Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Sheur3.CDGB infections & search engine link redirects


  • This topic is locked This topic is locked
34 replies to this topic

#1 Joel S.

Joel S.

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 11 June 2011 - 07:53 PM

First of all, thanks in advance to anyone who is able to help with the problems I am experiencing. There are two main issues that appear to be interconnected with one another:

First, my antivirus software (AVG 11) is periodically detecting an infection called "Trojan Horse SHeur3.CDGB" in the WINDOWS/Temp directory, with repeat occurrences about every 10 minutes or so. When I attempt to move this infection to the Virus Vault, however, AVG (almost always) responds by saying that the directory doesn't exist; manually checking the file location confirms this fact. The location is always of the form "C:\WINDOWS\Temp\****\setup.exe" where "****" refers to a random string of 4 characters. When looking in the Temp folder after getting this message, this random-character folder may be there, but it is always empty. I have attached an example image of the AVG infection message to the end of this post.

Second, when using search engine sites, clicking on links will sometimes cause the browser to redirect to other, random websites. I generally only use Firefox and Google when on the internet, but I have tested this issue with Internet Explorer and other search engines (Yahoo, Ask, etc.); it is occurring with all of them. I have not kept a rigorous list, but it seems to happen on about 30%-50% of the links I click on. Since I downloaded Malwarebytes in an attempt to clear this infection, this new software is halting the links from being completely redirected; nonetheless, the redirection is still being attempted (meaning the virus is still on the PC.) Malwarebytes is also periodically notifying that it is blocking certain outgoing "malicious" IP address requests. These occur whether or not Firefox is open and I presume are malicious, but I am not sure if any of the blocks are actually legitimate (such as a program trying to update itself, for example.)

I understand that we should be limiting ourselves to 1 issue per topic, but as it seems that these problems began happening at exactly the same time, I decided it would be better to post them together. I believe they are being caused by the same infection, but of course I cannot say this with certainty.

In the interest of providing more information, the following are other things I have encountered while dealing with these 2 issues (NOTE: THIS IS ONLY FOR INFORMATIONAL PURPOSES. I AM NOT EXPLICITLY ASKING FOR HELP WITH THESE PROBLEMS HERE, AS THAT IS NOT THE POINT OF THIS TOPIC):

-System Restore will not complete its restoration process; I have tried selecting dates both before and after the infection likely occurred, and each one has failed for whatever reason.
-After trying various cleans in Safe Mode last night, the PC failed to boot to Windows correctly for about 60-90 minutes, then suddenly did correctly. Since then, no boot trouble.
-A couple of "Data Execution Prevention" messages from Windows popped up after the above boot problem, which said "Generic Host Process for Win32 Services" has been stopped. Have not seen or investigated this since.
-Executable files and Control Panel icons became disassociated with their respective programs or tools. Solved using this discussion: Geeks to Go forum (post #11 from somu)
-Windows Updates and Windows Firewall became disabled. Solved using above and this discussion: Windows forum (post from Ronnie Vernon)

Here are the specs on my PC:

Microsoft Windows XP Pro- Version 2002 SP3
AMD Athlon 64 Processor 3200+
2.20 GHz, 2.00 GB RAM
MSI Motherboard
Firefox 4.0.1
Internet Explorer 8

And programs I have installed/used in trying to clear this infection (the cleaning ones have been run several times in both normal and safe mode OS):

AVG 2011 v10.0.1382
SUPER Antispyware v4.54.1000
Malwarebytes' Anti-Malware v1.51.0.1200 Trial
Smitfraudfix v2.423
Webroot Window Washer v6.5
HijackThis v2.0.4
DDS Tool

Here is my DDS log file (the other is attached):

.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Owner at 17:56:37 on 2011-06-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.619 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2ed6e373-9feb-4f2d-b831-419352670135} - c:\windows\system32\nnnnNEUL.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {696f6489-1550-4d3a-bc7f-7de2ba8c2a38} - c:\windows\system32\wvUnLBTm.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\timeleft.lnk - c:\program files\timeleft3\TimeLeft.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: ameritrade.com
Trusted Zone: ameritrade.com\wwws
Trusted Zone: aol.com\free
Trusted Zone: tdameritrade.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225656721093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F34BC24B-1B29-4A92-AA04-5EF66E3DE4E3} : DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\mikasova.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnmnolm relog_ap
LSA: Notification Packages = scecli c:\windows\system32\mikasova.dll
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\v8wl9nvo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-13 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-13 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2003-6-20 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-11 366640]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-12-27 598856]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2009-7-31 36224]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-11 22712]
S2 gupdate1c9ec5b699f5ac0;Google Update Service (gupdate1c9ec5b699f5ac0);c:\program files\google\update\GoogleUpdate.exe [2009-6-13 133104]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-22 517448]
S3 EMSUSB2;EMSUSB2;c:\windows\system32\drivers\EMSUSB2.SYS [2010-5-17 5520]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-13 133104]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2009-7-22 39048]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-7-18 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-7-18 8320]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-13 12872]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 XPAD;XBox Controllers USB HID Mini Driver;c:\windows\system32\drivers\Xpad.sys [2009-8-10 12800]
.
=============== Created Last 30 ================
.
2011-06-11 20:43:02 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-11 20:43:02 -------- d-----w- c:\program files\Trend Micro
2011-06-11 07:48:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-11 07:48:35 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 03:03:11 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-06-11 03:02:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-11 03:02:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-16 06:33:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-06-11 08:11:50 4502 ----a-w- c:\windows\system32\tmp.reg
2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-15 02:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-05 05:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-16 21:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 17:58:42.84 ===============

Any help will be appreciated- Thanks!

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:02 PM

Posted 15 June 2011 - 08:05 AM

Hello Joel S.and welcome to BC. :)

Sorry about the delay, do you still need help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 Joel S.

Joel S.
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 15 June 2011 - 01:19 PM

Thanks for replying, Sempai.

Yes, I do still need help with this issue. I have been using my netbook for everything since I started this topic, so the PC should be in the same state it was when I made the DDS log.

I have a quick question first, though: do you think that this virus is an alias for the nasty Ramnit.A infection? I've been searching around a bit for information the past few days, and there have been pages (example: MS Virus Encyclopedia) that suggest this could be true. However, I can't find any specific mention of ".CDGB" being the trailing characters as an alias name. Other topics here on Bleeping Computer have gone both ways on Sheur3 stuff, as well (examples: True and No Mention).

