Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! There's something wrong with my computer.


  • This topic is locked This topic is locked
17 replies to this topic

#1 cyprus1

cyprus1

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 26 April 2011 - 11:20 PM

Help! There's something wrong with my computer. I can't really explain it but it's been acting funny, for instance, when I click on anything that has the "#" sign, random numbers come up. Or I would shut down the computer and it says that "D3D9 Window" is closing too and I have no idea what that program is.So I tried to do a system restore and the computer won't allow me to do so. That's the first time that's ever happen so I know something is wrong. If someone can help, I'd really appreciate it. Here are the logs:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 20:08:36.04 on Tue 04/26/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.190 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\dlbucoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Owner\My Documents\firefox.exe
C:\Documents and Settings\Owner\My Documents\plugin-container.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\documents and settings\owner\desktop\keyscrambler\KeyScramblerIE.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [pdfSaver3] "c:\program files\pdf\pdfsaver\pdfSaver3.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless 150 USB Adapter DWA-125] c:\program files\d-link\dwa-125 reva\AirGCFG.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [602PC SUITE PDF Saver] "c:\program files\common files\soft602\pdfSaver.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DLBUCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBUtime.dll,_RunDLLEntry@16
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\documents and settings\owner\desktop\keyscrambler\KeyScramblerIE.dll
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\n5imuxno.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c3ad60e&v=6.103.018.001&i=26&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\n5imuxno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\n5imuxno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\n5imuxno.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\owner\desktop\plugins\np_gp.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\owner\my documents\plugins\npdeployJava1.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-15 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-15 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-26 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2010-6-6 147456]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-26 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-26 308136]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-12-8 114952]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-7 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-7-12 517448]
S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\s.a.d\cyberghost vpn\CGVPNCliService.exe [2010-8-7 2421384]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-6-6 715520]
.
=============== Created Last 30 ================
.
2011-03-30 04:51:39 -------- d-----w- c:\docume~1\owner\applic~1\S.A.D
.
==================== Find3M ====================
.
.
============= FINISH: 20:10:02.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:47 PM

Posted 04 May 2011 - 06:49 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 cyprus1

cyprus1
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 04 May 2011 - 10:57 PM

Hello MOle. Thank you so much for your reply.I'm pretty sure at this point that my computer is infected even though anti-spyware and malware scans are "normal".So if you can help me I'd really appreciate it. Thanks again=)

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:47 PM

Posted 05 May 2011 - 02:31 PM

The d3d9 window could be related to gamer hacks. Is that something you might do?

Gmer does show something which I am going to check first

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 cyprus1

cyprus1
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 05 May 2011 - 06:33 PM

Hello MOle,

I did as you advised and strangely, as the program was running, there was a "AVG" message asking to reboot the computer. The scan detected nothing though. As for gamer hacks gmer, I have no idea how I managed to get it. Here's the report:

