Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE redirecting, accessing sites even when closed?


  • This topic is locked This topic is locked
17 replies to this topic

#1 JJJDH

JJJDH

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 28 March 2011 - 06:27 AM

Hi all and thankyou for volunteering your time to help us mere mortals......
The problem:
About a week ago was infected with "Windows Diagnostic" Malware.
Fortunately recognised it as an impostor and thought I had managed to clear it with a combination of Rkill, Malwarebytes, SuperAntiSpyware, ESET online and Avira Premium.
The initial infection is no longer obvious (to me), but all is not well as Explorer randomly redirects me to other sites (from both clicking on search results and typing in the address bar). Tried Chrome but affects that as well.
Of more concern it seems to be running in the background and connecting to a variety of sites of its own accord, a couple that come up repeatedly are bighealthtree, affgold, clickpayz.
The connection light on my modem is flashing away constantly and I'm concerned whats being uploaded and downloaded so I've unplugged the desktop and am using a Netbook to type this (log files are still from the infected desktop). Excuse any typo's - big fingers, small keys.

I've updated Java and Adobe Acrobat, cleared temp files and run the programs mentioned above.
That was before coming across bleeping computer, and realizing I should have come here before doing anything.
Hopefully you can still help me sort this out.
(I ran GMER as instructed but it came up with an error message near the end of the process ".....has encountered a problem and needs to close" but still allowed me to save the log file if I didn't click okay).
DDS and GMER info following.
Thanks for your help, let me know if you need more information.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Marika at 22:53:55.81 on Sun 27/03/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1023.517 [GMT 11:00]
.
AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marika\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = proxy.iprimus.com.au:8080
uInternet Settings,ProxyOverride = *.IPrimus.com.au;10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;192.168.*;192.168.1.1;<local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [PowerBar]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-22 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2010-2-22 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-22 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-22 267432]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2010-2-22 405672]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-22 60936]
R2 BT848;MuchTV Fusion WDM Video Capture;c:\windows\system32\drivers\Bt848.sys [2005-4-23 99334]
R2 BTTUNER;MuchTV Fusion WDM Tuner;c:\windows\system32\drivers\BtTuner.sys [2005-4-23 13898]
R2 BTXBAR;MuchTV Fusion WDM Crossbar;c:\windows\system32\drivers\BtXBar.sys [2005-4-23 6936]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-3 99376]
S2 gupdate1c95d0bff7b4764;Google Update Service (gupdate1c95d0bff7b4764);c:\program files\google\update\GoogleUpdate.exe [2008-12-13 133104]
S3 DCamUSB20;Hi-Speed USB DVD Creator;c:\windows\system32\drivers\CsMini20.sys [2009-5-24 46248]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-6-24 11520]
S3 Z550bus;Sony Ericsson Z550 driver (WDM);c:\windows\system32\drivers\Z550bus.sys [2006-2-8 60800]
S3 Z550mdfl;Sony Ericsson Z550 USB WMC Modem Filter;c:\windows\system32\drivers\Z550mdfl.sys [2006-2-8 9264]
S3 Z550mdm;Sony Ericsson Z550 USB WMC Modem Driver;c:\windows\system32\drivers\Z550mdm.sys [2006-2-8 96352]
S3 Z550mgmt;Sony Ericsson Z550 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\Z550mgmt.sys [2006-2-8 87824]
S3 Z550obex;Sony Ericsson Z550 USB WMC OBEX Interface;c:\windows\system32\drivers\Z550obex.sys [2006-2-8 85696]
.
=============== File Associations ===============
.
scrfile="%1" /S "%3"
.
=============== Created Last 30 ================
.
2011-03-27 10:28:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-27 10:28:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-26 12:39:16 -------- d-----w- c:\program files\ESET
2011-03-26 12:31:12 -------- d-----w- c:\program files\SpywareBlaster
2011-03-23 09:56:41 -------- d-----w- c:\docume~1\marika\applic~1\SUPERAntiSpyware.com
2011-03-23 09:56:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-03-23 09:56:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-22 11:25:55 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-03-21 10:57:16 -------- d-----w- c:\docume~1\marika\applic~1\Malwarebytes
2011-03-21 10:56:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-21 10:56:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-21 10:56:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ---ha-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ---ha-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ---ha-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ---ha-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ---ha-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ---ha-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ---ha-w- c:\windows\system32\win32k.sys
2004-03-11 03:27:22 40960 ------w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 22:55:16.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:28 AM

Posted 03 April 2011 - 08:57 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 JJJDH

JJJDH
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 04 April 2011 - 06:09 AM

Hi Myrti and thanks for your help.
Apart from the information in the opening post, the only other things I can think of are that the "Windows Diagnostic" malware started on the 21st March around 2pm. Two files in the applications folder seemed to be associated with the infection (they also came up in the Rkill scan: 180407220 and WmxemlFoTcFj).
As mentioned I've run various anti malware programs which appear to have cleared the initial infection, let me know if you need the logs from those scans.
PS I haven't backed up recently, is it safe to do so while the computer is still infected? Don't want to corrupt my existing backup by connecting the external HDD.

