Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirects plus


  • This topic is locked This topic is locked
20 replies to this topic

#1 Jimsy

Jimsy

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 13 February 2011 - 05:16 AM

Hi,
The computer is a laptop, maybe 2005 or so, running windows XP. It's been used mostly for media and recently I got it and noticed the browser was being redirected. Not sure how long its been an issue. A number of antivirus softwares were installed and turned up nothing, some other malware or adware softwares also turned up nothing. I've since deleted most of them, until I can get this problem fixed this computer won't be used by anyone. Reformatting is an option but I thought I would give this a try.

I wasn't able to complete running DSS. It started and I saw bars printing on the dos screen like it was working and the system basically freezes, I can move the mouse but I can't really click anything.

Not sure if I know anything else that will help. I appreciate any help.

I followed most of the steps from the prep guide, except the backup since there's nothing really worth saving on here but I still would like to hold off on reformatting and go through this process once. I've attached the GMER output.

Attached Files

  • Attached File  ark.txt   6.85KB   5 downloads


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:58 PM

Posted 14 February 2011 - 01:16 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Jimsy

Jimsy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 14 February 2011 - 06:08 PM

HIya ST,
I appreciate the help. i read through what you posted in the beginning and I think I can handle that. I do have one question, there was a "WARNING, One or more of the identified infections is a backdoor trojan and password stealer." Is that sent to everyone or where you able to tell that from my GMER?

TDSS found one malicious object.

2011/02/14 16:39:13.0484 2812 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/14 16:39:13.0674 2812 ================================================================================
2011/02/14 16:39:13.0674 2812 SystemInfo:
2011/02/14 16:39:13.0674 2812
2011/02/14 16:39:13.0674 2812 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/14 16:39:13.0674 2812 Product type: Workstation
2011/02/14 16:39:13.0674 2812 ComputerName: PROFESSI-A609F0
2011/02/14 16:39:13.0674 2812 UserName: Michael
2011/02/14 16:39:13.0674 2812 Windows directory: C:\WINDOWS
2011/02/14 16:39:13.0674 2812 System windows directory: C:\WINDOWS
2011/02/14 16:39:13.0674 2812 Processor architecture: Intel x86
2011/02/14 16:39:13.0674 2812 Number of processors: 1
2011/02/14 16:39:13.0674 2812 Page size: 0x1000
2011/02/14 16:39:13.0674 2812 Boot type: Normal boot
2011/02/14 16:39:13.0674 2812 ================================================================================
2011/02/14 16:39:13.0935 2812 Initialize success
2011/02/14 16:39:19.0062 3064 ================================================================================
2011/02/14 16:39:19.0062 3064 Scan started
2011/02/14 16:39:19.0062 3064 Mode: Manual;
2011/02/14 16:39:19.0062 3064 ================================================================================
2011/02/14 16:39:20.0804 3064 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/14 16:39:20.0895 3064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/02/14 16:39:21.0105 3064 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/02/14 16:39:21.0195 3064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/14 16:39:21.0325 3064 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/14 16:39:21.0455 3064 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/14 16:39:22.0136 3064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/14 16:39:22.0267 3064 atapi (fc56af71d60d28da4935fed2c47e98be) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/14 16:39:22.0267 3064 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys. Real md5: fc56af71d60d28da4935fed2c47e98be, Fake md5: 9f3a2f5aa6875c72bf062c712cfa2674
2011/02/14 16:39:22.0287 3064 atapi - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/14 16:39:22.0517 3064 ati2mtag (5719f857136ee618f6ec7a5ccd9fb7ab) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/02/14 16:39:22.0667 3064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/14 16:39:22.0807 3064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/14 16:39:22.0938 3064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/14 16:39:23.0048 3064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/14 16:39:23.0188 3064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/14 16:39:23.0318 3064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/14 16:39:23.0388 3064 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/14 16:39:23.0528 3064 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/14 16:39:23.0699 3064 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/14 16:39:23.0989 3064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/14 16:39:24.0089 3064 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/02/14 16:39:24.0159 3064 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/02/14 16:39:24.0209 3064 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/02/14 16:39:24.0289 3064 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/02/14 16:39:24.0470 3064 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/02/14 16:39:24.0520 3064 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/02/14 16:39:24.0590 3064 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/02/14 16:39:24.0640 3064 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/02/14 16:39:24.0670 3064 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/02/14 16:39:24.0700 3064 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/02/14 16:39:24.0970 3064 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/14 16:39:25.0151 3064 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/14 16:39:25.0331 3064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/14 16:39:25.0421 3064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/14 16:39:25.0541 3064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/14 16:39:25.0792 3064 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/02/14 16:39:25.0832 3064 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/02/14 16:39:25.0952 3064 E1000 (c42009e37e377ae55968768e521e05c3) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/02/14 16:39:26.0372 3064 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/02/14 16:39:26.0783 3064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/14 16:39:26.0823 3064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/14 16:39:26.0913 3064 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/14 16:39:27.0043 3064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/14 16:39:27.0124 3064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/14 16:39:27.0254 3064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/14 16:39:27.0364 3064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/14 16:39:27.0504 3064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/14 16:39:27.0614 3064 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/14 16:39:27.0945 3064 HSFHWICH (e7bcc7ec37dd2dd36a39bb9ac87a897b) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/02/14 16:39:28.0185 3064 HSF_DPV (822c60f2abee73a0e089230d94064f39) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/02/14 16:39:28.0596 3064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/14 16:39:28.0776 3064 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/14 16:39:29.0006 3064 IBMPMDRV (4dcfc1792be8fc092ab41eafa9d0fde5) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2011/02/14 16:39:29.0076 3064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/14 16:39:29.0187 3064 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/14 16:39:29.0287 3064 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/14 16:39:29.0367 3064 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/14 16:39:29.0707 3064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/14 16:39:30.0078 3064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/14 16:39:30.0268 3064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/14 16:39:30.0358 3064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/14 16:39:30.0468 3064 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/02/14 16:39:30.0629 3064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/14 16:39:30.0909 3064 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/14 16:39:31.0049 3064 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/14 16:39:31.0259 3064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/14 16:39:31.0470 3064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/14 16:39:31.0880 3064 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/02/14 16:39:32.0131 3064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/14 16:39:32.0321 3064 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/14 16:39:32.0611 3064 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/14 16:39:32.0892 3064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/14 16:39:33.0122 3064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/14 16:39:33.0613 3064 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/14 16:39:34.0684 3064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/14 16:39:35.0235 3064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/14 16:39:35.0405 3064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/14 16:39:35.0516 3064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/14 16:39:35.0856 3064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/14 16:39:35.0956 3064 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/14 16:39:36.0197 3064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/14 16:39:37.0158 3064 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/14 16:39:37.0208 3064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/14 16:39:37.0278 3064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/14 16:39:37.0338 3064 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/14 16:39:37.0478 3064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/14 16:39:37.0779 3064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/14 16:39:38.0300 3064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/14 16:39:39.0301 3064 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2011/02/14 16:39:39.0932 3064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/14 16:39:40.0443 3064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/14 16:39:41.0014 3064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/14 16:39:41.0204 3064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/14 16:39:41.0424 3064 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/14 16:39:41.0494 3064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/14 16:39:41.0795 3064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/14 16:39:41.0915 3064 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/14 16:39:42.0025 3064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/02/14 16:39:42.0105 3064 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/02/14 16:39:42.0345 3064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/14 16:39:42.0456 3064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/14 16:39:42.0546 3064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/14 16:39:42.0606 3064 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/14 16:39:43.0307 3064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/14 16:39:43.0537 3064 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/02/14 16:39:43.0707 3064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/14 16:39:43.0747 3064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/14 16:39:43.0808 3064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/14 16:39:43.0898 3064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/14 16:39:44.0148 3064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/14 16:39:44.0368 3064 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/14 16:39:44.0418 3064 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/14 16:39:44.0539 3064 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/14 16:39:44.0729 3064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/14 16:39:44.0799 3064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/14 16:39:44.0869 3064 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/14 16:39:45.0149 3064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/14 16:39:45.0730 3064 smwdm (9b8aeed0dc8198efb83d06baf2fab2e2) C:\WINDOWS\system32\drivers\smwdm.sys
2011/02/14 16:39:46.0011 3064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/14 16:39:46.0111 3064 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/14 16:39:46.0261 3064 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/14 16:39:46.0361 3064 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/02/14 16:39:46.0572 3064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/14 16:39:46.0882 3064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/14 16:39:47.0733 3064 SynTP (1cde0a5c0416187b9b89e03980c6e8de) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/02/14 16:39:47.0823 3064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/14 16:39:47.0933 3064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/14 16:39:48.0024 3064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/14 16:39:48.0374 3064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/14 16:39:48.0404 3064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/14 16:39:48.0524 3064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/14 16:39:48.0915 3064 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/02/14 16:39:49.0346 3064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/14 16:39:49.0466 3064 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/14 16:39:49.0526 3064 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/14 16:39:49.0596 3064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/14 16:39:49.0656 3064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/14 16:39:49.0736 3064 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/14 16:39:49.0896 3064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/14 16:39:50.0287 3064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/14 16:39:50.0377 3064 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/14 16:39:50.0978 3064 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/02/14 16:39:51.0358 3064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/14 16:39:51.0609 3064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/14 16:39:52.0220 3064 winachsf (5ea185425bfcbc2d4b96d673d8c4deaf) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/02/14 16:39:52.0800 3064 ================================================================================
2011/02/14 16:39:52.0800 3064 Scan finished
2011/02/14 16:39:52.0800 3064 ================================================================================
2011/02/14 16:39:52.0810 3936 Detected object count: 1
2011/02/14 16:40:19.0569 3936 atapi (fc56af71d60d28da4935fed2c47e98be) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/14 16:40:19.0569 3936 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys. Real md5: fc56af71d60d28da4935fed2c47e98be, Fake md5: 9f3a2f5aa6875c72bf062c712cfa2674
2011/02/14 16:40:37.0725 3936 Backup copy found, using it..
2011/02/14 16:40:37.0765 3936 C:\WINDOWS\system32\DRIVERS\atapi.sys - will be cured after reboot
2011/02/14 16:40:37.0765 3936 Rootkit.Win32.TDSS.tdl3(atapi) - User select action: Cure
2011/02/14 16:40:56.0903 2804 Deinitialize success

