Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Windows Update - Google ReDirect


  • This topic is locked This topic is locked
64 replies to this topic

#1 hipfan

hipfan

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 26 April 2011 - 12:07 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic393182.html ~ OB

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by User at 12:16:26.75 on Tue 04/26/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.61 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\programs F\firefox.exe
F:\programs F\plugin-container.exe
C:\Documents and Settings\User\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.itsyourturn.com/iyt.dll?status??
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\iyp2l4n5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.itsyourturn.com/iyt.dll?status??|http://en.canoe.ca/home.html
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: f:\mozilla plugins\npitunes.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\programs f\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - f:\programs f\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-28 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-2 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-21 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
S2 gupdate1c9d0b3d32474f8;Google Update Service (gupdate1c9d0b3d32474f8);c:\program files\google\update\GoogleUpdate.exe [2009-5-9 133104]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-3-31 14336]
S3 otape;otape;\??\c:\docume~1\user\locals~1\temp\otape.sys --> c:\docume~1\user\locals~1\temp\otape.sys [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-1-4 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-1-4 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-1-4 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-1-4 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-1-4 25704]
.
=============== Created Last 30 ================
.
2011-04-26 14:17:43 -------- d-----w- c:\program files\ESET
2011-04-26 14:07:08 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2011-04-26 14:07:02 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2011-04-26 14:06:06 -------- d-sh--w- c:\documents and settings\user\IETldCache
2011-04-24 13:38:40 -------- d-----w- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2011-04-24 13:37:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-24 13:29:09 54016 ----a-w- c:\windows\system32\drivers\mqybv.sys
2011-04-24 02:53:02 54016 ----a-w- c:\windows\system32\drivers\ciovjutu.sys
2011-04-23 22:24:16 54016 ----a-w- c:\windows\system32\drivers\gpoluco.sys
2011-04-23 20:53:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-23 20:53:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-23 20:53:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-23 14:43:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-22 19:05:24 54016 ----a-w- c:\windows\system32\drivers\tkrekjh.sys
2011-04-21 14:16:39 -------- d-----w- c:\docume~1\user\applic~1\Yqqee
2011-04-21 14:16:39 -------- d-----w- c:\docume~1\user\applic~1\Qolaa
2011-04-21 09:51:36 54016 ----a-w- c:\windows\system32\drivers\xqdbmipk.sys
2011-04-20 23:10:42 -------- d-----w- c:\docume~1\user\applic~1\Malwarebytes
2011-04-20 23:06:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ------w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ------w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ------w- c:\windows\system32\html.iec
2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ------w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ------w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ------w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ------w- c:\windows\system32\mstsc.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDS722540VLAT20 rev.V31OA6MA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x832954F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8329b7d0]; MOV EAX, [0x8329b84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x83393AB8]
3 CLASSPNP[0xF86F6FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000059[0x83399C28]
5 ACPI[0xF866D620] -> nt!IofCallDriver[0x804E37D5] -> [0x83397940]
\Driver\atapi[0x8339A708] -> IRP_MJ_CREATE -> 0x832954F0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8329533B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:19:45.21 ===============

I will try to run the gmer.exe again.

I am trying to run gmer for the fourth time. The first time it went for hours listing hundreds and hundreds of temporary internet files.
Finally, I had to stop it and do a disc clean-up to get rid of them. Last night I let it go overnight but there was a "not enough memory" box up and I couldnt get it to restart. I did notice however hundreds and hundreds of temp internet files again.
I went and deleted a bunch of them and am running gmer again, but it is in the fourth hour and there are hundreds and hundreds of files listed. Is this how it's supposed to work?

I guess I should've editted my first post. Am I going to be bumped to the bottom of the line now that there is a reply here?

After 6 hours plus gmer stalled again..sheesh

Merged posts. Don't worry about GMER for now. ~ OB

Attached Files


Edited by Orange Blossom, 27 April 2011 - 04:10 PM.


BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:30 PM

Posted 29 April 2011 - 01:05 PM

Sorry about the delay, do you still need help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 hipfan

hipfan
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 29 April 2011 - 02:25 PM

yes yes, i am now stuck with no internet on the infected desktop.
Fixed internet, would you like me to redo any scans?

Edited by hipfan, 29 April 2011 - 05:17 PM.


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:30 PM

Posted 30 April 2011 - 12:00 AM

Let's begin, we need to see new log so please do the following.


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 hipfan

hipfan
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 30 April 2011 - 07:55 AM

OTL logfile created on: 4/30/2011 8:40:08 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 70.00 Mb Available Physical Memory | 14.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 19.39 Gb Free Space | 50.59% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 96.08 Gb Free Space | 98.38% Space Free | Partition Type: NTFS
Drive G: | 135.22 Gb Total Space | 45.49 Gb Free Space | 33.64% Space Free | Partition Type: NTFS

Computer Name: KELCO | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 08:38:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/04/30 08:35:19 | 000,016,856 | ---- | M] (Mozilla Corporation) -- F:\programs F\plugin-container.exe
PRC - [2011/04/30 08:35:17 | 000,912,344 | ---- | M] (Mozilla Corporation) -- F:\programs F\firefox.exe
PRC - [2010/11/24 09:08:33 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 08:17:11 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 19:00:02 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 18:59:58 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 18:59:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 08:38:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/07/17 18:59:58 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)