I'm heading out now, but I'll be back by the computer a bit later today. Thanks again Sempai!

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:02 PM

Posted 16 June 2011 - 08:14 AM

Hi,

Yes, it sounds like a ramnit infection to me and the best course of action for this type of infection is to reformat and reinstall the OS.

Do me a favor please, send the files detected by AVG to virscan.

Please go to http://virscan.org/
  • Navigate the file that was detected by AVG into the "Suspicious files to scan" box on the top of the page:
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 Joel S.

Joel S.
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 16 June 2011 - 06:39 PM

The problem with scanning anything on virscan.org is that the folders where AVG was detecting Sheur3.CDGB never have anything in them. I tried just selecting the folders themselves, but of course the explorer window opens these up- it expects you to select something within. Unless I'm doing something wrong, I don't think I can get a scan of this for you at the moment.

On another note, I tried doing a rootkit scan with AVG a little while ago; it found 2 objects: MBR (Rootkit.TDSS.TDL4) and <unknown> (IRP hook, \Driver\UlSata DriverStartIo -> 0x89EE68554). I did a heal on both of these and rebooted the PC; aside from a slightly longer boot-up while Windows configured the master boot record, this seemed to complete without a problem. Since then, I have tried 30+ links while on Firefox without any redirects, and Malwarebytes is not detecting any of the previous outgoing IP requests. There have not been any AVG virus alerts today, either.

I'd be lying if I said this means everything is OK, but it is at least a step in the right direction. I'm going to perform some more scans while I wait for your reply, Sempai.

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:02 PM

Posted 17 June 2011 - 05:43 AM

Hi,

It is important not to make any further changes or run any other tools/updates unless instructed to.


1. Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.



2. Download OTL by OldTimer from one of the links below:

Link 1
Link 2

  • Save it to your desktop.
  • Close all open windows on the Task Bar.
  • Double click the OTL icon to run the program (run as Administrator for Windows Vista/7).
  • Put a check mark on Scan All Users.
  • Click the Run Scan button and let it run uninterrupted.
  • It will create two reports namely OTL.txt (will be opened) and Extras.txt (will be minimized).
  • Post the contents of both reports when you reply.
  • Exit OTL.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 Joel S.

Joel S.
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 17 June 2011 - 12:19 PM

Alright, I just ran both of the scans you instructed. These are the reports below.