2011/05/05 16:25:06.0734 4004 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/05 16:25:08.0812 4004 ================================================================================
2011/05/05 16:25:08.0812 4004 SystemInfo:
2011/05/05 16:25:08.0812 4004
2011/05/05 16:25:08.0812 4004 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/05 16:25:08.0812 4004 Product type: Workstation
2011/05/05 16:25:08.0859 4004 ComputerName: LISA
2011/05/05 16:25:08.0984 4004 UserName: Owner
2011/05/05 16:25:08.0984 4004 Windows directory: C:\WINDOWS
2011/05/05 16:25:08.0984 4004 System windows directory: C:\WINDOWS
2011/05/05 16:25:08.0984 4004 Processor architecture: Intel x86
2011/05/05 16:25:08.0984 4004 Number of processors: 1
2011/05/05 16:25:08.0984 4004 Page size: 0x1000
2011/05/05 16:25:08.0984 4004 Boot type: Normal boot
2011/05/05 16:25:08.0984 4004 ================================================================================
2011/05/05 16:25:11.0093 4004 Initialize success
2011/05/05 16:25:24.0734 2636 ================================================================================
2011/05/05 16:25:24.0734 2636 Scan started
2011/05/05 16:25:24.0734 2636 Mode: Manual;
2011/05/05 16:25:24.0734 2636 ================================================================================
2011/05/05 16:25:31.0203 2636 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/05 16:25:33.0046 2636 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/05 16:25:34.0906 2636 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/05/05 16:25:36.0406 2636 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/05 16:25:40.0734 2636 ANIO (2953a157a783bfc06f42f99fefa5eb07) C:\WINDOWS\system32\ANIO.SYS
2011/05/05 16:25:43.0031 2636 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/05 16:25:43.0984 2636 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/05 16:25:45.0000 2636 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/05 16:25:45.0578 2636 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/05 16:25:46.0609 2636 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2011/05/05 16:25:47.0046 2636 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2011/05/05 16:25:47.0500 2636 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
2011/05/05 16:25:48.0156 2636 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/05 16:25:48.0609 2636 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/05 16:25:49.0453 2636 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/05 16:25:49.0875 2636 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/05 16:25:50.0484 2636 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/05 16:25:52.0187 2636 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/05 16:25:52.0953 2636 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/05 16:25:53.0843 2636 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/05 16:25:54.0421 2636 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/05 16:25:55.0015 2636 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/05 16:25:55.0781 2636 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/05 16:25:56.0390 2636 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/05 16:25:56.0875 2636 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/05 16:25:57.0265 2636 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/05 16:25:57.0656 2636 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/05 16:25:58.0015 2636 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/05 16:25:58.0390 2636 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/05 16:25:58.0781 2636 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/05 16:25:59.0171 2636 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/05 16:25:59.0515 2636 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/05 16:25:59.0921 2636 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/05 16:26:00.0703 2636 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/05 16:26:02.0203 2636 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/05 16:26:03.0203 2636 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/05 16:26:04.0421 2636 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/05 16:26:05.0328 2636 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/05 16:26:05.0890 2636 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/05 16:26:06.0390 2636 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/05 16:26:06.0781 2636 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/05 16:26:07.0218 2636 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/05 16:26:07.0765 2636 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/05 16:26:08.0343 2636 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/05 16:26:08.0843 2636 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/05 16:26:09.0421 2636 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/05 16:26:09.0921 2636 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/05 16:26:10.0421 2636 KeyScrambler (75c3aca076eba5a676e3552085545f21) C:\WINDOWS\system32\drivers\keyscrambler.sys
2011/05/05 16:26:11.0171 2636 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/05 16:26:11.0687 2636 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/05 16:26:12.0609 2636 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/05 16:26:13.0203 2636 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/05 16:26:13.0640 2636 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/05 16:26:14.0125 2636 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/05 16:26:14.0562 2636 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/05 16:26:15.0390 2636 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/05 16:26:16.0265 2636 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/05 16:26:17.0109 2636 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/05 16:26:17.0671 2636 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/05 16:26:18.0234 2636 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/05 16:26:18.0718 2636 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/05 16:26:19.0296 2636 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/05 16:26:19.0906 2636 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/05 16:26:20.0937 2636 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/05 16:26:21.0734 2636 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/05 16:26:22.0515 2636 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/05 16:26:23.0218 2636 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/05 16:26:23.0750 2636 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/05 16:26:24.0359 2636 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/05 16:26:25.0062 2636 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/05 16:26:25.0843 2636 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/05 16:26:26.0515 2636 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/05 16:26:27.0453 2636 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/05 16:26:28.0046 2636 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/05 16:26:28.0531 2636 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/05 16:26:29.0062 2636 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/05 16:26:29.0687 2636 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/05 16:26:30.0234 2636 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/05 16:26:30.0734 2636 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/05 16:26:31.0734 2636 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/05 16:26:32.0265 2636 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/05 16:26:35.0703 2636 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/05 16:26:36.0390 2636 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/05 16:26:37.0281 2636 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/05 16:26:39.0796 2636 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/05 16:26:40.0437 2636 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/05 16:26:40.0953 2636 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/05 16:26:41.0500 2636 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/05 16:26:42.0109 2636 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/05 16:26:42.0656 2636 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/05 16:26:43.0140 2636 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/05 16:26:44.0046 2636 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/05 16:26:45.0062 2636 rt2870 (a6886caf9d03dade7144171e471eca6f) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/05/05 16:26:46.0000 2636 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/05 16:26:46.0203 2636 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/05 16:26:46.0656 2636 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/05 16:26:47.0531 2636 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/05/05 16:26:48.0625 2636 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/05 16:26:49.0765 2636 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/05 16:26:50.0453 2636 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/05 16:26:51.0750 2636 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/05 16:26:53.0437 2636 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/05 16:26:54.0421 2636 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/05 16:26:55.0328 2636 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/05 16:26:56.0703 2636 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/05 16:26:57.0796 2636 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/05 16:27:02.0406 2636 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/05 16:27:03.0890 2636 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\WINDOWS\system32\DRIVERS\tap0901.sys
2011/05/05 16:27:06.0234 2636 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/05 16:27:08.0062 2636 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/05 16:27:09.0437 2636 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/05 16:27:10.0421 2636 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/05 16:27:12.0359 2636 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/05 16:27:13.0390 2636 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/05 16:27:14.0343 2636 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/05 16:27:15.0218 2636 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/05 16:27:15.0921 2636 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/05 16:27:16.0500 2636 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/05 16:27:17.0312 2636 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/05 16:27:17.0843 2636 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/05 16:27:18.0468 2636 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/05 16:27:19.0078 2636 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/05 16:27:19.0640 2636 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/05 16:27:20.0546 2636 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/05 16:27:22.0078 2636 ================================================================================
2011/05/05 16:27:22.0078 2636 Scan finished
2011/05/05 16:27:22.0078 2636 ================================================================================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:47 PM