========== Driver Services (SafeList) ==========

DRV - [2010/07/17 19:00:04 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 18:59:52 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 09:19:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/01 11:40:42 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009/09/01 11:40:42 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009/09/01 11:40:42 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009/09/01 11:40:42 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009/09/01 11:40:42 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2003/12/11 09:50:00 | 000,070,894 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/11 09:50:00 | 000,051,582 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/12/11 09:50:00 | 000,037,916 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/11 09:50:00 | 000,025,630 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/02/11 14:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2003/01/10 14:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1343024091-1390067357-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1343024091-1390067357-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itsyourturn.com/iyt.dll?status??
IE - HKU\S-1-5-21-1343024091-1390067357-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKU\S-1-5-21-1343024091-1390067357-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1343024091-1390067357-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 1B 9B 42 6C C1 CB 01 [binary data]
IE - HKU\S-1-5-21-1343024091-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.itsyourturn.com/iyt.dll?status??|http://en.canoe.ca/home.html"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 09:13:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: F:\programs F\components [2011/04/30 08:35:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: F:\programs F\plugins [2011/04/30 08:35:22 | 000,000,000 | ---D | M]

[2009/06/15 08:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/05/09 10:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/06/15 08:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/29 17:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iyp2l4n5.default\extensions
[2010/04/27 16:46:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iyp2l4n5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2011/03/28 08:45:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iyp2l4n5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/13 15:06:51 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iyp2l4n5.default\extensions\en-CA@dictionaries.addons.mozilla.org
[2010/01/14 09:25:05 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iyp2l4n5.default\searchplugins\bing.xml
[2010/09/08 08:26:32 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iyp2l4n5.default\searchplugins\dictionary.xml
[2010/09/08 08:26:17 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iyp2l4n5.default\searchplugins\imdb.xml
[2011/04/26 13:11:15 | 000,002,543 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iyp2l4n5.default\searchplugins\kickasstorrents.xml
[2010/02/08 09:49:54 | 000,003,907 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iyp2l4n5.default\searchplugins\lyric-pickercom.xml
[2010/09/08 08:26:43 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iyp2l4n5.default\searchplugins\thepiratebayorg.xml
[2010/09/08 08:26:57 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iyp2l4n5.default\searchplugins\torrent-scan.xml
[2009/06/22 19:00:14 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iyp2l4n5.default\searchplugins\youtube-video-search.xml
[2010/11/24 09:13:40 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2010/03/07 17:02:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/06/23 16:07:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/03/07 17:03:03 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAMS F\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/04/29 15:26:14 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-1390067357-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/27 18:21:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/01/03 03:35:36 | 000,000,905 | R--- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [1995/06/23 01:49:32 | 000,036,864 | R--- | M] () - F:\autozoo.exe -- [ NTFS ]
O32 - AutoRun File - [1997/01/03 03:35:50 | 000,000,527 | R--- | M] () - F:\autozoo.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qpm.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qpm.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 08:38:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/04/29 17:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/29 17:27:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2011/04/29 17:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/28 08:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/04/28 08:19:05 | 003,614,768 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\User\My Documents\spsetup110.exe
[2011/04/26 13:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\gmer
[2011/04/26 10:07:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\PrivacIE
[2011/04/26 10:07:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\IECompatCache
[2011/04/26 10:06:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\IETldCache
[2011/04/25 12:30:25 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\User\My Documents\esetsmartinstaller_enu.exe
[2011/04/24 19:14:30 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2011/04/24 15:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/24 09:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2011/04/24 09:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/24 09:36:48 | 010,947,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\User\My Documents\SUPERAntiSpyware.exe
[2011/04/23 16:53:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/23 16:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/23 16:53:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/23 16:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/23 10:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/22 22:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/04/22 22:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/04/21 10:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Yqqee
[2011/04/21 10:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Qolaa