OTL logs:

OTL logfile created on: 4/04/2011 8:29:37 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Marika\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 514.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 73.98 Gb Free Space | 49.64% Space Free | Partition Type: NTFS

Computer Name: MARIKA-0FB3B5D3 | User Name: Marika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/04 20:28:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marika\Desktop\OTL.exe
PRC - [2010/11/19 12:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/04/25 00:27:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/04/25 00:26:56 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010/04/25 00:26:55 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/04/25 00:26:54 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010/04/25 00:26:54 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/04/25 00:26:54 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/02 13:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2004/04/01 10:52:06 | 001,368,064 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/04/04 20:28:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marika\Desktop\OTL.exe
MOD - [2010/08/24 02:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/19 12:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/04/25 00:27:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/04/25 00:26:56 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010/04/25 00:26:54 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010/04/25 00:26:54 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2007/02/02 13:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/25 00:27:03 | 000,124,784 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/04/25 00:27:02 | 000,060,936 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/02/26 14:32:58 | 000,008,192 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/22 21:17:00 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/22 21:14:34 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/02/13 12:02:52 | 000,011,520 | -H-- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/09/02 18:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2008/09/02 18:00:00 | 000,099,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/08/26 10:26:12 | 000,018,816 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/03 18:49:15 | 000,123,952 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/04/14 04:45:29 | 000,010,624 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/07/03 16:58:20 | 000,106,792 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/24 10:33:46 | 000,100,488 | RH-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/24 10:33:46 | 000,098,696 | RH-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 10:33:44 | 000,108,680 | RH-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 10:33:42 | 000,015,112 | RH-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 10:33:34 | 000,083,336 | RH-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007/01/24 13:57:38 | 000,073,728 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/01/22 09:43:26 | 000,053,376 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007/01/12 20:41:32 | 000,113,792 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/01/12 20:16:54 | 000,040,576 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2006/11/20 16:55:16 | 000,036,480 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/10 18:33:00 | 000,041,600 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/07/24 16:05:00 | 000,005,632 | -H-- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/03/31 20:20:36 | 000,022,768 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/02/08 15:30:34 | 000,085,696 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Z550obex.sys -- (Z550obex)
DRV - [2006/02/08 15:29:48 | 000,087,824 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Z550mgmt.sys -- (Z550mgmt) Sony Ericsson Z550 USB WMC Device Management Drivers (WDM)
DRV - [2006/02/08 15:29:00 | 000,096,352 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Z550mdm.sys -- (Z550mdm)
DRV - [2006/02/08 15:28:56 | 000,009,264 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Z550mdfl.sys -- (Z550mdfl)
DRV - [2006/02/08 15:28:10 | 000,060,800 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Z550bus.sys -- (Z550bus) Sony Ericsson Z550 driver (WDM)
DRV - [2005/08/01 15:45:00 | 000,064,896 | -H-- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/01/06 12:42:00 | 000,018,612 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/01 13:12:28 | 000,873,984 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/13 12:56:20 | 000,005,810 | RH-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/06/16 07:14:00 | 000,180,480 | -H-- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/04/26 11:49:56 | 000,381,056 | -H-- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/04/14 11:08:00 | 000,044,064 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003/12/05 20:46:36 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/11/26 23:15:04 | 000,052,808 | RH-- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2003/10/15 16:52:50 | 000,174,530 | RH-- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2003/07/16 14:58:30 | 000,013,056 | -H-- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003/05/16 13:57:00 | 000,046,248 | -H-- | M] (Crescentec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CsMini20.sys -- (DCamUSB20)
DRV - [2003/03/28 11:52:48 | 000,013,898 | -H-- | M] (TelSignal Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BtTuner.sys -- (BTTUNER)
DRV - [2003/03/28 11:52:48 | 000,006,936 | -H-- | M] (TelSignal Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BtXBar.sys -- (BTXBAR)
DRV - [2003/03/28 11:52:46 | 000,099,334 | -H-- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Bt848.sys -- (BT848)
DRV - [2003/01/10 10:56:34 | 000,030,921 | -H-- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/11/05 16:56:48 | 000,012,692 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cresscan.sys -- (Usb20Scan)
DRV - [2002/09/20 12:53:34 | 000,235,100 | -H-- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2001/08/18 00:00:04 | 000,002,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [1999/05/21 01:00:00 | 000,015,488 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys -- (ScFBPNT2)
DRV - [1997/04/22 10:16:00 | 000,006,272 | -H-- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.iprimus.com.au;*.primustel.com.au;*.primus.com.au;192.*;172.*;127.*;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.iprimus.com.au:8080

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.iprimus.com.au;*.primustel.com.au;*.primus.com.au;192.*;172.*;127.*;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.iprimus.com.au:8080