OTL.txt

OTL logfile created on: 2/14/2011 4:46:05 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Michael\Desktop\virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 730.00 Mb Available Physical Memory | 71.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 26.30 Gb Free Space | 70.60% Space Free | Partition Type: NTFS
Drive E: | 500.00 Mb Total Space | 228.45 Mb Free Space | 45.69% Space Free | Partition Type: FAT

Computer Name: PROFESSI-A609F0 | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/14 16:36:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\virus\OTL.exe
PRC - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/24 13:43:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/02/14 16:36:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\virus\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/08/24 13:43:54 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - [2010/06/19 19:19:09 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/09/28 21:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/24 13:43:54 | 000,024,872 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2008/04/13 12:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/07 14:36:16 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/06/18 16:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 16:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 16:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 16:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 16:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 16:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 16:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 16:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 01:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/06 23:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/25 15:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/01/25 15:26:36 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/01/25 15:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/06/24 14:16:30 | 000,265,744 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-1993962763-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.aol.com/ [binary data]
IE - HKU\S-1-5-21-1409082233-1993962763-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011/02/06 02:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins

[2011/02/06 02:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2011/02/06 02:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\v31a7nqp.default\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHAEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\V31A7NQP.DEFAULT\EXTENSIONS\SUPPORT@LASTPASS.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHAEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\V31A7NQP.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2011/02/06 03:02:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/06 03:03:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 10\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/10/30 12:41:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2010/12/24 19:48:57 | 000,428,313 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14748 more lines...
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] File not found
O4 - HKLM..\Run: [SynTPEnh] File not found
O4 - HKLM..\Run: [SynTPLpr] File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256934665189 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools.webex.com/client/T27L10NSP11EP5/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/29 19:18:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d5632e00-09d5-11df-8301-000e359816b0}\Shell - "" = AutoRun
O33 - MountPoints2\{d5632e00-09d5-11df-8301-000e359816b0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d5632e00-09d5-11df-8301-000e359816b0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/14 16:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\virus
[2011/02/13 02:37:16 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/02/13 01:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/02/06 12:46:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/06 12:31:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/06 12:31:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/06 12:31:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/06 12:31:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/06 12:30:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/06 12:29:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/06 12:25:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/02/06 03:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/06 03:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/06 03:03:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/06 03:03:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/06 03:03:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/06 03:03:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/06 03:03:11 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/06 03:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/02/06 03:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Sun
[2011/02/06 02:57:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/06 02:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/06 02:57:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/06 02:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\nUI
[2011/02/06 02:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Notepad++
[2011/02/06 02:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2011/02/06 02:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2011/02/06 02:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Notepad++
[2011/02/06 02:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\LastPass
[2011/02/06 02:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla
[2011/02/06 02:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Mozilla
[2011/02/06 02:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10
[2011/02/06 02:43:13 | 011,828,768 | ---- | C] (Mozilla) -- C:\Documents and Settings\Michael\My Documents\Firefox Setup 4.0 Beta 10.exe
[2011/02/05 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/02/05 04:04:19 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2011/02/05 04:04:19 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2011/02/05 04:04:18 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2011/02/05 04:04:17 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2011/02/05 04:04:16 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2011/02/05 04:04:16 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2011/02/05 04:04:15 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2011/02/05 04:04:14 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2011/02/05 04:04:11 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2011/02/05 04:04:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2011/02/05 04:04:10 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2011/02/05 04:04:09 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2011/02/05 00:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/02/05 00:10:38 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2011/02/05 00:10:38 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2011/02/05 00:10:38 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2011/02/05 00:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/02/04 23:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Media Player Classic
[2011/02/04 23:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Player Classic - Home Cinema
[2011/02/04 23:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic - Home Cinema
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/14 16:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/02/14 16:42:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/14 16:42:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/14 16:31:55 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8D50A92B-98B7-41DC-B06F-37B505851455}.job
[2011/02/13 03:53:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1993962763-839522115-1003UA.job
[2011/02/13 03:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/02/13 02:51:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/02/13 02:18:38 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2011/02/13 01:57:44 | 001,017,896 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Deckards system scanner.exe
[2011/02/13 01:55:34 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/13 01:55:08 | 006,563,298 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\aedtools.zip
[2011/02/13 01:54:19 | 020,364,702 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\vlc-1.1.7-win32.exe
[2011/02/13 01:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/02/13 01:47:13 | 000,523,042 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\ffdshow-20020617-src.zip
[2011/02/12 19:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/02/06 21:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/02/06 20:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/02/06 18:47:59 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/02/06 13:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/02/06 12:46:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/02/06 05:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/02/06 04:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/02/06 03:02:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/06 03:02:32 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/06 03:02:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/06 03:02:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/06 03:02:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/06 02:57:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/06 02:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/02/06 02:46:54 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad++.lnk
[2011/02/06 02:44:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/02/06 02:44:27 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 10.lnk
[2011/02/06 02:44:27 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 4.0 Beta 10.lnk
[2011/02/06 02:43:34 | 011,828,768 | ---- | M] (Mozilla) -- C:\Documents and Settings\Michael\My Documents\Firefox Setup 4.0 Beta 10.exe
[2011/02/05 22:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/02/04 23:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/02/04 23:01:11 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Media Player Classic - Home Cinema.lnk
[2011/01/28 02:00:00 | 000,080,896 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/28 02:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/13 02:51:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/02/13 01:57:28 | 001,017,896 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Deckards system scanner.exe
[2011/02/13 01:55:34 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/13 01:55:08 | 006,563,298 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\aedtools.zip
[2011/02/13 01:54:13 | 020,364,702 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\vlc-1.1.7-win32.exe
[2011/02/13 01:47:11 | 000,523,042 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\ffdshow-20020617-src.zip
[2011/02/06 12:46:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/02/06 12:46:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/06 12:31:14 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/06 12:31:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/06 12:31:14 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/06 12:31:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/06 12:31:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/06 02:57:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/06 02:47:19 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad++.lnk
[2011/02/06 02:44:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/06 02:44:27 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 10.lnk
[2011/02/06 02:44:27 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 4.0 Beta 10.lnk
[2011/02/06 02:44:25 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox 4.0 Beta 10.lnk
[2011/02/05 00:10:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/05 00:10:42 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/02/05 00:10:38 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2011/02/05 00:10:37 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/05 00:10:37 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/05 00:10:36 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/04 23:01:11 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Media Player Classic - Home Cinema.lnk
[2010/08/08 21:00:54 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/06/22 13:59:22 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\rindar.sys
[2010/04/30 16:48:47 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wJtM045j.dat
[2010/04/30 15:46:08 | 000,000,440 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/02 19:53:36 | 000,010,278 | -HS- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\8Cq4r
[2010/04/02 19:53:36 | 000,010,278 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8Cq4r
[2009/10/29 20:25:40 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/10/29 19:26:55 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/10/29 19:26:54 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/10/29 19:26:39 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/10/29 19:26:38 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/10/29 19:26:37 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/10/29 19:22:34 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/10/29 19:22:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/29 13:06:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/06/24 14:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