[2011/04/20 19:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/20 19:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/20 19:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2011/04/20 19:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/20 19:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/20 19:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/20 15:53:34 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/04/20 14:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/20 12:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/20 11:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/20 11:29:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[3 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 08:38:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/04/30 08:34:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/30 08:34:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/30 08:15:27 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/30 08:14:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 08:14:55 | 536,334,336 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/30 02:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/29 17:46:31 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\User\My Documents\esetsmartinstaller_enu.exe
[2011/04/29 17:29:41 | 000,334,986 | ---- | M] () -- C:\Documents and Settings\User\My Documents\cc_20110429_172918.reg
[2011/04/29 17:21:25 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/29 15:52:04 | 075,333,289 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/04/29 15:26:14 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/29 11:04:53 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/04/29 07:23:01 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ijdmpa.sys
[2011/04/29 06:21:53 | 000,012,182 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/28 21:20:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/28 08:33:19 | 000,008,883 | ---- | M] () -- C:\Documents and Settings\User\My Documents\KELCO snapshot.speccy
[2011/04/28 08:25:05 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/04/28 08:19:21 | 003,614,768 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\User\My Documents\spsetup110.exe
[2011/04/27 08:04:29 | 000,080,896 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/26 13:08:29 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\User\My Documents\gmer.zip
[2011/04/26 12:16:15 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\User\Desktop\dds.scr
[2011/04/26 12:11:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable
[2011/04/26 12:10:56 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Defogger.exe
[2011/04/26 08:45:29 | 000,099,137 | ---- | M] () -- C:\Documents and Settings\User\My Documents\processes.JPG
[2011/04/26 08:42:44 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\User\My Documents\processes.bmp
[2011/04/25 11:56:37 | 000,000,596 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2011/04/24 19:08:10 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2011/04/24 14:25:51 | 000,000,080 | ---- | M] () -- C:\WINDOWS\ka.ini
[2011/04/24 09:38:28 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/24 09:37:04 | 010,947,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\User\My Documents\SUPERAntiSpyware.exe
[2011/04/24 09:29:09 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\mqybv.sys
[2011/04/24 08:52:59 | 000,015,252 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2395203560
[2011/04/24 08:52:58 | 000,015,252 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\2395203560
[2011/04/24 08:52:18 | 000,015,260 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\594429988
[2011/04/24 08:52:18 | 000,015,260 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\594429988
[2011/04/24 08:52:16 | 000,015,248 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/04/24 08:48:22 | 000,015,260 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/04/23 22:53:02 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ciovjutu.sys
[2011/04/23 18:24:16 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\gpoluco.sys
[2011/04/23 18:23:04 | 000,014,522 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0p2qn556s0rgj5dd5gix5mv4o34sc6v01l
[2011/04/23 16:53:21 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/23 00:37:49 | 000,014,530 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\0p2qn556s0rgj5dd5gix5mv4o34sc6v01l
[2011/04/22 15:05:24 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\tkrekjh.sys
[2011/04/22 11:17:07 | 000,149,565 | ---- | M] () -- C:\Documents and Settings\User\My Documents\avon invoice 09 2011.htm
[2011/04/22 10:26:43 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/04/22 09:20:53 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/21 10:25:25 | 000,003,949 | ---- | M] () -- C:\Documents and Settings\User\My Documents\links.html
[2011/04/21 05:51:36 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\xqdbmipk.sys
[2011/04/21 05:38:36 | 000,011,434 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122
[2011/04/21 05:38:29 | 000,011,450 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122
[2011/04/21 05:37:23 | 000,011,454 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4116085035
[2011/04/21 05:37:23 | 000,011,454 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\3441703366
[2011/04/21 05:37:09 | 000,011,438 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\4116085035
[2011/04/21 05:36:54 | 000,011,442 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3441703366
[2011/04/14 12:40:50 | 000,482,688 | ---- | M] () -- C:\Documents and Settings\User\My Documents\vessel license.jpg
[2011/04/14 03:36:11 | 000,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 03:15:22 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/14 03:15:22 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/12 23:55:11 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\defrag.job
[2011/04/09 18:38:04 | 003,960,921 | ---- | M] () -- C:\Documents and Settings\User\My Documents\008.JPG
[2011/04/09 18:37:36 | 003,821,546 | ---- | M] () -- C:\Documents and Settings\User\My Documents\007.JPG
[2011/04/09 18:37:24 | 003,951,100 | ---- | M] () -- C:\Documents and Settings\User\My Documents\006.JPG
[2011/04/09 18:36:50 | 003,957,187 | ---- | M] () -- C:\Documents and Settings\User\My Documents\005.JPG
[2011/04/09 18:35:42 | 003,888,147 | ---- | M] () -- C:\Documents and Settings\User\My Documents\004.JPG
[2011/04/09 18:35:32 | 003,954,876 | ---- | M] () -- C:\Documents and Settings\User\My Documents\003.JPG
[2011/04/09 18:35:22 | 003,939,508 | ---- | M] () -- C:\Documents and Settings\User\My Documents\002.JPG
[2011/04/09 18:34:56 | 003,879,528 | ---- | M] () -- C:\Documents and Settings\User\My Documents\001.JPG
[2011/04/08 22:22:56 | 003,983,555 | ---- | M] () -- C:\Documents and Settings\User\My Documents\053.JPG
[2011/04/08 22:22:20 | 003,946,133 | ---- | M] () -- C:\Documents and Settings\User\My Documents\052.JPG