Posted 05 May 2011 - 08:09 PM

Okay, some confusing things going on here.

Please run OTL and let's get a better picture of the machine

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#7 cyprus1

cyprus1
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 05 May 2011 - 08:41 PM

Here's the OTL text:
OTL logfile created on: 5/5/2011 6:26:43 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 82.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 29.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.80 Gb Total Space | 50.79 Gb Free Space | 71.74% Space Free | Partition Type: NTFS
Drive D: | 23.50 Mb Total Space | 11.02 Mb Free Space | 46.88% Space Free | Partition Type: NTFS

Computer Name: LISA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Owner\My Documents\plugin-container.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Owner\My Documents\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
PRC - C:\WINDOWS\system32\ANIWConnService.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\system32\dlbucoms.exe ( )
PRC - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Program Files\Common Files\soft602\pdfSaver.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PDF\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (CGVPNCliSrvc) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (ANIWConnService) -- C:\WINDOWS\system32\ANIWConnService.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (dlbu_device) -- C:\WINDOWS\System32\dlbucoms.exe ( )
SRV - (ANIWZCSdService) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (KeyScrambler) -- C:\WINDOWS\system32\drivers\keyscrambler.sys (QFX Software Corporation)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys ()
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20101113Wb1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.7.1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c3ad60e&v=6.103.018.001&i=26&tp=ab&iy=b&ychte=us&lng=en-US&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/26 03:39:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/03/24 19:43:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/12/08 01:02:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Documents and Settings\Owner\My Documents\components [2011/04/29 16:37:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Documents and Settings\Owner\My Documents\plugins [2011/04/04 11:55:01 | 000,000,000 | ---D | M]