< End of report >

Extras.txt

OTL Extras logfile created on: 2/14/2011 4:46:05 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Michael\Desktop\virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 730.00 Mb Available Physical Memory | 71.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 26.30 Gb Free Space | 70.60% Space Free | Partition Type: NTFS
Drive E: | 500.00 Mb Total Space | 228.45 Mb Free Space | 45.69% Space Free | Partition Type: FAT

Computer Name: PROFESSI-A609F0 | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1409082233-1993962763-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\InterVideo\DVD8\WinDVD.exe" = C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.0.2827
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"7-Zip" = 7-Zip 4.65
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"ie8" = Windows Internet Explorer 8
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.9.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0b10 (x86 en-US)" = Mozilla Firefox 4.0b10 (x86 en-US)
"Notepad++" = Notepad++
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"thinkorswim" = thinkorswim
"Unlocker" = Unlocker 1.8.8
"VLC media player" = VLC media player 1.1.7
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2011 4:36:51 AM | Computer Name = PROFESSI-A609F0 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/6/2011 4:36:51 AM | Computer Name = PROFESSI-A609F0 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/6/2011 4:36:51 AM | Computer Name = PROFESSI-A609F0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/6/2011 4:36:51 AM | Computer Name = PROFESSI-A609F0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/6/2011 4:36:51 AM | Computer Name = PROFESSI-A609F0 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/6/2011 4:36:51 AM | Computer Name = PROFESSI-A609F0 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/6/2011 4:36:51 AM | Computer Name = PROFESSI-A609F0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/6/2011 4:53:21 AM | Computer Name = PROFESSI-A609F0 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 2/12/2011 10:03:30 PM | Computer Name = PROFESSI-A609F0 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 2/13/2011 5:39:02 AM | Computer Name = PROFESSI-A609F0 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10c.ocx, version 10.0.32.18, fault address 0x0023fa1a.

[ System Events ]
Error - 2/13/2011 5:48:00 AM | Computer Name = PROFESSI-A609F0 | Source = Schedule | ID = 7901
Description = The At4.job command failed to start due to the following error: %%2147942402

Error - 2/14/2011 6:29:35 PM | Computer Name = PROFESSI-A609F0 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2/14/2011 6:29:35 PM | Computer Name = PROFESSI-A609F0 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2/14/2011 6:31:32 PM | Computer Name = PROFESSI-A609F0 | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 2/14/2011 6:31:32 PM | Computer Name = PROFESSI-A609F0 | Source = Service Control Manager | ID = 7000
Description = The k service failed to start due to the following error: %%2

Error - 2/14/2011 6:42:38 PM | Computer Name = PROFESSI-A609F0 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 2/14/2011 6:42:52 PM | Computer Name = PROFESSI-A609F0 | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 2/14/2011 6:42:52 PM | Computer Name = PROFESSI-A609F0 | Source = Service Control Manager | ID = 7000
Description = The k service failed to start due to the following error: %%2

Error - 2/14/2011 6:42:55 PM | Computer Name = PROFESSI-A609F0 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 2/14/2011 6:48:00 PM | Computer Name = PROFESSI-A609F0 | Source = Schedule | ID = 7901
Description = The At17.job command failed to start due to the following error: %%2147942402


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:58 PM

Posted 15 February 2011 - 05:18 PM

Hello Jimsy,

I do have one question, there was a "WARNING, One or more of the identified infections is a backdoor trojan and password stealer." Is that sent to everyone or where you able to tell that from my GMER?

No, that is not something that is I provide to all the users I assist, unless they are infact infected with a Backdoor Trojan.

I was able to spot right away from your GMER log that you were infected with a TDL3 infection.

The snippet below from the TDSSKiller log shows that the TDL3 infection was removed.

2011/02/14 16:39:52.0810 3936 Detected object count: 1
2011/02/14 16:40:19.0569 3936 atapi (fc56af71d60d28da4935fed2c47e98be) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/14 16:40:19.0569 3936 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys. Real md5: fc56af71d60d28da4935fed2c47e98be, Fake md5: 9f3a2f5aa6875c72bf062c712cfa2674
2011/02/14 16:40:37.0725 3936 Backup copy found, using it..
2011/02/14 16:40:37.0765 3936 C:\WINDOWS\system32\DRIVERS\atapi.sys - will be cured after reboot
2011/02/14 16:40:37.0765 3936 Rootkit.Win32.TDSS.tdl3(atapi) - User select action: Cure
2011/02/14 16:40:56.0903 2804 Deinitialize success




STEP 1.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
    SRV - File not found [Auto | Stopped] -- -- (6to4)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [RoxioDragToDisc] File not found
    O4 - HKLM..\Run: [SynTPEnh] File not found
    O4 - HKLM..\Run: [SynTPLpr] File not found
    O33 - MountPoints2\{d5632e00-09d5-11df-8301-000e359816b0}\Shell - "" = AutoRun
    O33 - MountPoints2\{d5632e00-09d5-11df-8301-000e359816b0}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d5632e00-09d5-11df-8301-000e359816b0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2011/02/14 16:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2011/02/13 01:57:44 | 001,017,896 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Deckards system scanner.exe
    [2011/02/13 01:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    
    :Reg
    
    :Files
    C:\WINDOWS\tasks\At*.job
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


STEP 2.


Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log.
3. ComboFix log.
4. An update on how your computer is currently running.


It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Edited by SweetTech, 15 February 2011 - 05:19 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Jimsy

Jimsy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 17 February 2011 - 12:09 AM

1.
I had some problems with Combofix. Before Combofix even started running I received a prompt that said AVG 2011 was detected and running. I am 99% sure that it is not even installed. I ran AppRemover just in case and it only detected Malwarebytes which I uninstalled. Combofix stalled and I was sure not to click the mouse while it was running.
I changed a few passwords already but is there anyway to know what the rootkit was used for? like if it just did redirects or could it have sent any passwords I entered in webbrowsers or anywhere else on the system? Maybe any idea how it got there in the first place? And i guess if you could recommend the best tools to keep installed for when my parents get the computer back.
2.
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service PEVSystemStart stopped successfully!
Service PEVSystemStart deleted successfully!
Service 6to4 stopped successfully!
Service 6to4 deleted successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RoxioDragToDisc deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SynTPEnh deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SynTPLpr deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5632e00-09d5-11df-8301-000e359816b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5632e00-09d5-11df-8301-000e359816b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5632e00-09d5-11df-8301-000e359816b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5632e00-09d5-11df-8301-000e359816b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5632e00-09d5-11df-8301-000e359816b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5632e00-09d5-11df-8301-000e359816b0}\ not found.
File E:\LaunchU3.exe -a not found.
C:\WINDOWS\003105_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\Documents and Settings\Michael\My Documents\Deckards system scanner.exe moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: A device attached to the system is not functioning.

Please contact Microsoft Product Support Services for further help.
Additional information: Unknown media status code.
C:\Documents and Settings\Michael\Desktop\virus\cmd.bat deleted successfully.
C:\Documents and Settings\Michael\Desktop\virus\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 30416827 bytes
->Flash cache emptied: 80884 bytes

User: Michael
->Temp folder emptied: 250748536 bytes
->Temporary Internet Files folder emptied: 1584217594 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 65870705 bytes
->Google Chrome cache emptied: 266988027 bytes
->Flash cache emptied: 8854 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 257836005 bytes
->Flash cache emptied: 87283 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7792169 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23956538 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 327814 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,373.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: Michael
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02152011_164837

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_1dc.dat moved successfully.