IE - HKU\S-1-5-21-1275210071-515967899-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1275210071-515967899-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1275210071-515967899-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1275210071-515967899-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-515967899-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.IPrimus.com.au;10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;192.168.*;192.168.1.1;<local>
IE - HKU\S-1-5-21-1275210071-515967899-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.iprimus.com.au:8080



O1 HOSTS File: ([2004/08/04 22:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1275210071-515967899-839522115-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-515967899-839522115-1003\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1275210071-515967899-839522115-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ATICCC] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-1275210071-515967899-839522115-1003..\Run: [PowerBar] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-515967899-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1275210071-515967899-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Marika/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marika\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marika\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/30 11:10:12 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{740e7ad6-aeb8-11dc-96e5-0011d8309056}\Shell\AutoRun\command - "" = E:\AutoTransfer.exe
O33 - MountPoints2\{848f2b92-6131-11dd-9820-0011d8309056}\Shell - "" = AutoRun
O33 - MountPoints2\{848f2b92-6131-11dd-9820-0011d8309056}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{848f2b92-6131-11dd-9820-0011d8309056}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{c5091565-7ebc-11df-9be4-0011d8309056}\Shell - "" = AutoRun
O33 - MountPoints2\{c5091565-7ebc-11df-9be4-0011d8309056}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c5091565-7ebc-11df-9be4-0011d8309056}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "RDSessMgr"
MsConfig - Services: "RasMan"
MsConfig - Services: "RasAuto"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe - (TOSHIBA CORPORATION.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MuchTV Remote.lnk - C:\Program Files\MuchTV\TVRMVCR.EXE - (TelSignal Co., Ltd.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe - (Nikon Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe - (WDC)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe - (Western Digital)
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found
MsConfig - StartUpReg: EverioService - hkey= - key= - C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Launch Ai Booster - hkey= - key= - C:\Program Files\ASUS\Ai Booster\OverClk.exe ()
MsConfig - StartUpReg: Monitor - hkey= - key= - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: PE2CKFNT SE - hkey= - key= - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe ()
MsConfig - StartUpReg: Power2GoExpress - hkey= - key= - C:\Program Files\ASUS\Ai Booster\OverClk.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: WmxemlFoTcFj - hkey= - key= - File not found
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Macromedia Shockwave Director 10.1.1
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink DVD Solution\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\Vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/04 20:28:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marika\Desktop\OTL.exe
[2011/03/27 22:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marika\Desktop\gmer
[2011/03/27 21:32:53 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Marika\Desktop\TDSSKiller.exe
[2011/03/27 21:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marika\Desktop\tdsskiller
[2011/03/27 21:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marika\My Documents\Downloads
[2011/03/27 20:34:45 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Marika\Desktop\ATF-Cleaner.exe
[2011/03/27 20:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/27 20:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/27 20:28:26 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/27 20:28:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/27 20:28:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/27 20:28:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/27 20:28:26 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/26 22:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/26 22:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/26 22:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/03/26 22:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/03/26 22:30:46 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Marika\Desktop\spywareblastersetup44.exe
[2011/03/23 19:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marika\Application Data\SUPERAntiSpyware.com
[2011/03/23 19:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/03/23 19:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/03/23 19:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/22 21:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/22 21:25:55 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/03/22 20:57:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Marika\Recent
[2011/03/22 19:27:18 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/03/21 20:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marika\Application Data\Malwarebytes
[2011/03/21 20:56:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/21 20:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/21 20:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/04 20:33:04 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/04 20:28:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marika\Desktop\OTL.exe
[2011/04/04 20:19:02 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/04 20:18:39 | 000,013,748 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/04 20:18:36 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/04 20:18:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/04 20:18:21 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/30 22:51:58 | 000,000,149 | -H-- | M] () -- C:\WINDOWS\IFOLDER.INI
[2011/03/30 22:51:57 | 000,019,826 | -H-- | M] () -- C:\WINDOWS\TSCTVFM.INI
[2011/03/30 22:51:57 | 000,001,392 | -H-- | M] () -- C:\WINDOWS\TSCTV.INI
[2011/03/30 22:51:57 | 000,000,109 | -H-- | M] () -- C:\WINDOWS\TSNV_I2C.INI
[2011/03/30 19:40:36 | 000,000,038 | -H-- | M] () -- C:\WINDOWS\FASTTV.INI
[2011/03/27 22:01:02 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Marika\Desktop\gmer.zip
[2011/03/27 21:53:36 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Marika\Desktop\dds.scr
[2011/03/27 21:32:19 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Marika\Desktop\tdsskiller.zip
[2011/03/27 21:10:10 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Marika\Desktop\Google Chrome.lnk
[2011/03/27 21:10:10 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Marika\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/27 20:34:45 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Marika\Desktop\ATF-Cleaner.exe
[2011/03/27 20:28:13 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/27 20:28:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/27 20:28:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/27 20:28:13 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/27 20:28:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/27 20:22:24 | 000,294,864 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/26 22:31:14 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Marika\Desktop\SpywareBlaster.lnk
[2011/03/26 22:30:56 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Marika\Desktop\spywareblastersetup44.exe
[2011/03/24 19:24:49 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Marika\Application Data\1.gif
[2011/03/23 23:20:39 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Marika\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2011/03/23 22:54:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/03/23 19:56:33 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/22 21:26:00 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/22 20:16:54 | 001,006,764 | ---- | M] () -- C:\Documents and Settings\Marika\Desktop\iExplore.exe
[2011/03/17 10:13:22 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/14 15:18:02 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/14 12:30:38 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Marika\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2011/03/10 11:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Marika\Desktop\TDSSKiller.exe
[2011/03/10 08:23:17 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Marika\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/27 22:01:02 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Marika\Desktop\gmer.zip
[2011/03/27 21:53:36 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Marika\Desktop\dds.scr
[2011/03/27 21:32:15 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Marika\Desktop\tdsskiller.zip
[2011/03/27 21:10:10 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Marika\Desktop\Google Chrome.lnk
[2011/03/27 21:10:10 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Marika\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/26 22:31:14 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Marika\Desktop\SpywareBlaster.lnk
[2011/03/24 20:02:20 | 1073,008,640 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/24 19:24:49 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Marika\Application Data\1.gif
[2011/03/23 19:56:33 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/22 21:26:00 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/22 19:36:58 | 001,006,764 | ---- | C] () -- C:\Documents and Settings\Marika\Desktop\iExplore.exe