TDSSKiller

2011/06/17 12:01:34.0203 5352 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/17 12:01:34.0703 5352 ================================================================================
2011/06/17 12:01:34.0703 5352 SystemInfo:
2011/06/17 12:01:34.0703 5352
2011/06/17 12:01:34.0703 5352 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/17 12:01:34.0703 5352 Product type: Workstation
2011/06/17 12:01:34.0703 5352 ComputerName: JOEL-9SF29ACP2
2011/06/17 12:01:34.0703 5352 UserName: Owner
2011/06/17 12:01:34.0703 5352 Windows directory: C:\WINDOWS
2011/06/17 12:01:34.0703 5352 System windows directory: C:\WINDOWS
2011/06/17 12:01:34.0703 5352 Processor architecture: Intel x86
2011/06/17 12:01:34.0703 5352 Number of processors: 1
2011/06/17 12:01:34.0703 5352 Page size: 0x1000
2011/06/17 12:01:34.0703 5352 Boot type: Normal boot
2011/06/17 12:01:34.0703 5352 ================================================================================
2011/06/17 12:01:35.0468 5352 !crdlk
2011/06/17 12:01:35.0515 5352 Initialize success
2011/06/17 12:01:44.0359 5744 ================================================================================
2011/06/17 12:01:44.0359 5744 Scan started
2011/06/17 12:01:44.0359 5744 Mode: Manual;
2011/06/17 12:01:44.0359 5744 ================================================================================
2011/06/17 12:01:44.0906 5744 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/17 12:01:44.0953 5744 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/17 12:01:45.0046 5744 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/17 12:01:45.0109 5744 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/17 12:01:45.0234 5744 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/06/17 12:01:45.0671 5744 ALCXWDM (bab9e43b24c2181bebc6f170b3563afb) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/06/17 12:01:45.0796 5744 AmdK8 (d7e6de8f676cf3a387f75e9ab404f7a4) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/06/17 12:01:45.0890 5744 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
2011/06/17 12:01:45.0953 5744 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/17 12:01:46.0093 5744 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/06/17 12:01:46.0140 5744 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/17 12:01:46.0187 5744 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/17 12:01:46.0328 5744 ati2mtag (7e6ea88e7079a877c8dacde3ef9508c8) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/17 12:01:46.0390 5744 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/17 12:01:46.0437 5744 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/17 12:01:46.0531 5744 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/17 12:01:46.0562 5744 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/06/17 12:01:46.0609 5744 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/17 12:01:46.0640 5744 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/06/17 12:01:46.0671 5744 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/06/17 12:01:46.0703 5744 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/06/17 12:01:46.0734 5744 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/06/17 12:01:46.0781 5744 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/06/17 12:01:46.0875 5744 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/17 12:01:46.0937 5744 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/17 12:01:46.0984 5744 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/17 12:01:47.0031 5744 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/17 12:01:47.0046 5744 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/17 12:01:47.0078 5744 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/17 12:01:47.0218 5744 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
2011/06/17 12:01:47.0312 5744 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
2011/06/17 12:01:47.0375 5744 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/06/17 12:01:47.0421 5744 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/06/17 12:01:47.0453 5744 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
2011/06/17 12:01:47.0515 5744 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/06/17 12:01:47.0562 5744 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
2011/06/17 12:01:47.0609 5744 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
2011/06/17 12:01:47.0656 5744 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
2011/06/17 12:01:47.0703 5744 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
2011/06/17 12:01:47.0734 5744 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
2011/06/17 12:01:47.0796 5744 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
2011/06/17 12:01:47.0859 5744 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
2011/06/17 12:01:47.0906 5744 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/06/17 12:01:47.0953 5744 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
2011/06/17 12:01:47.0984 5744 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/06/17 12:01:48.0062 5744 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/17 12:01:48.0125 5744 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/17 12:01:48.0171 5744 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/17 12:01:48.0203 5744 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/17 12:01:48.0250 5744 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/17 12:01:48.0312 5744 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/17 12:01:48.0375 5744 EMSUSB2 (c2ba4e927fed8db143b36c47f1404de0) C:\WINDOWS\system32\Drivers\EMSUSB2.SYS
2011/06/17 12:01:48.0406 5744 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/06/17 12:01:48.0453 5744 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/17 12:01:48.0500 5744 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/17 12:01:48.0546 5744 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/17 12:01:48.0578 5744 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/17 12:01:48.0640 5744 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/17 12:01:48.0671 5744 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/17 12:01:48.0703 5744 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/17 12:01:48.0750 5744 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys
2011/06/17 12:01:48.0796 5744 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/17 12:01:48.0843 5744 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/17 12:01:48.0906 5744 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/06/17 12:01:48.0953 5744 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/06/17 12:01:48.0984 5744 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
2011/06/17 12:01:49.0046 5744 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
2011/06/17 12:01:49.0062 5744 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/17 12:01:49.0156 5744 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/17 12:01:49.0281 5744 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/17 12:01:49.0343 5744 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\WINDOWS\system32\Drivers\ICDUSB2.sys
2011/06/17 12:01:49.0375 5744 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/17 12:01:49.0484 5744 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/17 12:01:49.0546 5744 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/17 12:01:49.0578 5744 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/17 12:01:49.0609 5744 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/17 12:01:49.0656 5744 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/17 12:01:49.0687 5744 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/17 12:01:49.0734 5744 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/17 12:01:49.0765 5744 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/17 12:01:49.0796 5744 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/17 12:01:49.0843 5744 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/17 12:01:49.0890 5744 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/17 12:01:49.0984 5744 LNE100 (e7a30b307ac29afbb993049df04bb91b) C:\WINDOWS\system32\DRIVERS\LNE100V5.sys
2011/06/17 12:01:50.0093 5744 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/06/17 12:01:50.0140 5744 mcdbus (f922b609524cf1ed66a1a109f3ce014f) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2011/06/17 12:01:50.0187 5744 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/17 12:01:50.0234 5744 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/17 12:01:50.0281 5744 motccgp (da6eda159099a5595aad4736885f2007) C:\WINDOWS\system32\DRIVERS\motccgp.sys