Registry entries deleted on Reboot...

3.
Combofix didn't complete running.

4.
I've done limited surfing since starting the process and the system has been good. I haven't noticed any redirects. So overall I'd say things have worked really well so I'm pretty happy already.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:58 PM

Posted 17 February 2011 - 04:50 PM

Hello Jimsy,

I had some problems with Combofix. Before Combofix even started running I received a prompt that said AVG 2011 was detected and running. I am 99% sure that it is not even installed. I ran AppRemover just in case and it only detected Malwarebytes which I uninstalled. Combofix stalled and I was sure not to click the mouse while it was running.

It sounds like their are some remedies of AVG 2011 on your computer. We will try something a little later in this post.

I changed a few passwords already but is there anyway to know what the rootkit was used for? like if it just did redirects or could it have sent any passwords I entered in webbrowsers or anywhere else on the system?

This is a difficult question to answer, it was the contributing factor for the redirects you were experiencing. I'd change all my passwords on a clean computer.

Maybe any idea how it got there in the first place?

Another difficult question to answer but some of the most common ways for it to get on your computer is through a malicious pop-up, malicious website, etc.

And i guess if you could recommend the best tools to keep installed for when my parents get the computer back.

This is something that will be covered in my all clean speech.


Please try to run this tool, and then give ComboFix another try:

AVG Removal Tool

Download and save AVG Removal Tool to your desktop

Run it to remove AVG. After this, please restart your computer.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Jimsy

Jimsy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 17 February 2011 - 06:07 PM

Hiya ST,

I ran avgremover and there is a log, not sure if you wanted to see that. It didn't tell me to restart or give any other messages but I restarted anyways. I ran Combofix after and the same message about detecting AVG security suite 2011 still showed up and Combofix stalled again while running. The log from avgremover is included,