[2011/04/08 22:22:06 | 003,928,767 | ---- | M] () -- C:\Documents and Settings\User\My Documents\051.JPG
[2011/04/08 22:20:58 | 004,104,500 | ---- | M] () -- C:\Documents and Settings\User\My Documents\050.JPG
[2011/04/08 22:20:40 | 003,941,463 | ---- | M] () -- C:\Documents and Settings\User\My Documents\049.JPG
[2011/04/08 22:19:40 | 003,960,333 | ---- | M] () -- C:\Documents and Settings\User\My Documents\048.JPG
[2011/04/08 22:19:22 | 004,027,812 | ---- | M] () -- C:\Documents and Settings\User\My Documents\047.JPG
[2011/04/08 22:18:48 | 004,053,749 | ---- | M] () -- C:\Documents and Settings\User\My Documents\046.JPG
[2011/04/08 22:18:22 | 003,960,717 | ---- | M] () -- C:\Documents and Settings\User\My Documents\045.JPG
[2011/04/08 22:17:42 | 004,061,970 | ---- | M] () -- C:\Documents and Settings\User\My Documents\044.JPG
[2011/04/08 22:17:22 | 004,025,746 | ---- | M] () -- C:\Documents and Settings\User\My Documents\043.JPG
[2011/04/08 22:17:00 | 004,024,774 | ---- | M] () -- C:\Documents and Settings\User\My Documents\042.JPG
[2011/04/08 22:16:52 | 004,075,722 | ---- | M] () -- C:\Documents and Settings\User\My Documents\041.JPG
[2011/04/08 22:16:16 | 004,034,091 | ---- | M] () -- C:\Documents and Settings\User\My Documents\040.JPG
[2011/04/08 22:15:52 | 004,050,151 | ---- | M] () -- C:\Documents and Settings\User\My Documents\039.JPG
[2011/04/08 15:09:36 | 001,206,178 | ---- | M] () -- C:\Documents and Settings\User\My Documents\pleasure craft license.pdf
[2011/04/08 13:21:31 | 000,139,605 | ---- | M] () -- C:\Documents and Settings\User\My Documents\avon invoice 08 2011.htm
[2011/04/07 20:20:47 | 000,001,138 | ---- | M] () -- C:\Documents and Settings\User\My Documents\new boat.jpeg
[2011/04/06 07:22:02 | 000,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/04 10:19:02 | 004,010,579 | ---- | M] () -- C:\Documents and Settings\User\My Documents\038.JPG
[2011/04/04 10:18:54 | 003,911,647 | ---- | M] () -- C:\Documents and Settings\User\My Documents\037.JPG
[2011/04/01 19:22:58 | 000,042,519 | ---- | M] () -- C:\Documents and Settings\User\My Documents\map2.JPG
[2011/04/01 19:21:54 | 000,025,831 | ---- | M] () -- C:\Documents and Settings\User\My Documents\map.JPG
[2011/04/01 19:15:14 | 000,099,397 | ---- | M] () -- C:\Documents and Settings\User\My Documents\maps2.htm
[2011/04/01 19:14:07 | 000,102,053 | ---- | M] () -- C:\Documents and Settings\User\My Documents\maps.htm
[3 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/29 17:29:23 | 000,334,986 | ---- | C] () -- C:\Documents and Settings\User\My Documents\cc_20110429_172918.reg
[2011/04/29 17:21:24 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/29 11:05:57 | 536,334,336 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/29 07:23:01 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ijdmpa.sys
[2011/04/28 21:23:49 | 000,012,182 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/28 20:59:13 | 000,012,186 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/28 20:59:13 | 000,012,182 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/28 08:33:19 | 000,008,883 | ---- | C] () -- C:\Documents and Settings\User\My Documents\KELCO snapshot.speccy
[2011/04/28 08:25:05 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/04/26 13:08:26 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\User\My Documents\gmer.zip
[2011/04/26 12:16:10 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\User\Desktop\dds.scr
[2011/04/26 12:11:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable
[2011/04/26 12:10:55 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Defogger.exe
[2011/04/26 08:45:29 | 000,099,137 | ---- | C] () -- C:\Documents and Settings\User\My Documents\processes.JPG
[2011/04/26 08:42:44 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\User\My Documents\processes.bmp
[2011/04/24 09:38:28 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/24 09:29:09 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mqybv.sys
[2011/04/24 06:50:05 | 000,015,260 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\594429988
[2011/04/24 06:50:05 | 000,015,260 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\594429988
[2011/04/24 06:50:05 | 000,015,252 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\2395203560
[2011/04/24 06:50:05 | 000,015,252 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2395203560
[2011/04/24 06:46:11 | 000,015,260 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/04/23 23:41:03 | 000,015,260 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/04/23 23:41:03 | 000,015,248 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/04/23 22:53:02 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ciovjutu.sys
[2011/04/23 18:24:16 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\gpoluco.sys
[2011/04/23 16:53:21 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/22 20:26:52 | 000,014,530 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\0p2qn556s0rgj5dd5gix5mv4o34sc6v01l
[2011/04/22 20:26:52 | 000,014,522 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0p2qn556s0rgj5dd5gix5mv4o34sc6v01l
[2011/04/22 15:05:24 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\tkrekjh.sys
[2011/04/22 11:17:02 | 000,149,565 | ---- | C] () -- C:\Documents and Settings\User\My Documents\avon invoice 09 2011.htm
[2011/04/21 05:51:36 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\xqdbmipk.sys
[2011/04/20 16:34:48 | 000,011,450 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122
[2011/04/20 15:12:04 | 000,011,454 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\3441703366
[2011/04/20 15:10:35 | 000,011,442 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3441703366
[2011/04/20 15:10:35 | 000,011,438 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\4116085035
[2011/04/20 15:06:13 | 000,011,454 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4116085035
[2011/04/20 15:06:13 | 000,011,434 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122
[2011/04/20 14:56:40 | 000,011,450 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122
[2011/04/20 14:56:40 | 000,011,414 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122
[2011/04/14 12:40:40 | 000,482,688 | ---- | C] () -- C:\Documents and Settings\User\My Documents\vessel license.jpg
[2011/04/09 16:23:51 | 003,957,187 | ---- | C] () -- C:\Documents and Settings\User\My Documents\005.JPG
[2011/04/09 16:23:50 | 003,888,147 | ---- | C] () -- C:\Documents and Settings\User\My Documents\004.JPG
[2011/04/09 16:23:48 | 003,954,876 | ---- | C] () -- C:\Documents and Settings\User\My Documents\003.JPG
[2011/04/09 16:23:47 | 003,939,508 | ---- | C] () -- C:\Documents and Settings\User\My Documents\002.JPG