[2010/06/06 16:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/06/06 16:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/05/01 19:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n5imuxno.default\extensions
[2011/01/03 22:18:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n5imuxno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/04 11:56:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n5imuxno.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/09 03:52:29 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n5imuxno.default\extensions\keyscrambler@qfx.software.corporation
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N5IMUXNO.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2010/12/08 01:03:07 | 000,000,000 | ---D | M] (Java Console) -- C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/24 19:43:33 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/12/08 01:02:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2010/06/16 00:50:30 | 000,404,365 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13983 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Documents and Settings\Owner\Desktop\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [602PC SUITE PDF Saver] C:\Program Files\Common Files\soft602\pdfSaver.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [DLBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.DLL ()
O4 - HKLM..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [pdfSaver3] C:\Program Files\PDF\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Documents and Settings\Owner\Desktop\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/06 16:11:14 | 000,000,000 | RHS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 18:24:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/05/05 16:23:37 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/04/28 19:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\updates
[2011/04/26 20:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2010/07/12 05:09:14 | 012,378,640 | ---- | C] (JonDos GmbH) -- C:\Documents and Settings\All Users\Application Data\JonDoFox.paf.exe
[2007/02/28 18:38:18 | 000,538,096 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbucoms.exe
[2007/02/28 18:38:18 | 000,386,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuih.exe
[2007/02/28 18:38:16 | 000,382,448 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbucfg.exe
[2007/01/30 09:47:52 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbupmui.dll
[2007/01/30 09:46:00 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuserv.dll
[2007/01/30 09:38:18 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbucomm.dll
[2007/01/30 09:36:30 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbulmpm.dll
[2007/01/30 09:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuiesc.dll
[2007/01/30 09:32:06 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbupplc.dll
[2007/01/30 09:31:08 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbucomc.dll
[2007/01/30 09:30:30 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuprox.dll
[2007/01/30 09:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuinpa.dll
[2007/01/30 09:21:46 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuusb1.dll
[2007/01/30 09:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuhbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/05/05 18:24:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/05/05 18:17:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-179605362-839522115-1003UA.job
[2011/05/05 17:59:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/05 16:24:06 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/05/05 16:14:10 | 001,280,815 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/05/05 16:13:33 | 075,599,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/05/05 15:56:55 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011/05/05 15:56:42 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/05 15:56:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/04 19:17:23 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-179605362-839522115-1003Core.job
[2011/05/04 18:46:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/03 20:11:48 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/03 20:11:46 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/05/02 22:18:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/01 14:21:00 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/04/29 16:41:25 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\updates.xml
[2011/04/29 16:41:24 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\active-update.xml
[2011/04/29 16:37:28 | 014,117,848 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\xul.dll
[2011/04/29 16:37:12 | 000,261,080 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\updater.exe
[2011/04/29 16:37:12 | 000,019,416 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\xpcom.dll
[2011/04/29 16:37:11 | 000,166,872 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\softokn3.dll
[2011/04/29 16:37:11 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\ssl3.dll
[2011/04/29 16:37:09 | 000,105,432 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\smime3.dll
[2011/04/29 16:37:09 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\softokn3.chk
[2011/04/29 16:37:08 | 000,021,976 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\plc4.dll
[2011/04/29 16:37:08 | 000,018,904 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\plds4.dll
[2011/04/29 16:37:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\Owner\My Documents\plugin-container.exe
[2011/04/29 16:37:07 | 004,200,028 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\omni.jar
[2011/04/29 16:37:07 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\platform.ini
[2011/04/29 16:37:02 | 000,089,048 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\nssutil3.dll
[2011/04/29 16:37:01 | 000,105,432 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\nssdbm3.dll
[2011/04/29 16:37:00 | 000,343,000 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\nssckbi.dll
[2011/04/29 16:37:00 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\nssdbm3.chk
[2011/04/29 16:36:59 | 000,646,104 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\nss3.dll
[2011/04/29 16:36:58 | 000,203,736 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\nspr4.dll
[2011/04/29 16:36:57 | 000,781,272 | ---- | M] (sqlite.org) -- C:\Documents and Settings\Owner\My Documents\mozsqlite3.dll
[2011/04/29 16:36:56 | 001,874,904 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mozjs.dll
[2011/04/29 16:36:53 | 000,715,736 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\mozcrt19.dll
[2011/04/29 16:36:50 | 000,719,832 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\mozcpp19.dll
[2011/04/29 16:36:46 | 000,465,880 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\libGLESv2.dll
[2011/04/29 16:36:46 | 000,015,832 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\mozalloc.dll
[2011/04/29 16:36:45 | 000,089,048 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\libEGL.dll
[2011/04/29 16:36:44 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\freebl3.dll
[2011/04/29 16:36:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\Owner\My Documents\firefox.exe
[2011/04/29 16:36:42 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\freebl3.chk
[2011/04/29 16:36:37 | 001,892,184 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\d3dx9_42.dll
[2011/04/29 16:36:32 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\crashreporter.exe
[2011/04/29 16:36:29 | 001,974,616 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\D3DCompiler_42.dll
[2011/04/29 16:36:29 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\application.ini
[2011/04/29 16:36:17 | 000,019,416 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Owner\My Documents\AccessibleMarshal.dll
[2011/04/28 19:32:56 | 000,045,115 | ---- | M] () -- C:\WINDOWS\System32\ANICtl.dll
[2011/04/26 20:12:56 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/04/26 20:07:51 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/04/26 19:50:03 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/04/18 17:35:37 | 000,087,727 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\f4852.pdf