2011/06/17 12:01:50.0328 5744 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2011/06/17 12:01:50.0406 5744 motmodem (4b4cc4125d39104d3bbfa890f572c33d) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/06/17 12:01:50.0437 5744 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
2011/06/17 12:01:50.0453 5744 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/17 12:01:50.0500 5744 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/17 12:01:50.0531 5744 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/17 12:01:50.0578 5744 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/17 12:01:50.0640 5744 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/17 12:01:50.0703 5744 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/17 12:01:50.0750 5744 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/17 12:01:50.0843 5744 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/17 12:01:50.0906 5744 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/17 12:01:50.0937 5744 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/17 12:01:51.0000 5744 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/17 12:01:51.0031 5744 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/17 12:01:51.0078 5744 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/17 12:01:51.0125 5744 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/17 12:01:51.0187 5744 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/17 12:01:51.0234 5744 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/17 12:01:51.0265 5744 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/17 12:01:51.0281 5744 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/17 12:01:51.0328 5744 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/17 12:01:51.0343 5744 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/17 12:01:51.0390 5744 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/17 12:01:51.0468 5744 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/17 12:01:51.0500 5744 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/17 12:01:51.0578 5744 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/17 12:01:51.0625 5744 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/17 12:01:51.0687 5744 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/17 12:01:51.0718 5744 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/17 12:01:51.0734 5744 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/17 12:01:51.0812 5744 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/06/17 12:01:51.0843 5744 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/17 12:01:51.0875 5744 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/17 12:01:51.0921 5744 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/17 12:01:51.0968 5744 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/17 12:01:52.0062 5744 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/17 12:01:52.0109 5744 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/06/17 12:01:52.0296 5744 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/17 12:01:52.0343 5744 PfModNT (6dabb70783ef470492adb7b9a6e60bf3) C:\WINDOWS\System32\drivers\PfModNT.sys
2011/06/17 12:01:52.0390 5744 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/17 12:01:52.0421 5744 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/17 12:01:52.0453 5744 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/17 12:01:52.0484 5744 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/17 12:01:52.0546 5744 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/17 12:01:52.0687 5744 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/17 12:01:52.0718 5744 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/17 12:01:52.0750 5744 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/17 12:01:52.0781 5744 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/17 12:01:52.0828 5744 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/17 12:01:52.0859 5744 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/17 12:01:52.0890 5744 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/17 12:01:52.0937 5744 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/17 12:01:52.0984 5744 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/17 12:01:53.0078 5744 RT2500 (e2988349fe0567cbe4161cc653575a8e) C:\WINDOWS\system32\DRIVERS\RT2500.sys
2011/06/17 12:01:53.0140 5744 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
2011/06/17 12:01:53.0203 5744 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/06/17 12:01:53.0359 5744 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/17 12:01:53.0437 5744 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/06/17 12:01:53.0484 5744 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/06/17 12:01:53.0562 5744 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/17 12:01:53.0593 5744 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/17 12:01:53.0625 5744 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/17 12:01:53.0687 5744 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/17 12:01:53.0781 5744 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/17 12:01:53.0828 5744 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/06/17 12:01:53.0890 5744 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/17 12:01:53.0921 5744 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/17 12:01:53.0984 5744 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/17 12:01:54.0078 5744 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/17 12:01:54.0109 5744 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/17 12:01:54.0156 5744 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/17 12:01:54.0359 5744 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/17 12:01:54.0453 5744 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/17 12:01:54.0531 5744 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/17 12:01:54.0609 5744 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
2011/06/17 12:01:54.0671 5744 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/17 12:01:54.0734 5744 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/17 12:01:55.0000 5744 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/06/17 12:01:55.0250 5744 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/06/17 12:01:55.0390 5744 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/17 12:01:55.0453 5744 UlSata (7bbac49fcfb5d31489420e2fe8a47f02) C:\WINDOWS\system32\drivers\UlSata.sys
2011/06/17 12:01:55.0562 5744 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/17 12:01:55.0656 5744 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/17 12:01:55.0734 5744 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/17 12:01:55.0796 5744 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/17 12:01:55.0843 5744 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/17 12:01:56.0000 5744 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/17 12:01:56.0093 5744 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/17 12:01:56.0156 5744 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/17 12:01:56.0218 5744 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/17 12:01:56.0281 5744 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/17 12:01:56.0328 5744 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/17 12:01:56.0437 5744 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/17 12:01:56.0546 5744 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/06/17 12:01:56.0593 5744 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/17 12:01:56.0640 5744 viamraid (65864aba65eee06ea586009301834e43) C:\WINDOWS\system32\DRIVERS\viamraid.sys
2011/06/17 12:01:56.0671 5744 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/17 12:01:56.0718 5744 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/17 12:01:56.0812 5744 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/17 12:01:56.0906 5744 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/17 12:01:57.0078 5744 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/06/17 12:01:57.0187 5744 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/17 12:01:57.0296 5744 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/17 12:01:57.0421 5744 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/17 12:01:57.0656 5744 XPAD (6417bb89d38dacaaff529854efb1b502) C:\WINDOWS\system32\Drivers\xpad.sys
2011/06/17 12:01:57.0703 5744 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk0\DR0
2011/06/17 12:01:57.0828 5744 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/06/17 12:01:57.0984 5744 ================================================================================
2011/06/17 12:01:57.0984 5744 Scan finished
2011/06/17 12:01:57.0984 5744 ================================================================================
2011/06/17 12:01:58.0000 5736 Detected object count: 0
2011/06/17 12:01:58.0000 5736 Actual detected object count: 0