[2011/04/09 16:23:45 | 003,879,528 | ---- | C] () -- C:\Documents and Settings\User\My Documents\001.JPG
[2011/04/09 16:23:44 | 003,960,921 | ---- | C] () -- C:\Documents and Settings\User\My Documents\008.JPG
[2011/04/09 16:23:43 | 003,821,546 | ---- | C] () -- C:\Documents and Settings\User\My Documents\007.JPG
[2011/04/09 16:23:41 | 003,951,100 | ---- | C] () -- C:\Documents and Settings\User\My Documents\006.JPG
[2011/04/08 20:02:53 | 004,024,774 | ---- | C] () -- C:\Documents and Settings\User\My Documents\042.JPG
[2011/04/08 20:02:52 | 004,075,722 | ---- | C] () -- C:\Documents and Settings\User\My Documents\041.JPG
[2011/04/08 20:02:50 | 004,034,091 | ---- | C] () -- C:\Documents and Settings\User\My Documents\040.JPG
[2011/04/08 20:02:48 | 004,050,151 | ---- | C] () -- C:\Documents and Settings\User\My Documents\039.JPG
[2011/04/08 20:02:46 | 004,010,579 | ---- | C] () -- C:\Documents and Settings\User\My Documents\038.JPG
[2011/04/08 20:02:44 | 003,911,647 | ---- | C] () -- C:\Documents and Settings\User\My Documents\037.JPG
[2011/04/08 20:02:42 | 003,983,555 | ---- | C] () -- C:\Documents and Settings\User\My Documents\053.JPG
[2011/04/08 20:02:41 | 003,946,133 | ---- | C] () -- C:\Documents and Settings\User\My Documents\052.JPG
[2011/04/08 20:02:39 | 003,928,767 | ---- | C] () -- C:\Documents and Settings\User\My Documents\051.JPG
[2011/04/08 20:02:37 | 004,104,500 | ---- | C] () -- C:\Documents and Settings\User\My Documents\050.JPG
[2011/04/08 20:02:36 | 003,941,463 | ---- | C] () -- C:\Documents and Settings\User\My Documents\049.JPG
[2011/04/08 20:02:34 | 003,960,333 | ---- | C] () -- C:\Documents and Settings\User\My Documents\048.JPG
[2011/04/08 20:02:33 | 004,027,812 | ---- | C] () -- C:\Documents and Settings\User\My Documents\047.JPG
[2011/04/08 20:02:31 | 004,053,749 | ---- | C] () -- C:\Documents and Settings\User\My Documents\046.JPG
[2011/04/08 20:02:29 | 003,960,717 | ---- | C] () -- C:\Documents and Settings\User\My Documents\045.JPG
[2011/04/08 20:02:28 | 004,061,970 | ---- | C] () -- C:\Documents and Settings\User\My Documents\044.JPG
[2011/04/08 20:02:26 | 004,025,746 | ---- | C] () -- C:\Documents and Settings\User\My Documents\043.JPG
[2011/04/08 15:09:36 | 001,206,178 | ---- | C] () -- C:\Documents and Settings\User\My Documents\pleasure craft license.pdf
[2011/04/08 13:21:27 | 000,139,605 | ---- | C] () -- C:\Documents and Settings\User\My Documents\avon invoice 08 2011.htm
[2011/04/07 20:20:45 | 000,001,138 | ---- | C] () -- C:\Documents and Settings\User\My Documents\new boat.jpeg
[2011/04/01 19:22:58 | 000,042,519 | ---- | C] () -- C:\Documents and Settings\User\My Documents\map2.JPG
[2011/04/01 19:21:53 | 000,025,831 | ---- | C] () -- C:\Documents and Settings\User\My Documents\map.JPG
[2011/04/01 19:15:14 | 000,099,397 | ---- | C] () -- C:\Documents and Settings\User\My Documents\maps2.htm
[2011/04/01 19:14:05 | 000,102,053 | ---- | C] () -- C:\Documents and Settings\User\My Documents\maps.htm
[2010/01/11 17:00:02 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\User\Application Data\usb.inf
[2009/10/12 18:38:37 | 000,018,768 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/24 14:51:13 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2009/05/14 12:37:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/29 17:14:17 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/10/29 17:13:05 | 000,002,552 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2008/05/24 22:09:30 | 000,000,437 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2008/05/16 10:18:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/03/21 15:25:03 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/02/12 12:17:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/01/20 20:32:30 | 000,002,284 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/01/19 11:55:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/01/17 16:44:08 | 000,000,080 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/01/09 15:22:22 | 000,003,372 | ---- | C] () -- C:\Program Files\My_Chemical_Romance_Teenagers__2007_192k_-_{{{-_SeedPeer.Com_-}}}.torrent
[2008/01/07 22:47:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/07 22:24:44 | 000,041,593 | ---- | C] () -- C:\Program Files\Microsoft_Office_2007_Enterprise_Edition_[mininova].torrent
[2008/01/07 14:17:03 | 000,000,596 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/01/05 19:31:21 | 001,104,368 | ---- | C] () -- C:\Program Files\C855 User's Guide.pdf
[2008/01/05 16:03:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/05 16:03:45 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/05 11:02:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2008/01/05 11:02:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2008/01/05 00:29:29 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/01/05 00:14:55 | 000,025,394 | ---- | C] () -- C:\Program Files\Ulead[1].Photo.Explorer.8.6[www.funfile.org] [mininova].torrent
[2008/01/04 20:04:06 | 000,001,210 | ---- | C] () -- C:\Program Files\winrar latest stable version (3[1].62) with working crack [mininova].torrent
[2008/01/04 19:42:39 | 000,005,654 | ---- | C] () -- C:\Program Files\Jigsaw Puzzle Platinum Edition & New Cartoon puzzles[1].rar [mininova].torrent
[2008/01/04 19:33:58 | 000,010,873 | ---- | C] () -- C:\Program Files\Jigsaw_Puzzle_Platinum_Edition_(Full_Version)_+_New_Cartoon_puzzles { www[2].IPTorrents.com } [mininova].torrent
[2008/01/04 16:54:01 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/01/02 07:32:15 | 000,000,798 | ---- | C] () -- C:\Program Files\SpyBot Search and Destroy [mininova].torrent
[2008/01/02 07:26:23 | 000,010,205 | ---- | C] () -- C:\Program Files\AVGFreeAntiVirus7[1].5.503.1205.zip [mininova].torrent
[2007/12/27 18:37:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/12/27 18:24:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/12/27 18:18:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/12/27 10:12:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/12/27 10:11:01 | 000,118,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/31 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 15:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 15:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/28 10:26:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2003/03/28 10:17:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2002/11/13 12:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 08:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2002/05/28 14:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 14:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/01/19 12:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[1999/01/22 06:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13