2011-02-17 22:39:38,865 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2011-02-17 22:39:38,865 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2011-02-17 22:39:38,865 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2011-02-17 22:39:38,865 WARN AvgDir param empty.
2011-02-17 22:39:38,865 WARN AvgDataDir param empty.
2011-02-17 22:39:41,889 INFO AvgRemover runs in attempt number 1
2011-02-17 22:39:41,889 INFO ***** Services *****
2011-02-17 22:39:41,889 INFO Processing service avg8emc
2011-02-17 22:39:41,899 INFO Service avg8emc is not installed
2011-02-17 22:39:41,899 DEBUG Service avg8emc RegCleanup
2011-02-17 22:39:41,899 DEBUG Registry keys for service avg8emc are not present
2011-02-17 22:39:41,899 INFO Processing service avgfws8
2011-02-17 22:39:41,899 INFO Service avgfws8 is not installed
2011-02-17 22:39:41,899 DEBUG Service avgfws8 RegCleanup
2011-02-17 22:39:41,899 DEBUG Registry keys for service avgfws8 are not present
2011-02-17 22:39:41,899 INFO Processing service avg8wd
2011-02-17 22:39:41,899 INFO Service avg8wd is not installed
2011-02-17 22:39:41,899 DEBUG Service avg8wd RegCleanup
2011-02-17 22:39:41,899 DEBUG Registry keys for service avg8wd are not present
2011-02-17 22:39:41,899 INFO Processing service AvgWFPx
2011-02-17 22:39:41,899 INFO Service AvgWFPx is not installed
2011-02-17 22:39:41,899 DEBUG Service AvgWFPx RegCleanup
2011-02-17 22:39:41,899 DEBUG Registry keys for service AvgWFPx are not present
2011-02-17 22:39:41,899 INFO Processing service AvgWFPa
2011-02-17 22:39:41,909 INFO Service AvgWFPa is not installed
2011-02-17 22:39:41,909 DEBUG Service AvgWFPa RegCleanup
2011-02-17 22:39:41,909 DEBUG Registry keys for service AvgWFPa are not present
2011-02-17 22:39:41,909 INFO Processing service AvgMfx86
2011-02-17 22:39:41,909 INFO Service AvgMfx86 is not installed
2011-02-17 22:39:41,909 DEBUG Service AvgMfx86 RegCleanup
2011-02-17 22:39:41,909 DEBUG Registry keys for service AvgMfx86 are not present
2011-02-17 22:39:41,909 INFO Processing service AvgMfx64
2011-02-17 22:39:41,909 INFO Service AvgMfx64 is not installed
2011-02-17 22:39:41,909 DEBUG Service AvgMfx64 RegCleanup
2011-02-17 22:39:41,909 DEBUG Registry keys for service AvgMfx64 are not present
2011-02-17 22:39:41,909 INFO Processing service AvgLdx86
2011-02-17 22:39:41,909 INFO Service AvgLdx86 is not installed
2011-02-17 22:39:41,909 DEBUG Service AvgLdx86 RegCleanup
2011-02-17 22:39:41,909 DEBUG Registry keys for service AvgLdx86 are not present
2011-02-17 22:39:41,909 INFO Processing service AvgLdx64
2011-02-17 22:39:41,909 INFO Service AvgLdx64 is not installed
2011-02-17 22:39:41,909 DEBUG Service AvgLdx64 RegCleanup
2011-02-17 22:39:41,909 DEBUG Registry keys for service AvgLdx64 are not present
2011-02-17 22:39:41,909 INFO Processing service AvgTdiX
2011-02-17 22:39:41,909 INFO Service AvgTdiX is not installed
2011-02-17 22:39:41,909 DEBUG Service AvgTdiX RegCleanup
2011-02-17 22:39:41,909 DEBUG Registry keys for service AvgTdiX are not present
2011-02-17 22:39:41,909 INFO Processing service AvgTdiA
2011-02-17 22:39:41,909 INFO Service AvgTdiA is not installed
2011-02-17 22:39:41,909 DEBUG Service AvgTdiA RegCleanup
2011-02-17 22:39:41,909 DEBUG Registry keys for service AvgTdiA are not present
2011-02-17 22:39:41,909 INFO Processing service AvgRkx86
2011-02-17 22:39:41,909 INFO Service AvgRkx86 is not installed
2011-02-17 22:39:41,909 DEBUG Service AvgRkx86 RegCleanup
2011-02-17 22:39:41,909 DEBUG Registry keys for service AvgRkx86 are not present
2011-02-17 22:39:41,909 INFO Processing service AvgRkx64
2011-02-17 22:39:41,919 INFO Service AvgRkx64 is not installed
2011-02-17 22:39:41,919 DEBUG Service AvgRkx64 RegCleanup
2011-02-17 22:39:41,919 DEBUG Registry keys for service AvgRkx64 are not present
2011-02-17 22:39:41,919 INFO Processing service avg9emc
2011-02-17 22:39:41,919 INFO Service avg9emc is not installed
2011-02-17 22:39:41,919 DEBUG Service avg9emc RegCleanup
2011-02-17 22:39:41,919 DEBUG Registry keys for service avg9emc are not present
2011-02-17 22:39:41,919 INFO Processing service avgfws9
2011-02-17 22:39:41,919 INFO Service avgfws9 is not installed
2011-02-17 22:39:41,919 DEBUG Service avgfws9 RegCleanup
2011-02-17 22:39:41,919 DEBUG Registry keys for service avgfws9 are not present
2011-02-17 22:39:41,919 INFO Processing service avg9wd
2011-02-17 22:39:41,919 INFO Service avg9wd is not installed
2011-02-17 22:39:41,919 DEBUG Service avg9wd RegCleanup
2011-02-17 22:39:41,919 DEBUG Registry keys for service avg9wd are not present
2011-02-17 22:39:41,919 INFO Processing service AVGIDSAgent
2011-02-17 22:39:41,919 INFO Service AVGIDSAgent is not installed
2011-02-17 22:39:41,919 DEBUG Service AVGIDSAgent RegCleanup
2011-02-17 22:39:41,919 DEBUG Registry keys for service AVGIDSAgent are not present
2011-02-17 22:39:41,919 INFO Processing service AVGIDSShimxpx
2011-02-17 22:39:41,919 INFO Service AVGIDSShimxpx is not installed
2011-02-17 22:39:41,919 DEBUG Service AVGIDSShimxpx RegCleanup
2011-02-17 22:39:41,919 DEBUG Registry keys for service AVGIDSShimxpx are not present
2011-02-17 22:39:41,919 INFO Processing service AVGIDSFilterxpx
2011-02-17 22:39:41,919 INFO Service AVGIDSFilterxpx is not installed
2011-02-17 22:39:41,919 DEBUG Service AVGIDSFilterxpx RegCleanup
2011-02-17 22:39:41,919 DEBUG Registry keys for service AVGIDSFilterxpx are not present
2011-02-17 22:39:41,919 INFO Processing service AVGIDSDriverxpx
2011-02-17 22:39:41,919 INFO Service AVGIDSDriverxpx is not installed
2011-02-17 22:39:41,919 DEBUG Service AVGIDSDriverxpx RegCleanup
2011-02-17 22:39:41,929 DEBUG Registry keys for service AVGIDSDriverxpx are not present
2011-02-17 22:39:41,929 INFO Processing service AVGIDSShimvtx
2011-02-17 22:39:41,929 INFO Service AVGIDSShimvtx is not installed
2011-02-17 22:39:41,929 DEBUG Service AVGIDSShimvtx RegCleanup
2011-02-17 22:39:41,929 DEBUG Registry keys for service AVGIDSShimvtx are not present
2011-02-17 22:39:41,929 INFO Processing service AVGIDSFiltervtx
2011-02-17 22:39:41,929 INFO Service AVGIDSFiltervtx is not installed
2011-02-17 22:39:41,929 DEBUG Service AVGIDSFiltervtx RegCleanup
2011-02-17 22:39:41,929 DEBUG Registry keys for service AVGIDSFiltervtx are not present
2011-02-17 22:39:41,929 INFO Processing service AVGIDSDrivervtx
2011-02-17 22:39:41,929 INFO Service AVGIDSDrivervtx is not installed
2011-02-17 22:39:41,929 DEBUG Service AVGIDSDrivervtx RegCleanup
2011-02-17 22:39:41,929 DEBUG Registry keys for service AVGIDSDrivervtx are not present
2011-02-17 22:39:41,929 INFO Processing service AVGIDSFiltervta
2011-02-17 22:39:41,929 INFO Service AVGIDSFiltervta is not installed
2011-02-17 22:39:41,929 DEBUG Service AVGIDSFiltervta RegCleanup
2011-02-17 22:39:41,929 DEBUG Registry keys for service AVGIDSFiltervta are not present
2011-02-17 22:39:41,929 INFO Processing service AVGIDSDrivervta
2011-02-17 22:39:41,929 INFO Service AVGIDSDrivervta is not installed
2011-02-17 22:39:41,929 DEBUG Service AVGIDSDrivervta RegCleanup
2011-02-17 22:39:41,929 DEBUG Registry keys for service AVGIDSDrivervta are not present
2011-02-17 22:39:41,929 INFO Processing service AVGIDSShimw7x
2011-02-17 22:39:41,929 INFO Service AVGIDSShimw7x is not installed
2011-02-17 22:39:41,929 DEBUG Service AVGIDSShimw7x RegCleanup
2011-02-17 22:39:41,929 DEBUG Registry keys for service AVGIDSShimw7x are not present
2011-02-17 22:39:41,929 INFO Processing service AVGIDSFilterw7x
2011-02-17 22:39:41,929 INFO Service AVGIDSFilterw7x is not installed
2011-02-17 22:39:41,929 DEBUG Service AVGIDSFilterw7x RegCleanup
2011-02-17 22:39:41,929 DEBUG Registry keys for service AVGIDSFilterw7x are not present
2011-02-17 22:39:41,929 INFO Processing service AVGIDSDriverw7x
2011-02-17 22:39:41,939 INFO Service AVGIDSDriverw7x is not installed
2011-02-17 22:39:41,939 DEBUG Service AVGIDSDriverw7x RegCleanup
2011-02-17 22:39:41,939 DEBUG Registry keys for service AVGIDSDriverw7x are not present
2011-02-17 22:39:41,939 INFO Processing service AVGIDSFilterw7a
2011-02-17 22:39:41,939 INFO Service AVGIDSFilterw7a is not installed
2011-02-17 22:39:41,939 DEBUG Service AVGIDSFilterw7a RegCleanup
2011-02-17 22:39:41,939 DEBUG Registry keys for service AVGIDSFilterw7a are not present
2011-02-17 22:39:41,939 INFO Processing service AVGIDSDriverw7a
2011-02-17 22:39:41,939 INFO Service AVGIDSDriverw7a is not installed
2011-02-17 22:39:41,939 DEBUG Service AVGIDSDriverw7a RegCleanup
2011-02-17 22:39:41,939 DEBUG Registry keys for service AVGIDSDriverw7a are not present
2011-02-17 22:39:41,939 INFO Processing service AVGIDSErHrxpx
2011-02-17 22:39:41,939 INFO Service AVGIDSErHrxpx is not installed
2011-02-17 22:39:41,939 DEBUG Service AVGIDSErHrxpx RegCleanup
2011-02-17 22:39:41,939 DEBUG Registry keys for service AVGIDSErHrxpx are not present
2011-02-17 22:39:41,939 INFO Processing service AVGIDSErHrvtx
2011-02-17 22:39:41,939 INFO Service AVGIDSErHrvtx is not installed
2011-02-17 22:39:41,939 DEBUG Service AVGIDSErHrvtx RegCleanup
2011-02-17 22:39:41,939 DEBUG Registry keys for service AVGIDSErHrvtx are not present
2011-02-17 22:39:41,939 INFO Processing service AVGIDSErHrvta
2011-02-17 22:39:41,939 INFO Service AVGIDSErHrvta is not installed
2011-02-17 22:39:41,939 DEBUG Service AVGIDSErHrvta RegCleanup
2011-02-17 22:39:41,939 DEBUG Registry keys for service AVGIDSErHrvta are not present
2011-02-17 22:39:41,939 INFO Processing service AVGIDSErHrw7x
2011-02-17 22:39:41,939 INFO Service AVGIDSErHrw7x is not installed
2011-02-17 22:39:41,939 DEBUG Service AVGIDSErHrw7x RegCleanup
2011-02-17 22:39:41,939 DEBUG Registry keys for service AVGIDSErHrw7x are not present
2011-02-17 22:39:41,939 INFO Processing service AVGIDSErHrw7a
2011-02-17 22:39:41,949 INFO Service AVGIDSErHrw7a is not installed
2011-02-17 22:39:41,949 DEBUG Service AVGIDSErHrw7a RegCleanup
2011-02-17 22:39:41,949 DEBUG Registry keys for service AVGIDSErHrw7a are not present
2011-02-17 22:39:41,949 INFO ***** Registry keys and values *****
2011-02-17 22:39:41,949 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2011-02-17 22:39:41,949 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
2011-02-17 22:39:41,949 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} is not present
2011-02-17 22:39:41,949 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2011-02-17 22:39:41,949 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
2011-02-17 22:39:41,949 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present
2011-02-17 22:39:41,949 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt
2011-02-17 22:39:41,949 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove
2011-02-17 22:39:41,949 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found
2011-02-17 22:39:41,949 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt
2011-02-17 22:39:41,949 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt ForceRemove
2011-02-17 22:39:41,949 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt not found
2011-02-17 22:39:41,949 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms
2011-02-17 22:39:41,949 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove
2011-02-17 22:39:41,949 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found
2011-02-17 22:39:41,949 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2011-02-17 22:39:41,949 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2011-02-17 22:39:41,949 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2011-02-17 22:39:41,949 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2011-02-17 22:39:41,949 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2011-02-17 22:39:41,949 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2011-02-17 22:39:41,949 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
2011-02-17 22:39:41,949 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
2011-02-17 22:39:41,949 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
2011-02-17 22:39:41,949 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-02-17 22:39:41,949 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-02-17 22:39:41,949 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-02-17 22:39:41,949 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar
2011-02-17 22:39:41,949 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2011-02-17 22:39:41,949 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2011-02-17 22:39:41,949 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-02-17 22:39:41,949 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-02-17 22:39:41,949 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-02-17 22:39:41,949 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2011-02-17 22:39:41,949 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove
2011-02-17 22:39:41,949 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension not present - Key not found
2011-02-17 22:39:41,949 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2011-02-17 22:39:41,949 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
2011-02-17 22:39:41,949 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension not present - Key not found
2011-02-17 22:39:41,949 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2011-02-17 22:39:41,959 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
2011-02-17 22:39:41,959 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs doesn't need to be modified
2011-02-17 22:39:41,959 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2011-02-17 22:39:41,959 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2011-02-17 22:39:41,959 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2011-02-17 22:39:41,959 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2011-02-17 22:39:41,959 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2011-02-17 22:39:41,959 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2011-02-17 22:39:41,959 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2011-02-17 22:39:41,959 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2011-02-17 22:39:41,959 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2011-02-17 22:39:41,959 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2011-02-17 22:39:41,959 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2011-02-17 22:39:41,959 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2011-02-17 22:39:41,959 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2011-02-17 22:39:41,959 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove
2011-02-17 22:39:41,959 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present
2011-02-17 22:39:41,959 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2011-02-17 22:39:41,959 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY Remove
2011-02-17 22:39:41,959 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY is not present
2011-02-17 22:39:41,959 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall
2011-02-17 22:39:41,959 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove
2011-02-17 22:39:41,959 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found
2011-02-17 22:39:41,959 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall
2011-02-17 22:39:41,959 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall ForceRemove
2011-02-17 22:39:41,959 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall not found
2011-02-17 22:39:41,959 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall
2011-02-17 22:39:41,959 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall ForceRemove
2011-02-17 22:39:41,959 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall not found
2011-02-17 22:39:41,959 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2011-02-17 22:39:41,959 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2011-02-17 22:39:41,959 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2011-02-17 22:39:41,959 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2011-02-17 22:39:41,959 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2011-02-17 22:39:41,959 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2011-02-17 22:39:41,959 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2011-02-17 22:39:41,959 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2011-02-17 22:39:41,959 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2011-02-17 22:39:41,959 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2011-02-17 22:39:41,959 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2011-02-17 22:39:41,959 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2011-02-17 22:39:41,959 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\Classes\.avgdi
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\Classes\.avgdi not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\AVG\Clients
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG\Clients ForceRemove
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG\Clients not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\AVG\AVG8
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG\AVG8 not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\AVG\AVG9
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG\AVG9 not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\AVG\AVG IDS
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG\AVG IDS ForceRemove
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG\AVG IDS not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\AVG
2011-02-17 22:39:41,969 DEBUG Value SOFTWARE\AVG:DumpType Remove
2011-02-17 22:39:41,969 DEBUG Value SOFTWARE\AVG:DumpType not present - Key not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\AVG
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG Remove
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\AVG Security Toolbar
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG Security Toolbar not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\AVG\AVG8
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG\AVG8 not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\AVG\AVG9
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG\AVG9 not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\AVG
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG Remove
2011-02-17 22:39:41,969 WARN Deleting key SOFTWARE\AVG failed (error e0010058), key is not empty
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\AVG Security Toolbar
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\AVG Security Toolbar not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
2011-02-17 22:39:41,969 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} Remove
2011-02-17 22:39:41,969 INFO Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} is not present
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-02-17 22:39:41,969 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser
2011-02-17 22:39:41,969 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2011-02-17 22:39:41,969 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2011-02-17 22:39:41,969 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-02-17 22:39:41,979 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-02-17 22:39:41,979 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-02-17 22:39:41,979 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2011-02-17 22:39:41,979 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2011-02-17 22:39:41,979 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2011-02-17 22:39:41,979 INFO Processing registry aAvgAPI.AvgBro
2011-02-17 22:39:41,979 DEBUG Key aAvgAPI.AvgBro ForceRemove
2011-02-17 22:39:41,979 DEBUG Key aAvgAPI.AvgBro not found
2011-02-17 22:39:41,979 INFO Processing registry AVG.Office
2011-02-17 22:39:41,979 DEBUG Key AVG.Office ForceRemove
2011-02-17 22:39:41,979 DEBUG Key AVG.Office not found