OTL

OTL logfile created on: 6/17/2011 12:04:20 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 57.95% Memory free
3.35 Gb Paging File | 2.53 Gb Available in Paging File | 75.57% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 649.27 Gb Free Space | 69.70% Space Free | Partition Type: NTFS
Drive F: | 114.48 Gb Total Space | 114.41 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: JOEL-9SF29ACP2 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 12:03:19 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/06/11 02:45:10 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/06/03 02:01:17 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/06/09 20:55:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2008/06/24 20:06:22 | 000,904,768 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2008/06/24 19:56:52 | 000,136,472 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2008/06/24 19:52:18 | 001,325,848 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/26 15:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/11/26 15:47:30 | 001,206,600 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
PRC - [2007/11/10 19:08:25 | 000,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2007/04/09 13:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2004/03/04 09:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2003/06/18 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe


========== Modules (SafeList) ==========

MOD - [2011/06/17 12:03:19 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/04/09 13:32:30 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/17 20:28:40 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2007/11/26 15:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2003/04/01 22:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/10 18:36:47 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/17 10:17:32 | 000,005,520 | ---- | M] (EMS Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMSUSB2.SYS -- (EMSUSB2)
DRV - [2010/02/25 17:36:25 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/25 17:36:25 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/28 19:43:41 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/03/28 19:43:41 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/03/28 19:43:38 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/03/28 19:43:31 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/01/29 04:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 04:17:06 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/01/29 04:15:54 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2008/01/10 00:40:38 | 002,846,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/11/02 02:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/09/17 04:34:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (ASPI32)
DRV - [2007/09/05 02:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/04/18 09:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 09:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 07:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 06:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 05:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2007/04/10 05:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 05:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 05:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 05:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 05:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 05:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 05:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 05:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/10/20 16:00:04 | 000,243,328 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/08/01 19:18:30 | 000,012,800 | ---- | M] (Beijing WiseGrup.,Ltd (gamepad.yeah.net)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Xpad.sys -- (XPAD)
DRV - [2004/06/07 04:36:10 | 000,624,065 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/23 22:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/30 22:58:46 | 000,069,504 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/11/06 23:00:00 | 000,035,328 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/09/19 15:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2002/08/28 23:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/10/24 19:16:10 | 000,036,224 | R--- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lne100v5.sys -- (LNE100) Linksys LNE100TX(v5)
DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-1364589140-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-299502267-1364589140-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-299502267-1364589140-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-299502267-1364589140-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-1364589140-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: firenes@facundo.zaldo:2.0
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319


FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/22 08:30:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/02 15:54:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 21:42:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 21:42:38 | 000,000,000 | ---D | M]