< End of report >



OTL Extras logfile created on: 4/30/2011 8:40:08 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 70.00 Mb Available Physical Memory | 14.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 19.39 Gb Free Space | 50.59% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 96.08 Gb Free Space | 98.38% Space Free | Partition Type: NTFS
Drive G: | 135.22 Gb Total Space | 45.49 Gb Free Space | 33.64% Space Free | Partition Type: NTFS

Computer Name: KELCO | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qpm.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qpm.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-1343024091-1390067357-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\programs F\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"14532:TCP" = 14532:TCP:*:Enabled:limewire
"14532:UDP" = 14532:UDP:*:Enabled:limewire2
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\programs F\LimeWire\LimeWire.exe" = F:\programs F\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater
"C:\WINDOWS\LMI7F.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI7F.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup
"F:\Media Converter Ultimate\DMCUltimate.exe" = F:\Media Converter Ultimate\DMCUltimate.exe:*:Disabled:Daniusoft Media Converter Ultimate
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"F:\iTunes.exe" = F:\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.3.7-beta20090906
"{1B92F80C-9EA2-4AA3-A94A-B18571AE23D4}" = MapSource - MetroGuide Canada v4
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.80
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A556A5AD-2A0D-48ED-A8E8-EA524CA0D366}_is1" = LyricsFetcher v0.5.1
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG Free 9.0
"Blue's Treasure Hunt" = Blue's Treasure Hunt
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"Disk Space Fan_is1" = Disk Space Fan 1.4.2.796
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"ESET Online Scanner" = ESET Online Scanner v3
"Freddi Fish The Case of the Haunted Schoolhouse" = Freddi Fish The Case of the Haunted Schoolhouse
"Google Updater" = Google Updater
"Handbrake" = Handbrake 0.9.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1B92F80C-9EA2-4AA3-A94A-B18571AE23D4}" = MapSource - MetroGuide Canada v4
"Jigsaw Puzzle Platinum Edition" = Jigsaw Puzzle Platinum Edition
"Lexmark X1100 Series" = Lexmark X1100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PROSet" = Intel® PRO Network Connections Drivers
"Speccy" = Speccy
"SystemRequirementsLab" = System Requirements Lab
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 4/29/2011 11:01:32 AM | Computer Name = KELCO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/29/2011 11:03:23 AM | Computer Name = KELCO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/29/2011 11:03:32 AM | Computer Name = KELCO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/29/2011 11:03:34 AM | Computer Name = KELCO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/29/2011 11:04:57 AM | Computer Name = KELCO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/29/2011 5:15:31 PM | Computer Name = KELCO | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

Error - 4/30/2011 2:23:01 AM | Computer Name = KELCO | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 4/30/2011 3:23:02 AM | Computer Name = KELCO | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 4/30/2011 4:23:03 AM | Computer Name = KELCO | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 4/30/2011 5:23:04 AM | Computer Name = KELCO | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.