[2010/10/16 21:41:16 | 001,355,899 | -H-- | C] () -- C:\WINDOWS\UnInstallNetCommADSL.dll
[2010/08/01 00:11:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/08/01 00:03:03 | 000,005,632 | -H-- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/06/26 01:43:27 | 000,024,576 | RH-- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/06/26 01:43:26 | 000,052,808 | RH-- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/06/26 01:43:23 | 000,003,328 | -H-- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp.sys
[2010/06/26 01:38:05 | 000,006,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2010/05/30 21:14:55 | 000,087,552 | -H-- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/04/02 20:38:54 | 000,774,496 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2010/04/02 20:38:17 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\grwinsthlp.exe
[2009/10/24 10:31:20 | 000,063,600 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/23 23:14:47 | 000,191,976 | -H-- | C] () -- C:\WINDOWS\cres1100.exe
[2009/05/23 23:14:47 | 000,099,672 | -H-- | C] () -- C:\WINDOWS\dibapi32.dll
[2009/05/23 23:14:47 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\System32\cresvfw.dll
[2009/05/23 23:14:47 | 000,036,352 | -H-- | C] () -- C:\WINDOWS\System32\Preview.dll
[2009/05/23 23:14:47 | 000,012,692 | -H-- | C] () -- C:\WINDOWS\System32\drivers\cresscan.sys
[2009/05/21 21:48:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/21 20:32:59 | 000,000,074 | -H-- | C] () -- C:\WINDOWS\MPLAYER.INI
[2009/01/21 20:31:00 | 000,338,944 | -H-- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/01/21 20:31:00 | 000,122,880 | -H-- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/10/11 12:06:57 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/03/27 20:42:06 | 000,000,043 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2008/03/06 21:29:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\mngui.INI
[2008/02/19 16:33:34 | 000,446,352 | -H-- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/01/06 01:18:21 | 000,198,144 | -H-- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/12/31 22:04:34 | 000,000,097 | -H-- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2007/12/31 21:57:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007/11/04 00:18:17 | 000,032,353 | -H-- | C] () -- C:\WINDOWS\SGTBox.INI
[2007/11/03 22:54:59 | 000,200,704 | RH-- | C] () -- C:\WINDOWS\sel3110.exe
[2007/11/03 22:54:59 | 000,040,960 | RH-- | C] () -- C:\WINDOWS\CleanDev.exe
[2007/11/03 22:54:58 | 000,032,528 | RH-- | C] () -- C:\WINDOWS\amcap.exe
[2007/09/22 12:58:07 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\sss20.INI
[2007/07/14 18:37:42 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/12/16 15:11:36 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/05 12:05:06 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006/07/27 20:13:14 | 000,122,880 | -H-- | C] () -- C:\WINDOWS\UnGins.exe
[2006/05/21 11:33:29 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\impborl.dll
[2006/03/09 17:22:40 | 000,101,159 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/03/09 17:22:40 | 000,026,154 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/03/09 17:22:40 | 000,024,903 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/03/09 17:22:40 | 000,021,390 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/03/09 17:22:40 | 000,020,148 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/03/09 17:22:40 | 000,011,811 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/03/09 17:22:40 | 000,004,943 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/03/09 17:22:40 | 000,001,146 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2006/03/09 17:22:40 | 000,001,139 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/03/09 17:22:40 | 000,001,139 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/03/09 17:22:40 | 000,001,136 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/03/09 17:22:40 | 000,001,129 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/03/09 17:22:40 | 000,001,129 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/03/09 17:22:40 | 000,001,120 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2006/03/09 17:22:40 | 000,001,107 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2006/03/09 17:22:40 | 000,001,104 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/03/09 17:22:40 | 000,000,099 | -H-- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/03/09 17:13:57 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\CDE RX530EC.ini
[2005/08/28 22:25:09 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\CpInstallExe.exe
[2005/07/22 20:30:20 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/05/25 07:32:44 | 000,524,288 | -H-- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/05/02 18:15:34 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/04/28 14:22:38 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/28 14:22:34 | 000,831,488 | -H-- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/28 14:22:34 | 000,159,744 | -H-- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/04/24 21:06:31 | 000,000,038 | -H-- | C] () -- C:\WINDOWS\TVRMT.INI
[2005/04/23 22:33:56 | 000,000,038 | -H-- | C] () -- C:\WINDOWS\FASTTV.INI
[2005/04/23 22:33:26 | 000,000,109 | -H-- | C] () -- C:\WINDOWS\TSNV_I2C.INI
[2005/04/23 22:33:25 | 000,000,149 | -H-- | C] () -- C:\WINDOWS\IFOLDER.INI
[2005/04/23 22:32:21 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\DTVDRV.DLL
[2005/04/23 22:32:21 | 000,012,188 | -H-- | C] () -- C:\WINDOWS\System32\DTVDRVNT.SYS
[2005/04/23 22:32:21 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\TSCFM.INI
[2005/04/23 22:30:19 | 000,000,062 | -H-- | C] () -- C:\WINDOWS\System32\ERRMSG.INI
[2005/04/23 22:30:18 | 000,022,087 | -H-- | C] () -- C:\WINDOWS\TSCTVMSG.INI
[2005/04/23 22:30:18 | 000,019,826 | -H-- | C] () -- C:\WINDOWS\TSCTVFM.INI
[2005/04/23 22:30:18 | 000,001,392 | -H-- | C] () -- C:\WINDOWS\TSCTV.INI
[2005/04/03 13:30:22 | 000,020,450 | -H-- | C] () -- C:\WINDOWS\SICALIB2.DAT
[2005/04/03 12:31:46 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\A4W.INI
[2005/04/03 12:28:03 | 000,000,506 | -H-- | C] () -- C:\WINDOWS\ULEAD32.INI
[2005/04/03 12:22:17 | 000,015,488 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2005/03/31 20:28:12 | 000,162,816 | ---- | C] () -- C:\Documents and Settings\Marika\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/29 22:23:19 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/03/29 22:22:08 | 000,294,864 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/29 14:15:03 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/29 14:07:21 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2005/03/29 13:35:48 | 000,005,810 | RH-- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2005/03/29 13:35:47 | 000,003,621 | -H-- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/03/29 13:35:45 | 000,005,824 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/03/29 13:25:46 | 000,516,096 | -H-- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/03/29 13:03:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/03/29 12:58:19 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 22:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 22:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 22:00:00 | 000,444,336 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 22:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 22:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 22:00:00 | 000,072,020 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 22:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 22:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 22:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 22:00:00 | 000,004,461 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 22:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 22:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/11/21 00:00:00 | 000,022,016 | -H-- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/21 00:00:00 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 10:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 10:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 21:26:03 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 20:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 22:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Marika\Local Settings\Temp\RarSFX1\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Marika\Local Settings\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Marika\Local Settings\Temp\RarSFX20\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Marika\Local Settings\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Marika\Local Settings\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Marika\Local Settings\Temp\RarSFX5\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Marika\Local Settings\Temp\RarSFX8\h\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 22:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Marika\Local Settings\Temp\RarSFX1\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Marika\Local Settings\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Marika\Local Settings\Temp\RarSFX20\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Marika\Local Settings\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Marika\Local Settings\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Marika\Local Settings\Temp\RarSFX5\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Marika\Local Settings\Temp\RarSFX8\winlogon.exe
[2008/04/14 10:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 10:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 4/04/2011 8:29:37 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Marika\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 514.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 73.98 Gb Free Space | 49.64% Space Free | Partition Type: NTFS