[2010/02/04 21:47:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/02/04 21:47:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/06/16 18:16:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v8wl9nvo.default\extensions
[2010/09/24 05:51:06 | 000,000,000 | -H-D | M] (Forecastfox Weather) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v8wl9nvo.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/06/16 18:16:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v8wl9nvo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/15 12:55:43 | 000,000,000 | -H-D | M] (AOL Messaging Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v8wl9nvo.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/01/14 22:21:27 | 000,000,000 | -H-D | M] ("FireNes") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v8wl9nvo.default\extensions\firenes@facundo.zaldo
[2011/03/13 14:43:58 | 000,000,000 | -H-D | M] (Personas) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v8wl9nvo.default\extensions\personas@christopher.beard
[2009/01/05 03:29:12 | 000,001,728 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v8wl9nvo.default\searchplugins\aim-search.xml
[2010/04/06 08:04:39 | 000,002,425 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v8wl9nvo.default\searchplugins\askcom.xml
[2011/06/11 05:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 08:48:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/06 01:14:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/06/11 05:04:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\V8WL9NVO.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\V8WL9NVO.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\V8WL9NVO.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\V8WL9NVO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/06/02 15:54:26 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2009/09/02 00:12:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/30 21:42:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2011/04/30 21:42:36 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {2ED6E373-9FEB-4F2D-B831-419352670135} - File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {696F6489-1550-4D3A-BC7F-7DE2BA8C2A38} - File not found
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-299502267-1364589140-682003330-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PtiuPbmd] C:\WINDOWS\System32\ptipbm.dll (Promise Technology,Inc.)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [swg] File not found
O4 - HKU\S-1-5-18..\Run: [swg] File not found
O4 - HKU\S-1-5-21-299502267-1364589140-682003330-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-299502267-1364589140-682003330-1003..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1364589140-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-299502267-1364589140-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - Reg Error: Value error. File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225656721093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/05 22:13:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ceec89f5-1200-11df-b5e4-001ee5d85365}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-1364589140-682003330-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-299502267-1364589140-682003330-1003\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 12:03:21 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/17 12:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2011/06/16 17:48:33 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/11 17:55:34 | 000,607,249 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/06/11 16:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/06/11 16:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/06/11 15:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/11 15:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/06/11 15:37:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/06/11 15:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Smit Fraud
[2011/06/11 05:04:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/11 05:04:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/11 05:04:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/11 02:48:39 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/11 02:48:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/11 02:48:35 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/11 02:47:25 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/10 22:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/06/10 22:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/10 22:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/10 22:01:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup.exe
[2011/06/10 03:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/10 03:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/10 03:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/10 03:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/03 02:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/05/29 18:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Baseball Crossword
[2011/05/19 21:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Penumbra
[2009/06/13 13:33:25 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2005/11/05 22:26:53 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[2005/11/05 22:26:43 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 12:06:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/17 12:03:20 | 118,878,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/17 12:03:19 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/17 12:00:54 | 001,309,375 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/06/17 11:57:39 | 004,932,286 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-00000007-00001102-00000008-10011102}.CDF
[2011/06/17 11:57:22 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/17 11:57:18 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/17 11:57:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/17 11:56:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/17 02:33:15 | 000,030,624 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-00000007-00001102-00000008-10011102}.rfx
[2011/06/17 02:33:15 | 000,030,624 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-00000007-00001102-00000008-10011102}.rfx
[2011/06/17 02:33:15 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-00000007-00001102-00000008-10011102}.rfx
[2011/06/17 02:33:15 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-00000007-00001102-00000008-10011102}.rfx
[2011/06/17 02:33:15 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000007-00001102-00000008-10011102}.rfx
[2011/06/17 02:32:31 | 004,932,286 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-00000007-00001102-00000008-10011102}.BAK
[2011/06/16 18:06:16 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/06/16 18:02:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/11 19:38:47 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/06/11 17:55:34 | 000,607,249 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/06/11 17:54:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/06/11 17:54:17 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/06/11 16:20:25 | 000,116,511 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Example Infection.jpg
[2011/06/11 15:42:09 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.msi
[2011/06/11 15:37:48 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/06/11 04:17:42 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/11 03:11:50 | 000,004,502 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/06/11 02:48:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/11 02:47:29 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/11 01:25:44 | 000,001,192 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\4c6fc4y216yk6gq5l2707x55p5b
[2011/06/11 01:25:44 | 000,001,192 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4c6fc4y216yk6gq5l2707x55p5b
[2011/06/10 22:01:40 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup.exe
[2011/06/07 19:40:44 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/06/07 19:40:44 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/06/05 13:52:41 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2011/06/03 03:12:26 | 000,242,688 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/03 02:07:26 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/02 15:54:26 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/30 17:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/29 23:57:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/29 04:04:45 | 000,001,340 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\80n70x50l01od3etil60gw51se8kpkiyh3h30b436qut
[2011/05/29 04:04:45 | 000,001,340 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\80n70x50l01od3etil60gw51se8kpkiyh3h30b436qut
[2011/05/28 23:57:05 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\videopadDowngrade.job
[2011/05/18 15:00:26 | 000,001,444 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ukkbx3ej241h1wi32l5g40826jf48s6a3jj
[2011/05/18 15:00:26 | 000,001,444 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ukkbx3ej241h1wi32l5g40826jf48s6a3jj
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/17 12:00:52 | 001,309,375 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/06/16 18:06:16 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/06/11 17:54:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/06/11 17:54:18 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/06/11 16:20:25 | 000,116,511 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Example Infection.jpg
[2011/06/11 15:43:02 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/06/11 15:42:11 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.msi
[2011/06/11 02:48:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/11 01:25:44 | 000,001,192 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\4c6fc4y216yk6gq5l2707x55p5b
[2011/06/11 01:25:44 | 000,001,192 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4c6fc4y216yk6gq5l2707x55p5b
[2011/06/03 02:07:26 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/05/29 04:04:45 | 000,001,340 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\80n70x50l01od3etil60gw51se8kpkiyh3h30b436qut
[2011/05/29 04:04:45 | 000,001,340 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\80n70x50l01od3etil60gw51se8kpkiyh3h30b436qut
[2011/05/18 15:00:26 | 000,001,444 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ukkbx3ej241h1wi32l5g40826jf48s6a3jj
[2011/05/18 15:00:26 | 000,001,444 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ukkbx3ej241h1wi32l5g40826jf48s6a3jj
[2011/05/16 02:01:09 | 000,001,060 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\t2ybcc7v0fo3v477kk270ad
[2011/05/16 02:01:09 | 000,001,060 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t2ybcc7v0fo3v477kk270ad
[2010/11/17 00:19:27 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2010/10/26 15:25:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2010/10/15 20:52:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010/10/12 14:43:20 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/10/12 14:43:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/12 14:43:03 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/12 14:14:14 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2010/05/17 10:17:32 | 000,258,560 | ---- | C] () -- C:\WINDOWS\System32\UsbPadCP.DLL
[2010/05/17 10:17:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UsbPadFF.DLL
[2009/12/29 23:57:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2009/11/22 11:49:31 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/10/26 16:48:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/14 18:19:37 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/22 09:22:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2009/07/22 09:15:23 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
[2009/07/22 09:15:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2009/07/22 09:15:13 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2009/06/13 13:33:25 | 000,087,608 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2009/06/13 13:33:25 | 000,007,887 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2009/06/13 13:33:25 | 000,001,144 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2008/12/19 00:41:18 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[2008/09/23 22:51:05 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\WavCodec.wff
[2008/08/09 02:53:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/21 17:14:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/05/28 13:24:57 | 001,223,027 | -HS- | C] () -- C:\WINDOWS\System32\llmiwdno.ini
[2008/05/28 13:24:14 | 000,584,453 | -HS- | C] () -- C:\WINDOWS\System32\mlonmnnn.ini2
[2008/05/28 13:24:11 | 000,584,505 | -HS- | C] () -- C:\WINDOWS\System32\mlonmnnn.ini
[2008/05/28 13:07:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/05/28 12:17:12 | 001,222,976 | -HS- | C] () -- C:\WINDOWS\System32\nskimscf.ini
[2008/05/28 12:16:22 | 000,587,334 | -HS- | C] () -- C:\WINDOWS\System32\UBLmnnpo.ini2
[2008/05/28 12:16:21 | 000,587,334 | -HS- | C] () -- C:\WINDOWS\System32\UBLmnnpo.ini
[2008/05/27 18:30:08 | 001,198,765 | -HS- | C] () -- C:\WINDOWS\System32\ycfefpec.ini
[2008/05/27 18:29:50 | 000,002,095 | -HS- | C] () -- C:\WINDOWS\System32\mTBLnUvw.ini2
[2008/05/27 18:29:50 | 000,002,095 | -HS- | C] () -- C:\WINDOWS\System32\mTBLnUvw.ini
[2008/05/27 13:56:34 | 001,198,585 | -HS- | C] () -- C:\WINDOWS\System32\tdntvnpt.ini
[2008/05/27 13:54:59 | 000,002,970 | -HS- | C] () -- C:\WINDOWS\System32\LUENnnnn.ini2
[2008/05/27 13:54:59 | 000,002,970 | -HS- | C] () -- C:\WINDOWS\System32\LUENnnnn.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/07 04:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/03/28 22:36:13 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/03/28 22:36:13 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/03/28 22:36:13 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/03/15 08:09:22 | 000,000,307 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2007/11/02 20:36:30 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/11/02 20:36:30 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/21 17:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007/08/21 15:36:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/04/12 09:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 13:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 13:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 13:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 13:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 13:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2007/04/07 21:19:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2006/08/26 15:57:18 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/12 00:39:25 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/16 03:29:00 | 000,002,910 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/29 19:02:39 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2005/12/24 22:31:42 | 000,242,688 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/22 21:49:59 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Vtw.INI
[2005/12/22 21:34:47 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/12/21 20:36:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/22 20:40:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/22 20:37:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/11/06 02:06:23 | 000,011,838 | ---- | C] () -- C:\WINDOWS\hpdj6500.ini
[2005/11/05 22:58:57 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/11/05 22:30:59 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/11/05 22:28:20 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/11/05 22:28:18 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/11/05 22:28:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/11/05 22:27:11 | 000,048,864 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2005/11/05 22:27:11 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/11/05 22:26:57 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2005/11/05 22:26:57 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2005/11/05 22:26:57 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2005/11/05 22:26:56 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2005/11/05 22:26:56 | 000,132,415 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2005/11/05 22:26:56 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2005/11/05 22:26:56 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2005/11/05 22:26:53 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2005/11/05 22:26:53 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2005/11/05 22:26:53 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2005/11/05 22:26:53 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/11/05 22:25:49 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/11/05 22:21:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/11/05 22:15:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/11/05 22:10:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/05 15:47:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/05 15:46:08 | 000,240,736 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/06 15:04:27 | 000,165,782 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/06/16 11:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2004/03/17 08:12:48 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
[2004/03/17 08:11:51 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2003/06/20 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/06/20 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/06/20 07:00:00 | 000,465,538 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/06/20 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/06/20 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/06/20 07:00:00 | 000,079,424 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/06/20 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/06/20 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/06/20 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/06/20 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/06/20 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >


Extras

OTL Extras logfile created on: 6/17/2011 12:04:20 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 57.95% Memory free
3.35 Gb Paging File | 2.53 Gb Available in Paging File | 75.57% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 649.27 Gb Free Space | 69.70% Space Free | Partition Type: NTFS
Drive F: | 114.48 Gb Total Space | 114.41 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: JOEL-9SF29ACP2 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-299502267-1364589140-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1062:TCP" = 1062:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{053EC7D7-25D6-87DE-FB3C-21EDA3AC1B3D}" = CCC Help Japanese
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{09E03881-E349-18A2-2AFC-CADE51DF080E}" = CCC Help Thai
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{12C11D57-0E6B-64F2-B99E-E40E785AEB56}" = CCC Help Hungarian
"{152441C1-D4DA-EE78-7E4A-514DD0361256}" = CCC Help Dutch
"{16C291EE-B2F5-1636-D382-FEB776F677BE}" = CCC Help Italian
"{18941178-396B-0CC4-2168-17112315EBB8}" = ccc-utility
"{1B3D70BF-F1E5-1548-C1ED-22F0D47BDDD1}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22CCA04F-DFE0-5337-770C-3CFD2CDCF2D9}" = ccc-core-static
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 26
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2DDBE461-3A0D-A6C2-6944-92D694AFB12A}" = Catalyst Control Center Localization French
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3373AFA7-672F-407C-68F0-955FB5930A47}" = Catalyst Control Center Localization Turkish
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB8AFB-0376-9D4F-24E5-1EEC1CEE1A4B}" = CCC Help Chinese Standard
"{36417A39-B6A6-BE0F-0AD0-6D9B116985D1}" = CCC Help Swedish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3D50E33F-0DB8-4E3B-B75C-2B872A33D87B}" = HP Deskjet 6500
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3FAFEF64-911D-8013-18B5-E0BDF223A5C0}" = CCC Help Korean
"{40E4166C-460E-65F8-F84B-88A2F9EA69F4}" = CCC Help Polish
"{421D1CB2-0C0B-AC1D-06E5-14B0974376B5}" = Catalyst Control Center Localization Korean
"{451CEE76-0FFE-802D-1F5E-615D69BC7007}" = Catalyst Control Center Localization Greek
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4609F28C-0BDB-F2B2-9DC7-B35A28478312}" = Catalyst Control Center Localization Czech
"{46E1C9E1-9CC6-D432-F2BB-7CFC27B32EC9}" = Catalyst Control Center Localization Russian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{519118EE-ACFD-16B7-7FEA-6B47D529B50C}" = Catalyst Control Center Core Implementation
"{5325AF31-8FEF-EEA6-084E-6784F834B5C0}" = Catalyst Control Center Graphics Full Existing
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57105084-049B-008E-165A-92AF92B0C60F}" = ccc-core-preinstall
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5DE136A9-DCAE-69D0-08CB-02F07CFC9398}" = CCC Help Spanish
"{5E7AD152-771A-52C9-8394-E2F3BA629E06}" = CCC Help Greek
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6782B259-804B-301D-0DE9-13000375C2D2}" = Catalyst Control Center Localization Japanese
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{6D58E839-9E34-3979-7BFD-145BD5E9401C}" = CCC Help Norwegian
"{6EFA70F2-D6C3-4ECA-BEA9-C1A31277C63A}_is1" = FLV Converter 3.0
"{6FA439F8-EBD8-FF4D-8EE5-A52FE69A4248}" = Catalyst Control Center Localization Finnish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793E79A5-B52D-E287-37F2-398F530D74C7}" = Catalyst Control Center Localization Polish
"{79A2AB22-00D8-4F09-A00A-F1CB7DB3E916}_is1" = Penumbra
"{7F2FF077-4A0C-0F26-717C-617DED010B33}" = CCC Help English
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF103B8-8C8E-2246-8C0D-C6C256E5E428}" = CCC Help French
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E9BA9AF-6A06-C7AC-5863-4A40CF29CE05}" = Catalyst Control Center Localization German
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90E5D6A9-C373-357B-6659-8BF019E3C1D4}" = Catalyst Control Center Localization Dutch
"{91D2C605-AD2B-44C8-A0A1-9B116B3C91CB}" = AVG 2011
"{9366C5C6-9434-C4C9-9804-FB4D7142874D}" = Catalyst Control Center Localization Portuguese
"{942DD738-A9F7-BBFA-3960-4558CB0EE272}" = Catalyst Control Center Localization Chinese Standard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0857F54-AE2D-F453-4069-C7D65AE36426}" = Catalyst Control Center Localization Chinese Traditional
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2FA61E6-B46A-3489-BD5A-2991144A5BC4}" = CCC Help Portuguese
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C3379D-9638-40CE-B46C-015280B5801F}" = Indigo Prophecy
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA75AFFC-C5F3-2497-FE56-48AA163EFE2B}" = CCC Help Russian
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B5C68E1B-A651-33AA-21A6-7CC2D69EEFA2}" = CCC Help Czech
"{BE2686A1-ECF2-FF0E-9DF5-EC7A806AEED8}" = Catalyst Control Center Localization Thai
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC2B8406-F144-3B99-F66E-8D1703C9A9C5}" = Catalyst Control Center Graphics Previews Common
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECB9B3D-E681-4458-85F8-8D182941AF1D}" = Sound Blaster Audigy 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4F3A4D4-84B1-3A40-14AA-422DE60EF96A}" = Skins
"{D51D9840-FABE-390B-24D2-D052332B311A}" = Catalyst Control Center Localization Spanish
"{D9E96902-5743-D105-BCB7-FBD3C0DF3989}" = Catalyst Control Center Localization Swedish
"{DCE27619-6822-0D22-1405-9D2899DC1896}" = Catalyst Control Center Localization Norwegian
"{DF204E20-C29C-4434-BCFE-D9BAF76CEF8D}" = Sun ODF Plugin for Microsoft Office 3.1
"{DF80DB18-7179-EB18-5818-E7F761DA59AE}" = CCC Help Danish
"{E698F77C-216C-8409-F4DC-E4AAECF5DEFF}" = Catalyst Control Center Localization Italian
"{E7DAAF26-A0B0-1D77-0794-20D1314297F1}" = Catalyst Control Center Graphics Light
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite
"{F16A317A-6128-39E2-9607-20B5C70132E6}" = Catalyst Control Center Localization Hungarian
"{F2B34A83-5345-910F-EC0F-0D92A00D6E3B}" = CCC Help Turkish
"{F2BDC47D-18FA-5B10-58C0-9FFBDBE0B031}" = Catalyst Control Center Graphics Full New
"{F3D677C8-612D-F5A8-A22F-2EF74F44000B}" = CCC Help Chinese Traditional
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9AB0D25-0085-8345-3F1A-5E5C714092B9}" = Catalyst Control Center Localization Danish
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FEFE846E-DF0E-0AC6-0EA0-F85CE63CA275}" = CCC Help German
"AC3Filter_is1" = AC3Filter 1.63b
"Acoustica Beatcraft" = Acoustica Beatcraft
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Akamai" = Akamai NetSession Interface
"All ATI Software" = ATI - Software Uninstall Utility
"AMIP_iTunes" = AMIP for iTunes (remove only)
"Anki" = Anki
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.4
"AVG" = AVG 2011
"Avi2Dvd" = Avi2Dvd 0.6.1
"AviSynth" = AviSynth 2.5
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"Finale PrintMusic 2010" = Finale PrintMusic 2010
"FreezeSMS" = FreezeSMS
"FrostWire" = FrostWire 4.21.1
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HaaliMkx" = Haali Media Splitter
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"MagicDisc 2.5.79" = MagicDisc 2.5.79
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Note Attack_is1" = Note Attack v1.36
"Rhiannon" = Rhiannon: Curse of the Four Branches
"StepMania" = StepMania (remove only)
"Switch" = Switch Uninstall
"SysInfo" = Creative System Information
"TigerGame Xbox to USB Controller Version 2.01" = TigerGame Xbox to USB Controller Version 2.01
"TimeLeft_is1" = TimeLeft 3 Freeware edition
"TIMELEFT3_is1" = TimeLeft
"VideoPad" = VideoPad Video Editor
"VLC media player" = VideoLAN VLC media player 0.8.6a
"WavePad" = WavePad Uninstall
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinDjView" = WinDjView 1.0.3
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-1364589140-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"PlumeBusters" = PlumeBusters
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2011 8:23:28 PM | Computer Name = JOEL-9SF29ACP2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SMITFRAUDFIX\SMITFRAUDFIX\SMITFRAUDFIX.CMD>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 8:23:28 PM | Computer Name = JOEL-9SF29ACP2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SMITFRAUDFIX\SMITFRAUDFIX\SMIUPDATE.EXE>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 8:23:28 PM | Computer Name = JOEL-9SF29ACP2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SMITFRAUDFIX\SMITFRAUDFIX\SRCHSTS.EXE>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 8:23:28 PM | Computer Name = JOEL-9SF29ACP2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SMITFRAUDFIX\SMITFRAUDFIX\SWREG.EXE>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 8:23:28 PM | Computer Name = JOEL-9SF29ACP2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SMITFRAUDFIX\SMITFRAUDFIX\SWSC.EXE>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 8:23:28 PM | Computer Name = JOEL-9SF29ACP2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SMITFRAUDFIX\SMITFRAUDFIX\SWXCACLS.EXE>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 8:23:28 PM | Computer Name = JOEL-9SF29ACP2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SMITFRAUDFIX\SMITFRAUDFIX\UIFIX.EXE>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 8:23:28 PM | Computer Name = JOEL-9SF29ACP2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SMITFRAUDFIX\SMITFRAUDFIX\UNZIP.EXE>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 8:23:28 PM | Computer Name = JOEL-9SF29ACP2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SMITFRAUDFIX\SMITFRAUDFIX\VACFIX.EXE>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 8:23:28 PM | Computer Name = JOEL-9SF29ACP2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SMITFRAUDFIX\SMITFRAUDFIX\VCCLSID.EXE>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

[ System Events ]
Error - 6/11/2011 6:00:33 AM | Computer Name = JOEL-9SF29ACP2 | Source = Service Control Manager | ID = 7022
Description = The AVGIDSAgent service hung on starting.