< End of report >

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:30 PM

Posted 30 April 2011 - 09:06 AM

Do you know what is this? -> F:\autozoo.exe


P2P Warning:

LimeWire

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


===============================


Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qpm.exe" -a "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qpm.exe" -a "%1" %*
    [2011/04/21 10:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Yqqee
    [2011/04/21 10:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Qolaa
    [2011/04/29 07:23:01 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ijdmpa.sys
    [2011/04/29 06:21:53 | 000,012,182 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
    [2011/04/24 14:25:51 | 000,000,080 | ---- | M] () -- C:\WINDOWS\ka.ini
    [2011/04/24 09:29:09 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\mqybv.sys
    [2011/04/24 08:52:59 | 000,015,252 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2395203560
    [2011/04/24 08:52:58 | 000,015,252 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\2395203560
    [2011/04/24 08:52:18 | 000,015,260 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\594429988
    [2011/04/24 08:52:18 | 000,015,260 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\594429988
    [2011/04/24 08:52:16 | 000,015,248 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\58bx7eu82nw807u43225osy0i56032q6uj62
    [2011/04/24 08:48:22 | 000,015,260 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\58bx7eu82nw807u43225osy0i56032q6uj62
    [2011/04/23 22:53:02 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ciovjutu.sys
    [2011/04/23 18:24:16 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\gpoluco.sys
    [2011/04/23 18:23:04 | 000,014,522 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0p2qn556s0rgj5dd5gix5mv4o34sc6v01l
    [2011/04/23 00:37:49 | 000,014,530 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\0p2qn556s0rgj5dd5gix5mv4o34sc6v01l
    [2011/04/22 15:05:24 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\tkrekjh.sys
    [2011/04/21 05:51:36 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\xqdbmipk.sys
    [2011/04/21 05:38:36 | 000,011,434 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122
    [2011/04/21 05:38:29 | 000,011,450 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122
    [2011/04/21 05:37:23 | 000,011,454 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4116085035
    [2011/04/21 05:37:23 | 000,011,454 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\3441703366
    [2011/04/21 05:37:09 | 000,011,438 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\4116085035
    [2011/04/21 05:36:54 | 000,011,442 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3441703366
    [2011/04/29 07:23:01 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ijdmpa.sys
    [2011/04/28 21:23:49 | 000,012,182 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
    [2011/04/28 20:59:13 | 000,012,186 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
    [2011/04/28 20:59:13 | 000,012,182 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride"=-
    "FirewallOverride"=-
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 hipfan

hipfan
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 30 April 2011 - 09:43 AM

Could it be part of "putt putt saves the zoo"?

Also, I thought I had expunged all of the limewire stuff awhile ago. The site shut down months ago.

Do you have any idea how I picked this up?

Do I look clean?
Should I update windows and turn on the AVG? Is there a better free anti-virus? Should I use windows defender?

Would you like me to stop with the questions?


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\User\Application Data\Yqqee folder moved successfully.
C:\Documents and Settings\User\Application Data\Qolaa folder moved successfully.
C:\WINDOWS\system32\drivers\ijdmpa.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4 moved successfully.
C:\WINDOWS\ka.ini moved successfully.
C:\WINDOWS\system32\drivers\mqybv.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\2395203560 moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\2395203560 moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\594429988 moved successfully.
C:\Documents and Settings\All Users\Application Data\594429988 moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\58bx7eu82nw807u43225osy0i56032q6uj62 moved successfully.
C:\Documents and Settings\All Users\Application Data\58bx7eu82nw807u43225osy0i56032q6uj62 moved successfully.
C:\WINDOWS\system32\drivers\ciovjutu.sys moved successfully.
C:\WINDOWS\system32\drivers\gpoluco.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\0p2qn556s0rgj5dd5gix5mv4o34sc6v01l moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\0p2qn556s0rgj5dd5gix5mv4o34sc6v01l moved successfully.
C:\WINDOWS\system32\drivers\tkrekjh.sys moved successfully.
C:\WINDOWS\system32\drivers\xqdbmipk.sys moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122 moved successfully.
C:\Documents and Settings\All Users\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122 moved successfully.
C:\Documents and Settings\All Users\Application Data\4116085035 moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\3441703366 moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\4116085035 moved successfully.
C:\Documents and Settings\All Users\Application Data\3441703366 moved successfully.
File C:\WINDOWS\System32\drivers\ijdmpa.sys not found.
C:\Documents and Settings\LocalService\Local Settings\Application Data\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4 moved successfully.
File C:\Documents and Settings\All Users\Application Data\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4 not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 89676548 bytes
->Temporary Internet Files folder emptied: 1628267 bytes
->FireFox cache emptied: 3658422 bytes
->Flash cache emptied: 41 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2179474 bytes
->Java cache emptied: 19087 bytes
->Flash cache emptied: 4888 bytes

User: NetworkService
->Temp folder emptied: 970 bytes
->Temporary Internet Files folder emptied: 194708591 bytes
->Java cache emptied: 38952 bytes
->Flash cache emptied: 32221 bytes

User: tractor

User: User
->Temp folder emptied: 79733998 bytes
->Temporary Internet Files folder emptied: 2589074 bytes
->Java cache emptied: 27276032 bytes
->FireFox cache emptied: 62158596 bytes
->Apple Safari cache emptied: 5244928 bytes
->Flash cache emptied: 12670 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11089033 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 38896318 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 457488 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 495.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04302011_101051

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:30 PM

Posted 30 April 2011 - 09:55 AM

You can ask any questions as long as it's related to this topic.