2011-02-17 22:39:41,979 INFO Processing registry AVG.Office.8
2011-02-17 22:39:41,979 DEBUG Key AVG.Office.8 ForceRemove
2011-02-17 22:39:41,979 DEBUG Key AVG.Office.8 not found
2011-02-17 22:39:41,979 INFO Processing registry avgtoolbar.AVGTOOLBAR
2011-02-17 22:39:41,979 DEBUG Key avgtoolbar.AVGTOOLBAR ForceRemove
2011-02-17 22:39:41,979 DEBUG Key avgtoolbar.AVGTOOLBAR not found
2011-02-17 22:39:41,979 INFO Processing registry avgtoolbar.AVGTOOLBARMenu Button
2011-02-17 22:39:41,979 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button ForceRemove
2011-02-17 22:39:41,979 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button not found
2011-02-17 22:39:41,979 INFO Processing registry avgtoolbar.AVGTOOLBARToggle Button
2011-02-17 22:39:41,979 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button ForceRemove
2011-02-17 22:39:41,979 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button not found
2011-02-17 22:39:41,979 INFO Processing registry LinkScannerIE.NavFilter
2011-02-17 22:39:41,979 DEBUG Key LinkScannerIE.NavFilter ForceRemove
2011-02-17 22:39:41,979 DEBUG Key LinkScannerIE.NavFilter not found
2011-02-17 22:39:41,979 INFO Processing registry LinkScannerIE.NavFilter.1
2011-02-17 22:39:41,979 DEBUG Key LinkScannerIE.NavFilter.1 ForceRemove
2011-02-17 22:39:41,979 DEBUG Key LinkScannerIE.NavFilter.1 not found
2011-02-17 22:39:41,979 INFO Processing registry CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
2011-02-17 22:39:41,979 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} ForceRemove
2011-02-17 22:39:41,979 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} not found
2011-02-17 22:39:41,979 INFO Processing registry CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A}
2011-02-17 22:39:41,979 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} ForceRemove
2011-02-17 22:39:41,979 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} not found
2011-02-17 22:39:41,979 INFO Processing registry CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
2011-02-17 22:39:41,979 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ForceRemove
2011-02-17 22:39:41,979 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} not found
2011-02-17 22:39:41,979 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2011-02-17 22:39:41,979 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2011-02-17 22:39:41,979 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2011-02-17 22:39:41,979 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2011-02-17 22:39:41,979 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2011-02-17 22:39:41,979 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2011-02-17 22:39:41,979 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}
2011-02-17 22:39:41,979 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} ForceRemove
2011-02-17 22:39:41,979 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} not found
2011-02-17 22:39:41,979 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
2011-02-17 22:39:41,979 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} ForceRemove
2011-02-17 22:39:41,979 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} not found
2011-02-17 22:39:41,979 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
2011-02-17 22:39:41,979 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} ForceRemove
2011-02-17 22:39:41,979 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} not found
2011-02-17 22:39:41,979 INFO Processing registry CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
2011-02-17 22:39:41,989 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} ForceRemove
2011-02-17 22:39:41,989 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} not found
2011-02-17 22:39:41,989 INFO Processing registry CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}
2011-02-17 22:39:41,989 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} ForceRemove
2011-02-17 22:39:41,989 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} not found
2011-02-17 22:39:41,989 INFO Processing registry CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2011-02-17 22:39:41,989 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2011-02-17 22:39:41,989 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2011-02-17 22:39:41,989 INFO Processing registry CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-02-17 22:39:41,989 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-02-17 22:39:41,989 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-02-17 22:39:41,989 INFO Processing registry Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D}
2011-02-17 22:39:41,989 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} ForceRemove
2011-02-17 22:39:41,989 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} not found
2011-02-17 22:39:41,989 INFO Processing registry Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C}
2011-02-17 22:39:41,989 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} ForceRemove
2011-02-17 22:39:41,989 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} not found
2011-02-17 22:39:41,989 INFO Processing registry Interface\{7F24AABF-C822-4C18-9432-21433208F4DC}
2011-02-17 22:39:41,989 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} ForceRemove
2011-02-17 22:39:41,989 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} not found
2011-02-17 22:39:41,989 INFO Processing registry TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30}
2011-02-17 22:39:41,989 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} ForceRemove
2011-02-17 22:39:42,019 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} not found
2011-02-17 22:39:42,019 INFO Processing registry TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}
2011-02-17 22:39:42,019 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} ForceRemove
2011-02-17 22:39:42,019 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} not found
2011-02-17 22:39:42,019 INFO Processing registry TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}
2011-02-17 22:39:42,019 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} ForceRemove
2011-02-17 22:39:42,019 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} not found
2011-02-17 22:39:42,019 INFO Processing registry TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2011-02-17 22:39:42,019 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2011-02-17 22:39:42,019 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2011-02-17 22:39:42,019 INFO ***** Files and folders *****
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 0
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 1
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 2
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 3
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 4
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 5
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 6
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 7
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 8
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 9
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 10
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 11
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 12
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 13
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 14
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 15
2011-02-17 22:39:42,019 DEBUG Missing ParentDir path for fileItem number 16
2011-02-17 22:39:42,019 DEBUG Processing item C:\Documents and Settings\Michael\Application Data\AVGTOOLBAR
2011-02-17 22:39:42,019 INFO Directory C:\Documents and Settings\Michael\Application Data\AVGTOOLBAR not found
2011-02-17 22:39:42,019 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-02-17 22:39:42,019 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0
2011-02-17 22:39:42,019 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0 not found
2011-02-17 22:39:42,019 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0
2011-02-17 22:39:42,019 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0 not found
2011-02-17 22:39:42,019 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.5
2011-02-17 22:39:42,019 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.5 not found
2011-02-17 22:39:42,019 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.5
2011-02-17 22:39:42,019 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.5 not found
2011-02-17 22:39:42,019 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk
2011-02-17 22:39:42,019 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk not found
2011-02-17 22:39:42,029 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk
2011-02-17 22:39:42,029 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk not found
2011-02-17 22:39:42,029 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.5.lnk
2011-02-17 22:39:42,029 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.5.lnk not found
2011-02-17 22:39:42,029 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.5.lnk
2011-02-17 22:39:42,029 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.5.lnk not found
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 27
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 28
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 29
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 30
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 31
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 32
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 33
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 34
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 35
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 36
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 37
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 38
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 39
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 40
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 41
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 42
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 43
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 44
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 45
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 46
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 47
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 48
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 49
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 50
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 51
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 52
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 53
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 54
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 55
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 56
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 57
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 58
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 59
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 60
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 61
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 62
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 63
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 64
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 65
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 66
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 67
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 68
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 69
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 70
2011-02-17 22:39:42,029 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages
2011-02-17 22:39:42,029 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages not found
2011-02-17 22:39:42,029 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2011-02-17 22:39:42,029 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar not found
2011-02-17 22:39:42,029 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-02-17 22:39:42,029 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 9.0.lnk
2011-02-17 22:39:42,029 INFO File C:\Documents and Settings\All Users\Desktop\avg 9.0.lnk not found
2011-02-17 22:39:42,029 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 9.0.lnk
2011-02-17 22:39:42,029 INFO File C:\Documents and Settings\All Users\Desktop\avg free 9.0.lnk not found
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 76
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 77
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 78
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 79
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 80
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 81
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 82
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 83
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 84
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 85
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 86
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 87
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 88
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 89
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 90
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 91
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 92
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 93
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 94
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 95
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 96
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 97
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 98
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 99
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 100
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 101
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 102
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 103
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 104
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 105
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 106
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 107
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 108
2011-02-17 22:39:42,029 DEBUG Missing ParentDir path for fileItem number 109
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 110
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 111
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 112
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 113
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 114
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 115
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 116
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 117
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 118
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 119
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 120
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 121
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 122
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 123
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 124
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 125
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 126
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 127
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 128
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 129
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 130
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 131
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 132
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 133
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 134
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 135
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 136
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 137
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 138
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 139
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 140
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 141
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 142
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 143
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 144
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 145
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 146
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 147
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 148
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 149
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 150
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 151
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 152
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 153
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 154
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 155
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 156
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 157
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 158
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 159
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 160
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 161
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 162
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 163
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 164
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 165
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 166
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 167
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 168
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 169
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 170
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 171
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 172
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 173
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 174
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 175
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 176
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 177
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 178
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 179
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 180
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 181
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 182
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 183
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 184
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 185
2011-02-17 22:39:42,039 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-02-17 22:39:42,039 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-02-17 22:39:42,039 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-02-17 22:39:42,039 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-02-17 22:39:42,039 DEBUG Processing item C:\WINDOWS\System32\Drivers
2011-02-17 22:39:42,039 DEBUG Processing item C:\WINDOWS\System32\Drivers\avg
2011-02-17 22:39:42,039 INFO Directory C:\WINDOWS\System32\Drivers\avg not found
2011-02-17 22:39:42,039 DEBUG Processing item C:\WINDOWS\System32
2011-02-17 22:39:42,039 DEBUG Processing item C:\Program Files\AVG
2011-02-17 22:39:42,039 DEBUG Directory C:\Program Files\AVG not deleted (error c0070091)
2011-02-17 22:39:42,039 DEBUG Missing ParentDir path for fileItem number 194
2011-02-17 22:39:42,039 INFO ***** Avg Fw NDIS driver *****
2011-02-17 22:39:42,310 INFO FW NDIS driver not present