Computer Name: MARIKA-0FB3B5D3 | User Name: Marika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.scr [@ = scrfile] -- "%1" /S "%3"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S "%3"
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe" = C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" = C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program -- (CyberLink Corp.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
"C:\Documents and Settings\Marika\My Documents\Micks Docs\Messenger\YServer.exe" = C:\Documents and Settings\Marika\My Documents\Micks Docs\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger
"C:\Documents and Settings\Marika\My Documents\Micks Docs\Messenger\YahooMessenger.exe" = C:\Documents and Settings\Marika\My Documents\Micks Docs\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0139DE0C-96E3-41BB-A512-C864A05FDE94}" = Hi-Speed DVD Creator
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D03E0AF-A6D1-407A-AAF5-5B429D271EC5}" = LeapFrog MyOwnLeaptop Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{27F650A9-6FAB-41C8-8621-92FF0118B0C4}" = EPSON Easy Photo Print
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 3.0
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F27B840-7A12-11D4-A137-005004B6E48A}" = Create!form2
"{5404E185-BD7C-4A72-ABD0-91A411A05726}" = Ulead VideoStudio 6 SE DVD
"{5AE0FA6B-6DA8-43E0-ADA6-816E432987CE}" = Garmin City Navigator Australia and New Zealand NT 2010.10 Update
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74BF0A46-DF67-4D86-B038-BF0E51871B66}" = Ai Booster
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BC43240-7AC3-11D5-A4FA-303C52C11C00}" = MuchTV
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BEA2FF8E-50A3-4C6D-955E-5632C881753F}" = NetComm NB6 Series ADSL2+ Router USB Driver
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD0DC280-2489-4464-A2FC-16104676394A}" = WD SmartWare
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DDC63227-BA06-4855-B002-BDB49E9F677E}" = Symantec Technical Support Web Controls
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2A91211-3C46-4E11-A536-FC0146D71D82}" = Samsung PC Studio 3
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ASUS Probe V2.23.01" = ASUS Probe V2.23.01
"AsusUpdate" = AsusUpdate
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CanoCraft CS-P 3.7" = Canon CanoCraft CS-P 3.7
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS
"Combat Flight Simulator 3.0" = Microsoft Combat Flight Simulator 3.0
"Crimson Skies 1.0" = Microsoft Crimson Skies
"CutePDF Writer Installation" = CutePDF Writer 2.8
"D-Link VGA Webcam" = D-Link VGA Webcam
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"ESPRX530 User's Guide" = ESPRX530 User's Guide
"e-tax 2005" = e-tax 2005
"e-tax 2006" = e-tax 2006
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Family Tree Maker" = Family Tree Maker 8.0
"FreeSpace2OEM" = FreeSpace 2: Colossus
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HandyAvi_is1" = HandyAvi 4.3
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IL-2 Sturmovik" = IL-2 Sturmovik
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"IrfanView" = IrfanView (remove only)
"iriver plus 3" = iriver plus 3 (remove only)
"LeaptopPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Ovulation Calendar" = Ovulation Calendar
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Ulead Photo Express 2.0 SE" = Ulead Photo Express 2.0 SE
"UPCShell" = LeapFrog Connect
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1275210071-515967899-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:28 AM

