mins. I missed the startup dialogue.)

Rebooted computer to safe mode.

Started Combofix.

The startup screen appears. The text says " Please wait. Combofix is preparing to run.
Literally 1/2 second later the following text appears:
"Access denied. Administrator permissions are needed to use the selected options. Please use administrator command prompt to complete these tasks".
(I already run the programme as administrator, using right click on ComboFix icon and run as administrator)

A program then runs and a double progress bar appears. The top one says: "Saving registry to c:\erdnt\hiv-backup.
The bottom progress bar shows 11 files being saved.

After this finishes the program then says: "scanning for infected files. ....this typically doesnt take more than 10 minutes. However, scan times for badly infected machines may easily double". The cursor flashes but nothing appears to happen

Edited by jt922554, 19 February 2011 - 01:56 PM.


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:15 PM

Posted 19 February 2011 - 02:36 PM

To be sure, please try the following.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users