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:58 PM

Posted 17 February 2011 - 06:20 PM

Jimsy,

We will be running ComboFix using a different method.

You will need to boot into Safe Mode:

Entering Safe Mode

  • Restart your computer.
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll to Safe Mode
  • Then press the Enter Key on your Keyboard
  • Go into your usual account


ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

REGISTRY::
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart]
[-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray]
[-HKEY_CURRENT_USER\Software\Avg]
[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\.avgdx]
[-HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}]
[-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}]
[-HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95} ]
[-HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}]
[-HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}]
[-HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
[-HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}]
[-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\06DD9E4F7F3FF9C41BC2BD64A2CE18FE]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1]
[-HKEY_CLASSES_ROOT\MicroScanner.MicroScanner]
[-HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABED-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEE-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEF-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}]
[-HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[-HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_CLASSES_ROOT\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}]
[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\avgsecuritytoolbar]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_CURRENT_USER\Software\AppDataLow\Avg]
[-HKEY_CURRENT_USER\Software\AVG Security Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG Security Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayWSAlert]
[-HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgtray]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg]
[-HKEY_USERS\.DEFAULT\Software\Avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"=-
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"=-
"avg@igeared"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList]
"AVG"=-

DRIVER::
Avg
AVGIDSAgent
AVGIDSDriver
AVGIDSEH
AVGIDSFilter
AVGIDSShim
Avgldx86
Avgmfx86
Avgrkx86
Avgtdix
avgwd
AVG Security Toolbar Service
avg9emc
avg9wd

FOLDER::
%SYSTEMDRIVE%\$AVG
%COMMONAPPDATA%\AVG10
%COMMONAPPDATA%\MFAData
%COMMONPROGRAMS%\AVG 2011
%APPDATA%\AVG10
%PROGRAMFILES%\AVG
%SYSTEM%\drivers\AVG
%COMMONAPPDATA%\AVG Security Toolbar
%COMMONAPPDATA%\avg9
%COMMONPrograms%\AVG Free 9.0

File::
%COMMONAPPDATA%\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat
%COMMONDESKTOP%\AVG 2011.lnk
%SYSTEM%\drivers\AVGIDSDriver.sys
%SYSTEM%\drivers\AVGIDSEH.sys
%SYSTEM%\drivers\AVGIDSFilter.sys
%SYSTEM%\drivers\AVGIDSShim.sys
%SYSTEM%\drivers\avgldx86.sys
%SYSTEM%\drivers\avgmfx86.sys
%SYSTEM%\drivers\avgrkx86.sys
%SYSTEM%\drivers\avgtdix.sys
%COMMONDesktop%\AVG Free 9.0.lnk
%PROGRAMFILES%\Mozilla Firefox\searchplugins\avg_igeared.xml
%SYSTEM%\avgrsstx.dll

SECCENTER::
AVG Anti-Virus Free

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript_AVG2011"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript_AVG2011
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript_AVG2011.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Jimsy

Jimsy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 18 February 2011 - 05:01 AM

Hiya ST,
I think I followed the steps to the letter but things didn't go too smoothly.
I booted into safemode and dragged the script into combofix.exe and a prompt mentioned something about forcefully removing AVG, so I clicked OK. And then, I received a warning that AVG Internet Security 2011 was detected to be running, same warning as before. Combofix froze my system again after that.