========== Files Created - No Company Name ==========

[2011/05/05 16:13:37 | 001,280,815 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/04/29 16:41:24 | 000,001,447 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\updates.xml
[2011/04/29 16:41:22 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\active-update.xml
[2011/04/28 19:32:56 | 000,045,115 | ---- | C] () -- C:\WINDOWS\System32\ANICtl.dll
[2011/04/26 20:12:55 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/04/26 20:07:49 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/04/26 19:49:30 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/04/18 17:35:31 | 000,087,727 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\f4852.pdf
[2010/11/23 00:45:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/12 02:19:03 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2010/07/12 02:19:02 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\INETWH32.DLL
[2010/07/12 02:19:02 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2010/06/15 19:21:42 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/06/07 17:11:08 | 000,000,035 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2010/06/07 14:20:16 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/06/07 14:11:46 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/07 14:11:46 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/06 19:12:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ANIWConnService.exe
[2010/06/06 19:12:23 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2010/06/06 19:12:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\aIPH.dll
[2010/06/06 19:12:23 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2010/06/06 19:12:23 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AQCKGen.dll
[2010/06/06 19:12:08 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANIOApi.dll
[2010/06/06 19:12:08 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANIO64.sys
[2010/06/06 19:12:08 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANIO.sys
[2010/06/06 19:11:59 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll
[2010/06/06 19:11:59 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ANIWPS.exe
[2010/06/06 19:10:38 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/06/06 16:48:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/06 16:33:01 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/06/06 16:13:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/06 16:08:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/06 09:02:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/06 08:59:52 | 000,181,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/02/19 02:32:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsr.dll
[2007/02/19 02:32:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2007/02/19 02:32:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2007/02/19 02:29:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsb.dll
[2007/02/19 02:29:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlbucub.dll
[2007/02/19 02:29:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2007/02/19 02:29:10 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlbuins.dll
[2007/02/19 02:28:10 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2007/02/07 12:57:16 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2007/01/22 02:19:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucfg.dll
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2005/03/21 09:41:32 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/03/21 09:41:31 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/12/06 10:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/12/07 22:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 14:31:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/10 22:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/23 15:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/12 02:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2010/06/11 18:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2010/07/13 02:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JonDo
[2010/06/26 02:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2010/06/08 22:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2011/03/29 21:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\S.A.D
[2010/07/12 02:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Software602
[2010/06/30 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\webex

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/06/15 22:36:13 | 000,000,222 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\Vietnamese.pdf?(275KB)?.url) -- C:\Documents and Settings\Owner\My Documents\Vietnamese.pdf‎(275KB)‎.url
[2008/01/14 20:48:38 | 000,000,222 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\Vietnamese.pdf?(275KB)?.url) -- C:\Documents and Settings\Owner\My Documents\Vietnamese.pdf‎(275KB)‎.url

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

And here's the Extras text:

OTL Extras logfile created on: 5/5/2011 6:26:44 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 82.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 29.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.80 Gb Total Space | 50.79 Gb Free Space | 71.74% Space Free | Partition Type: NTFS
Drive D: | 23.50 Mb Total Space | 11.02 Mb Free Space | 46.88% Space Free | Partition Type: NTFS

Computer Name: LISA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Documents and Settings\Owner\My Documents\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Documents and Settings\Owner\Desktop\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Documents and Settings\Owner\Desktop\firefox.exe" -requestPending -osint -url "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\dlbucoms.exe" = C:\WINDOWS\system32\dlbucoms.exe:*:Enabled:Photo AIO Printer 942 Server -- ( )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{27DB209C-57D1-42BE-B547-8867B26FA480}" = Spark
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3AA75ADB-113C-4FA1-954E-DD3E76BC1524}" = D-Link Wireless 150 USB Adapter DWA-125
"{48D9A460-9FA3-4E16-9533-2DF1C1F5129F}" = Macromedia Flash Player 8 Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5EE83279-5FEA-4885-823A-B90C23A72DF0}" = D-Link Wireless 150 USB Adapter DWA-125
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8B578786-6B3B-44CF-9E21-8B8771D8D8DE}" = Office Suite 2006
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"BroadJump Client Foundation" = BroadJump Client Foundation
"CCleaner" = CCleaner (remove only)
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.96.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CyberGhost VPN_is1" = CyberGhost VPN Patch 4.7.16
"ESET Online Scanner" = ESET Online Scanner v3
"ie8" = Windows Internet Explorer 8
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"PROSet" = Intel® PRO Network Adapters and Drivers
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/8/2010 12:16:57 AM | Computer Name = LISA | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 8.0.552.215, fault address 0x000d0b1f.