Posted 04 April 2011 - 10:03 AM

Hi,

I see a lot of proxies set up for Internet Explorer and Firefox, did you set those up?

Do you use a router to connect to the internet?

It would probably be good if you could make a separate backup from the infected PC. We try of course our best to keep things as they are, but sometimes things go wrong and stuff gets lost. In that case an infected backup is WAY better than no backup.

regards myrti

Edited by myrti, 04 April 2011 - 10:04 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 JJJDH

JJJDH
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 05 April 2011 - 03:58 AM

Hi Myrti,
When I upgraded to ADSL2, I purchased a wireless modem/router from my ISP iPrimus (NetComm NB6plus4W).
The ISP installation / setup CD automatically configured IE and I think set up the proxies.
The connection was really slow, so I changed the setting to "Automatically detect settings" which got it up to a respectable speed.
I'm not sure if all the proxies you're seeing are related to Iprimus, but I think it would be safe to delete as I can connect through the same router with my netbook using only "Automatically detect settings".
I don't recall installing Firefox (but might well have forgotten about it) and haven't used it recently, but I assume the proxies would be inherited from the IE connection settings?
Will backup essential folders now.

Thanks
Justin

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:28 AM

Posted 05 April 2011 - 08:21 AM

Hi,

are you the only one using that router? Can you go online directly without the router. Do the redirects persist in that case?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 JJJDH

JJJDH
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 05 April 2011 - 08:53 AM

Hi Myrti,
The router and modem are combined in one unit. Don't think I can connect without plugging into the router?
The connection is shared between a desktop PC and a netbook (which I'm using at the moment), usually only one at a time.
I don't get the re-direct problem on the netbook...

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:28 AM

Posted 05 April 2011 - 10:25 AM

Hi,

can you please run a scan with Combofix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 JJJDH

JJJDH
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 06 April 2011 - 06:42 AM

Hi Myrti,
Launched Combofix and the following message came up first:
- Driver VOLSNAP.SYS is patched with a root kit and needs to be repaired (or something to that effect).
- Next message was: "Combofix has detected the presence of rootkit activity and needs to reboot the machine"
After that it said a newer version was available and then ran as normal, downloaded MS Recovery Console etc.