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:58 PM

Posted 18 February 2011 - 10:52 AM

WBEMTEST
--------------
We need to check the Antivirus/Firewall applications that are registered in Security Center.
Please make sure you do not make any other modifications except for those instructed below!

1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Click Connect.
4. In the top left box type root\SecurityCenter and click Connect
5. Click on Query
6. Type SELECT * FROM AntiVirusProduct and click on Apply

If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result and scroll down to Display name.
Please let me know how many entries are found and what the Display name is.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Jimsy

Jimsy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 18 February 2011 - 07:07 PM

Ok.

There was one entry found. It's display name is "AVG Internet Security 2011".

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:58 PM

Posted 18 February 2011 - 07:49 PM

Lets go ahead and manually delete this entry. After you do that attempt to run ComboFix again.

WBEMTEST
--------------
We need to check the Antivirus/Firewall applications that are registered in Security Center.
Please make sure you do not make any other modifications except for those instructed below!

1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Click Connect.
4. In the top left box type root\SecurityCenter and click Connect
5. Click on Query
6. Type SELECT * FROM AntiVirusProduct and click on Apply

Posted Image

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 Jimsy

Jimsy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 18 February 2011 - 11:43 PM

Ok, went through and deleted the entry and ran Combofix again. When Combofix started there was no warning but when I checked back 30 min later it was frozen. That was in Normal mode.
Tried again in SafeMode, didn't use the script either time and same result.

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:58 PM

Posted 19 February 2011 - 09:37 AM

Jimsy,


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    drivers32
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 Jimsy

Jimsy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 19 February 2011 - 06:09 PM

Hi,
I had to reinstall Malwarebytes' because I deleted it in one of the earlier steps but I was able to install, update and get a log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5814

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/19/2011 5:06:41 PM
mbam-log-2011-02-19 (17-06-41).txt

Scan type: Quick scan
Objects scanned: 142171
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The OTL Log:

OTL logfile created on: 2/19/2011 4:55:55 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 524.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 26.96 Gb Free Space | 72.35% Space Free | Partition Type: NTFS
Drive E: | 500.00 Mb Total Space | 225.48 Mb Free Space | 45.10% Space Free | Partition Type: FAT

Computer Name: PROFESSI-A609F0 | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/17 16:27:25 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
PRC - [2011/02/17 16:27:19 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe
PRC - [2011/02/14 16:36:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/24 13:43:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/02/14 16:36:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/08/24 13:43:54 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - [2010/06/19 19:19:09 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/09/28 21:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/24 13:43:54 | 000,024,872 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2008/04/13 12:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/07 14:36:16 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/06/18 16:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 16:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 16:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 16:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 16:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 16:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 16:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 16:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 01:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/06 23:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/25 15:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/01/25 15:26:36 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/01/25 15:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/06/24 14:16:30 | 000,265,744 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.aol.com/ [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011/02/17 16:27:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins

[2011/02/06 02:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2011/02/17 16:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\v31a7nqp.default\extensions
[2011/02/17 16:27:37 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\v31a7nqp.default\extensions\support@lastpass.com
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHAEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\V31A7NQP.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2011/02/06 03:02:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/06 03:03:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 10\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/10/30 12:41:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2011/02/15 16:48:41 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Computer, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256934665189 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools.webex.com/client/T27L10NSP11EP5/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/29 19:18:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/18 22:40:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/02/18 01:06:46 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/02/17 16:38:23 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Michael\Desktop\avgremover.exe
[2011/02/15 16:48:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/15 05:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/02/14 16:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\virus
[2011/02/13 01:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/02/06 12:46:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/06 12:31:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/06 12:31:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/06 12:31:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/06 12:31:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/06 12:30:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/06 12:29:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/06 12:25:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/02/06 03:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/06 03:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/06 03:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/02/06 03:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Sun
[2011/02/06 02:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\nUI
[2011/02/06 02:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Notepad++
[2011/02/06 02:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2011/02/06 02:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2011/02/06 02:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Notepad++
[2011/02/06 02:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\LastPass
[2011/02/06 02:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla
[2011/02/06 02:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Mozilla
[2011/02/06 02:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10
[2011/02/05 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/02/05 00:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/02/05 00:10:38 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2011/02/05 00:10:38 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2011/02/05 00:10:38 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2011/02/05 00:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/02/04 23:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Media Player Classic
[2011/02/04 23:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Player Classic - Home Cinema
[2011/02/04 23:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic - Home Cinema

========== Files - Modified Within 30 Days ==========

[2011/02/19 16:55:02 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8D50A92B-98B7-41DC-B06F-37B505851455}.job
[2011/02/19 16:53:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1993962763-839522115-1003UA.job
[2011/02/19 16:53:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1993962763-839522115-1003Core.job
[2011/02/19 16:52:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/19 16:51:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/18 04:05:56 | 004,270,719 | R--- | M] () -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2011/02/17 16:38:24 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Michael\Desktop\avgremover.exe
[2011/02/15 16:48:41 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/02/15 06:06:40 | 000,104,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/15 06:04:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/15 06:00:33 | 000,481,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/15 06:00:33 | 000,084,540 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/13 02:51:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/02/13 01:55:34 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/13 01:55:08 | 006,563,298 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\aedtools.zip
[2011/02/13 01:54:19 | 020,364,702 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\vlc-1.1.7-win32.exe
[2011/02/13 01:47:13 | 000,523,042 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\ffdshow-20020617-src.zip
[2011/02/06 12:46:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/02/06 02:46:54 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad++.lnk
[2011/02/06 02:44:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/02/06 02:44:27 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 10.lnk
[2011/01/28 02:00:00 | 000,080,896 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/28 02:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini

========== Files Created - No Company Name ==========

[2011/02/15 17:10:55 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Michael\new 1.txt
[2011/02/15 16:59:11 | 004,270,719 | R--- | C] () -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2011/02/13 02:51:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/02/13 01:55:34 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/13 01:55:08 | 006,563,298 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\aedtools.zip
[2011/02/13 01:54:13 | 020,364,702 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\vlc-1.1.7-win32.exe
[2011/02/13 01:47:11 | 000,523,042 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\ffdshow-20020617-src.zip
[2011/02/06 12:46:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/02/06 12:46:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/06 12:31:14 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/06 12:31:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/06 12:31:14 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/06 12:31:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/06 12:31:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/06 02:47:19 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad++.lnk
[2011/02/06 02:44:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/06 02:44:27 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 10.lnk
[2011/02/06 02:44:25 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox 4.0 Beta 10.lnk
[2011/02/05 00:10:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/05 00:10:42 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/02/05 00:10:38 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2011/02/05 00:10:37 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/05 00:10:37 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/05 00:10:36 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/08 21:00:54 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/06/22 13:59:22 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\rindar.sys
[2010/04/30 16:48:47 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wJtM045j.dat
[2010/04/30 15:46:08 | 000,000,440 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/02 19:53:36 | 000,010,278 | -HS- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\8Cq4r
[2010/04/02 19:53:36 | 000,010,278 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8Cq4r
[2009/10/29 20:25:40 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/10/29 19:26:55 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/10/29 19:26:54 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/10/29 19:26:39 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/10/29 19:26:38 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/10/29 19:26:37 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/10/29 19:22:34 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/10/29 19:22:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/29 13:06:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/06/24 14:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

========== LOP Check ==========

[2011/02/05 20:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2009/10/29 20:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/12/25 20:16:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/25 20:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/26 10:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\AVG10
[2009/10/29 20:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Canneverbe_Limited
[2010/01/25 11:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\InterVideo
[2011/02/06 12:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Notepad++
[2011/02/19 16:55:02 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8D50A92B-98B7-41DC-B06F-37B505851455}.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-19 22:55:20

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users