Error - 12/8/2010 7:40:57 AM | Computer Name = LISA | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x0000100b.

Error - 12/8/2010 7:53:22 AM | Computer Name = LISA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/8/2010 7:53:23 AM | Computer Name = LISA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 12/8/2010 7:53:39 AM | Computer Name = LISA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/8/2010 7:53:39 AM | Computer Name = LISA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/10/2010 2:42:15 AM | Computer Name = LISA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2010 2:42:15 AM | Computer Name = LISA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2010 2:42:15 AM | Computer Name = LISA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2010 2:42:16 AM | Computer Name = LISA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/3/2011 9:22:30 PM | Computer Name = LISA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.64 on
the Network Card with network address 0013206849C6.

Error - 5/3/2011 9:23:09 PM | Computer Name = LISA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 0013206849C6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/4/2011 7:59:27 AM | Computer Name = LISA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 5/4/2011 9:47:29 PM | Computer Name = LISA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 0013206849C6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/4/2011 9:53:44 PM | Computer Name = LISA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 5/4/2011 10:18:31 PM | Computer Name = LISA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 5/4/2011 10:48:56 PM | Computer Name = LISA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 5/4/2011 10:49:17 PM | Computer Name = LISA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 5/5/2011 5:14:12 AM | Computer Name = LISA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 5/5/2011 6:57:48 PM | Computer Name = LISA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 0013206849C6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:47 PM

Posted 06 May 2011 - 09:06 PM

The d3d9.dll file is a legitimate file used to run games and video on Windows. If this is becoming a problem then it isn't malware in origin. We will just run OTL again to clear up some suspicious ADS. It is likely that the problem is to do with an increase in the workload on that file.

Click Start then Run. In the blank field type dxdiag then press Enter to enable the DirectX Diagnostic Tool window to load. You will know what DirectX version you have installed on your PC by looking at the bottom portion of the window. If you don't have DirectX 9 in your PC, you need to download the latest version from the Internet. Let me know if this update stops the window appearing.


Let's complete the checks. Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Now please run ESET's online scan

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#9 cyprus1

cyprus1
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 06 May 2011 - 11:36 PM

Hi Mole,

The dxdiag message box states that the Direct Version I have is Directx 9.0c.

As for the OTL run fix log, here it is:

========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.22.3 log created on 05062011_205303

#10 cyprus1

cyprus1
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 07 May 2011 - 06:28 AM

Hello MOle,

I just ran the ESET scanner and surprisingly, it said no infected files were found.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:47 PM

Posted 07 May 2011 - 02:09 PM

What problems, if any, are still there now?
Posted Image
m0le is a proud member of UNITE

#12 cyprus1

cyprus1
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 08 May 2011 - 12:47 AM

A couple of days ago my antivirus program noted that I was infected with a backdoor trojan virus.My computer was infected with a backdoor trojan before and it was eliminated. But for a couple of weeks now, my computer was acting out of the ordinary and then the backdoor trojan notice appeared (twice).I reformatted my computer before but I really do not want to have to go through that again. I just wanted to make absolute sure that my computer isn't infected. All I could remember from the notice was that it was a file located in Windows 32.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:47 PM

Posted 08 May 2011 - 03:57 AM

In that case, I can confirm that you are clean...

You're clean. Good stuff! :thumbup2:

We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it cyprus1, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#14 cyprus1

cyprus1
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 09 May 2011 - 05:34 AM

Thanks MOle...I just have a quick question. What program is Soffice.bin? I noticed that it closes along with D3D9 but I'm not quite sure what it is.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:47 PM

Posted 09 May 2011 - 01:42 PM

It's a binary file and part of Open Office, the free alternative to Microsoft's Office Suite.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users