ComboFix 11-04-05.02 - Marika 06/04/2011 21:15:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1023.557 [GMT 10:00]
Running from: c:\documents and settings\Marika\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Marika\Local Settings\Temporary Internet Files\bmp7B.tmp
c:\documents and settings\Marika\Local Settings\Temporary Internet Files\ip3picfile.temp
c:\documents and settings\Marika\WINDOWS
c:\windows\desktop
c:\windows\desktop\digital_engraving.pdf
c:\windows\system\BCBSMP35.BPL
c:\windows\system32\setup.exe.tmp
c:\windows\system32\Thumbs.db
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((( Files Created from 2011-03-06 to 2011-04-06 )))))))))))))))))))))))))))))))
.
.
2011-04-04 10:20 . 2011-04-04 10:20 526382 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-27 10:32 . 2011-03-27 10:32 -------- d-----w- c:\program files\Common Files\Java
2011-03-27 10:28 . 2011-03-27 10:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-27 10:28 . 2011-03-27 10:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-26 12:39 . 2011-03-26 12:39 -------- d-----w- c:\program files\ESET
2011-03-26 12:31 . 2011-03-30 09:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-26 12:31 . 2011-03-26 12:34 -------- d-----w- c:\program files\SpywareBlaster
2011-03-23 09:56 . 2011-03-23 09:56 -------- d-----w- c:\documents and settings\Marika\Application Data\SUPERAntiSpyware.com
2011-03-23 09:56 . 2011-03-23 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-23 09:56 . 2011-03-23 09:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-22 11:25 . 2011-03-22 11:26 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-03-22 09:27 . 2011-03-22 09:27 -------- d-----w- c:\documents and settings\Administrator
2011-03-21 10:57 . 2011-03-21 10:57 -------- d-----w- c:\documents and settings\Marika\Application Data\Malwarebytes
2011-03-21 10:56 . 2010-12-20 07:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-21 10:56 . 2011-03-21 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-21 10:56 . 2011-03-22 11:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 12:00 270848 ---ha-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00 186880 ---ha-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2005-03-29 02:57 2067456 ---ha-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-03-29 02:57 677888 ---ha-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 12:00 439296 ---ha-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 12:00 290048 ---ha-w- c:\windows\system32\atmfd.dll
2004-03-11 03:27 . 2005-03-29 04:07 40960 ------w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-11 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-04-24 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MuchTV Remote.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MuchTV Remote.lnk
backup=c:\windows\pss\MuchTV Remote.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ---ha-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2006-11-22 10:10 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-03-18 11:30 188416 ---h--w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 05:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
2004-08-17 06:57 3412480 ----a-w- c:\program files\ASUS\Ai Booster\OverClk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2010-11-19 02:38 193880 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 00:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
1998-07-03 02:51 25088 ------w- c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2004-08-17 06:57 3412480 ----a-w- c:\program files\ASUS\Ai Booster\OverClk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 14:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 09:42 32768 ------w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-06-12 21:16 528384 ------r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-03-16 22:24 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-10-11 01:26 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 05:45 313472 ------r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [18/02/2010 4:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 4:41 AM 67656]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [22/02/2010 9:32 PM 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/02/2010 9:32 PM 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [22/02/2010 9:32 PM 405672]
R2 BT848;MuchTV Fusion WDM Video Capture;c:\windows\system32\drivers\Bt848.sys [23/04/2005 10:28 PM 99334]
R2 BTTUNER;MuchTV Fusion WDM Tuner;c:\windows\system32\drivers\BtTuner.sys [23/04/2005 10:28 PM 13898]
R2 BTXBAR;MuchTV Fusion WDM Crossbar;c:\windows\system32\drivers\BtXBar.sys [23/04/2005 10:28 PM 6936]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14/10/2009 2:31 PM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 9:58 AM 20480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [3/09/2008 6:47 PM 99376]
S2 gupdate1c95d0bff7b4764;Google Update Service (gupdate1c95d0bff7b4764);c:\program files\Google\Update\GoogleUpdate.exe [13/12/2008 8:17 PM 133104]
S3 DCamUSB20;Hi-Speed USB DVD Creator;c:\windows\system32\drivers\CsMini20.sys [23/05/2009 11:14 PM 46248]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [23/06/2010 11:35 PM 11520]
S3 Z550bus;Sony Ericsson Z550 driver (WDM);c:\windows\system32\drivers\Z550bus.sys [8/02/2006 3:28 PM 60800]
S3 Z550mdfl;Sony Ericsson Z550 USB WMC Modem Filter;c:\windows\system32\drivers\Z550mdfl.sys [8/02/2006 3:28 PM 9264]
S3 Z550mdm;Sony Ericsson Z550 USB WMC Modem Driver;c:\windows\system32\drivers\Z550mdm.sys [8/02/2006 3:29 PM 96352]
S3 Z550mgmt;Sony Ericsson Z550 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\Z550mgmt.sys [8/02/2006 3:29 PM 87824]
S3 Z550obex;Sony Ericsson Z550 USB WMC OBEX Interface;c:\windows\system32\drivers\Z550obex.sys [8/02/2006 3:30 PM 85696]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 02:34]
.
2011-04-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-09 12:08]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-13 11:59]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-13 11:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = proxy.iprimus.com.au:8080
uInternet Settings,ProxyOverride = *.IPrimus.com.au;10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;192.168.*;192.168.1.1;<local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-PowerBar - (no file)
HKLM-Run-ATICCC - c:\program files\ATI Technologies\ATI.ACE\cli.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe
MSConfigStartUp-WmxemlFoTcFj - c:\documents and settings\All Users\Application Data\WmxemlFoTcFj.exe
MSConfigStartUp-Yahoo! Pager - c:\docume~1\Marika\MYDOCU~1\MICKSD~1\MESSEN~1\YAHOOM~1.EXE
AddRemove-e-tax 2005 - c:\documents and settings\Marika\Desktop\H-FILE\TAX JH 2005\etax2005\e-tax 2005_uninstall.exe
AddRemove-e-tax 2006 - c:\documents and settings\Marika\Desktop\H-FILE\JH TAX 2006\etax2006\e-tax 2006_uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-06 21:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????,?@?,?@?D??????w???????????????w,?@?,?@????? ???????????g??w???w???????w???wx??????????w???????? ??????????????|x???0???????????? st???w????????????????????b???????????,?@?,?@????????w????4?@?????,?@???@?,?@?3??s??????????????????????@?_??s??@???@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(776)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2011-04-06 21:24:06
ComboFix-quarantined-files.txt 2011-04-06 11:24
.
Pre-Run: 79,302,463,488 bytes free
Post-Run: 80,283,308,032 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9ECC9AFC798D268AFBB92F6A4A0D4751