Yes, the computer is infected and considering the fact that I saw some torrent files on your log, I have a strong feeling that you got infected by using P2P program.


Should I update windows and turn on the AVG? Is there a better free anti-virus? Should I use windows defender?

Let's discuss this later since we don't want to make any changes right now except for removing the malwares.


===========================


1. Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:

    F:\autozoo.exe

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.



2. We need to remove AVG because it's conflicting with ComboFix. Uninstall it then follow the instructions below.

Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 hipfan

hipfan
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 30 April 2011 - 10:10 AM

VirSCAN.org Scanned Report :
Scanned time : 2011/04/30 09:58:40 (CDT)
Scanner results: Scanners did not find malware!
File Name : autozoo.exe
File Size : 36864 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 296f7c05c77f9f4cd20d1b457fb2bdec
SHA1 : c9161c7d1e87906dd1d7462cf44b25f380ca1e1a
Online report : http://virscan.org/report/bfab1929beabcaa4de3ae3c2b3fe7d4b.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110430035423 2011-04-30 23.68 -
AhnLab V3 2011.04.30.00 2011.04.30 2011-04-30 40.09 -
AntiVir 8.2.4.224 7.11.7.91 2011-04-30 0.27 -
Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
Arcavir 2011 201103241627 2011-03-24 0.13 -
Authentium 5.1.1 201104292238 2011-04-29 1.53 -
AVAST! 4.7.4 110430-0 2011-04-30 0.01 -
AVG 8.5.850 271.1.1/3606 2011-04-30 0.26 -
BitDefender 7.90123.7189775 7.37300 2011-04-30 6.12 -
ClamAV 0.96.5 13025 2011-04-30 0.02 -
Comodo 4.0 8522 2011-04-29 40.09 -
CP Secure 1.3.0.5 2011.04.30 2011-04-30 0.06 -
Dr.Web 5.0.2.3300 2011.04.30 2011-04-30 13.20 -
F-Prot 4.4.4.56 20110430 2011-04-30 3.09 -
F-Secure 7.02.73807 2011.04.30.02 2011-04-30 14.48 -
Fortinet 4.2.257 13.163 2011-04-29 40.09 -
GData 22.196/22.68 20110430 2011-04-30 19.51 -
ViRobot 20110429 2011.04.29 2011-04-29 1.02 -
Ikarus T3.1.32.20.0 2011.04.30.78287 2011-04-30 4.84 -
JiangMin 13.0.900 2011.04.28 2011-04-28 3.88 -
Kaspersky 5.5.10 2011.04.30 2011-04-30 0.11 -
KingSoft 2009.2.5.15 2011.4.30.9 2011-04-30 24.52 -
McAfee 5400.1158 6320 2011-04-18 8.69 -
Microsoft 1.6802 2011.04.30 2011-04-30 40.09 -
NOD32 3.0.21 6083 2011-04-30 0.02 -
Norman 6.07.08 6.07.00 2011-04-29 14.02 -
Panda 9.05.01 2011.04.28 2011-04-28 40.09 -
Trend Micro 9.200-1012 8.128.05 2011-04-30 0.04 -
Quick Heal 11.00 2011.04.30 2011-04-30 40.13 -
Rising 20.0 23.55.04.03 2011-04-29 40.16 -
Sophos 3.18.0 4.64 2011-04-30 3.68 -
Sunbelt 3.9.2491.2 9158 2011-04-29 40.10 -
Symantec 1.3.0.24 20110429.002 2011-04-29 0.05 -
nProtect 20110429.01 3415799 2011-04-29 40.12 -
The Hacker 6.7.0.1 v00176 2011-04-18 40.09 -
VBA32 3.12.16.0 20110428.2016 2011-04-28 4.08 -
VirusBuster 5.2.0.28 13.6.329.0/50970382011-04-30 0.00 -

#10 hipfan

hipfan
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 30 April 2011 - 10:44 AM

Combofix won't run. It is downloaded to desktop. When I double click the "run or cancel" box comes up and I choose run....then nothing.
AVG is uninstalled from the "add remove programs" and I shut down the windows firewall just in case that was the problem.

#11 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:30 PM

Posted 30 April 2011 - 10:59 AM

Please reboot your computer in "Safe mode with networking", and run it from there. Kindly monitor it while running and when Combofix reboots the computer... make sure to boot it again in safe mode to complete the process.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#12 hipfan

hipfan
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 30 April 2011 - 11:08 AM

Sorry, I changed the name on the desktop to combofix.com and it ran.
Also it said there was an update to a newer version and I said no.

#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:30 PM

Posted 30 April 2011 - 11:11 AM

Is it running now? If yes then please let it run uninterrupted.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#14 hipfan

hipfan
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 30 April 2011 - 11:27 AM

Yes, it is running. It set up a recovery console, ran through a bunch of stages and it is now preparing a report (for a few minutes now). Quite a few minutes. Normal?

#15 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:30 PM

Posted 30 April 2011 - 11:30 AM

Yes.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users