Edited by JJJDH, 06 April 2011 - 06:42 AM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:28 AM

Posted 06 April 2011 - 08:44 AM

Hi,

how is your PC doing now?

reagrds myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 JJJDH

JJJDH
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 07 April 2011 - 05:01 AM

Hi Myrti,
Seems to be behaving itself, I've been online for about an hour and all is well, no re-directs yet and IE History is clear (apart from the sites I intended to visit).
Was the rootkit the problem?

I still see processes running in the task manager that seem suspicious, but probably just being paranoid now......


Justin

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:28 AM

Posted 07 April 2011 - 05:05 AM

Hi,

eys the rootkit causes multiple google redirects (and other search engines). Please run a scan with Eset to check for leftovers:
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

What processes are worrying you?
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 JJJDH

JJJDH
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 07 April 2011 - 07:18 AM

Hi Myrti,
Ran ESET and it found the following trojan:

C:\System Volume Information\_restore{C3711C7C-295E-49C0-9463-03C8403E6849}\RP1\A0000025.sys Win32/Olmasco.E trojan

Regarding the processes, it's probably lack of knowledge on my part thats causing anxiety.
I know a lot of the processes are legitimate - anti-virus, automatic updates, Java etc, but why are there 43 running when I've only got IE open and Antivir running in the background? Currently running is:
- iexplore.exe x 2 (one using 78,060K, the other 24,820K)
- explorer.exe (63,964K)x 1
- svhost.exe x 8
- smss.exe
- csrss.exe
- lsass.exe
and quite a few others.
(There are only 5 items ticked in MSCONFIG startup).
Is there a way to determine what all these processes are and control what runs?

Justin

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:28 AM

Posted 07 April 2011 - 07:59 AM

Hi,

iexplorer.exe is your internet explorer, starting with internet explorer 8 it will show roughly one running process per tab opened, so it is normal to see multiple entries for it.
explorer.exe is the program that you use to browse through your folders, it is also the programs that paints the taskbar and icons on your desktop.
smss, lsass and csrss are curcial windows components. you can find quite extensive articles on them on wikipedia.
svchost (and I sure hope you meant svchost and not svhost :wink:) is a "container file", it is basically a file through which others can be executed. It can also be found on wikipedia.

Most of the time you will find your answer on google, however keep in mind that C:\windows\explorer.exe and C:\explorer.exe running will both show as explorer.exe in your taskmanager. One of them is definitely good and one of them may be malware. Sites like neuber.com or processlibrary.com have a reasonably good resource on running processes, but you need to make sure you read the details closely and make sure that the folder they mention in their description matches the location your process is running from.

Could you please check your Adobe Reader install? You still have Adobe Reader 7 installed, which is no longer supported and updated by Adobe. Instead I'd advise to use Adobe Reader X or an alternative utility such as Foxit.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 JJJDH

JJJDH
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 07 April 2011 - 09:33 AM

Hi,
Thanks for the info. I've done a bit of research on the processes since my last post, so I'm not quite so worried anymore....

I've un-installed Adobe 7 and installed X.

Do I need to do anything with the trojan that ESET found?

Justin




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users