Error - 6/11/2011 3:52:40 PM | Computer Name = JOEL-9SF29ACP2 | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 6/16/2011 6:06:34 PM | Computer Name = JOEL-9SF29ACP2 | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 6/16/2011 6:08:01 PM | Computer Name = JOEL-9SF29ACP2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 6/16/2011 6:08:31 PM | Computer Name = JOEL-9SF29ACP2 | Source = Service Control Manager | ID = 7022
Description = The AVGIDSAgent service hung on starting.

Error - 6/16/2011 6:30:19 PM | Computer Name = JOEL-9SF29ACP2 | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 6/16/2011 7:08:59 PM | Computer Name = JOEL-9SF29ACP2 | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 6/16/2011 9:56:39 PM | Computer Name = JOEL-9SF29ACP2 | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 6/17/2011 12:13:15 AM | Computer Name = JOEL-9SF29ACP2 | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 6/17/2011 12:56:57 PM | Computer Name = JOEL-9SF29ACP2 | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126


< End of report >

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:02 PM

Posted 18 June 2011 - 06:35 AM

Hi Joel,

P2P Warning:

BitTorrent

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."



=====================================


Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    O2 - BHO: (no name) - {2ED6E373-9FEB-4F2D-B831-419352670135} - File not found
    O2 - BHO: (no name) - {696F6489-1550-4D3A-BC7F-7DE2BA8C2A38} - File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [swg] File not found
    O4 - HKU\S-1-5-18..\Run: [swg] File not found
    O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
    O9 - Extra Button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - Reg Error: Value error. File not found
    O35 - HKU\S-1-5-21-299502267-1364589140-682003330-1003..exefile [open] -- "%1" %*
    O37 - HKU\S-1-5-21-299502267-1364589140-682003330-1003\...exe [@ = exefile] -- "%1" %*
    [2011/06/11 01:25:44 | 000,001,192 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\4c6fc4y216yk6gq5l2707x55p5b
    [2011/06/11 01:25:44 | 000,001,192 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4c6fc4y216yk6gq5l2707x55p5b
    [2011/05/29 04:04:45 | 000,001,340 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\80n70x50l01od3etil60gw51se8kpkiyh3h30b436qut
    [2011/05/29 04:04:45 | 000,001,340 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\80n70x50l01od3etil60gw51se8kpkiyh3h30b436qut
    [2011/05/18 15:00:26 | 000,001,444 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ukkbx3ej241h1wi32l5g40826jf48s6a3jj
    [2011/05/18 15:00:26 | 000,001,444 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ukkbx3ej241h1wi32l5g40826jf48s6a3jj
    [2011/05/16 02:01:09 | 000,001,060 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\t2ybcc7v0fo3v477kk270ad
    [2011/05/16 02:01:09 | 000,001,060 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t2ybcc7v0fo3v477kk270ad
    
    :Commands
    [EMPTYTEMP] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 Joel S.

Joel S.
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 18 June 2011 - 02:59 PM

Hey again Sempai.

Yeah, I know P2P stuff can be really dangerous; whenever I have to use software like that, I try to be as careful about it as I can. It's really come in handy a few times.

I ran the OTL fixes you posted, so here's the report file:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ED6E373-9FEB-4F2D-B831-419352670135}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ED6E373-9FEB-4F2D-B831-419352670135}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{696F6489-1550-4D3A-BC7F-7DE2BA8C2A38}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{696F6489-1550-4D3A-BC7F-7DE2BA8C2A38}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\swg not found.
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\LimeWire On Startup.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1}\ not found.
Registry value HKEY_USERS\S-1-5-21-299502267-1364589140-682003330-1003_Classes\exefile\shell\open\command\\'' updated successfully.
Registry key HKEY_USERS\S-1-5-21-299502267-1364589140-682003330-1003_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-299502267-1364589140-682003330-1003_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\Owner\Local Settings\Application Data\4c6fc4y216yk6gq5l2707x55p5b moved successfully.
C:\Documents and Settings\All Users\Application Data\4c6fc4y216yk6gq5l2707x55p5b moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\80n70x50l01od3etil60gw51se8kpkiyh3h30b436qut moved successfully.
C:\Documents and Settings\All Users\Application Data\80n70x50l01od3etil60gw51se8kpkiyh3h30b436qut moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\ukkbx3ej241h1wi32l5g40826jf48s6a3jj moved successfully.
C:\Documents and Settings\All Users\Application Data\ukkbx3ej241h1wi32l5g40826jf48s6a3jj moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\t2ybcc7v0fo3v477kk270ad moved successfully.
C:\Documents and Settings\All Users\Application Data\t2ybcc7v0fo3v477kk270ad moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 398295 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: Guest
->Temp folder emptied: 8782431 bytes
->Temporary Internet Files folder emptied: 33342231 bytes
->Java cache emptied: 602951 bytes
->FireFox cache emptied: 93580786 bytes
->Flash cache emptied: 16501 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 113610177 bytes
->Flash cache emptied: 1740 bytes

User: NetworkService
->Temp folder emptied: 2510260 bytes
->Temporary Internet Files folder emptied: 21641029 bytes
->Flash cache emptied: 9329 bytes

User: Owner
->Temp folder emptied: 20789341 bytes
->Temporary Internet Files folder emptied: 11723266 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 106743201 bytes
->Flash cache emptied: 1824 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 3001550 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10013452 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 460814699 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 273797 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 848.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06182011_140334

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\YA2KZNVY\338,17251,18517,18672,18902,18961,18982,19419,19726,20096,20139,20200,20647,20650,20780,21138,21188,21273,21373,21464,21717&Values=1588&Redirect=;ord=bIlomvA,bevhvvgbWdqth[1].htm not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\YA2KZNVY\517,18672,18871,18902,18961,18982,19419,19726,20096,20139,20200,20647,20650,20780,21138,21188,21189,21273,21373,21464,21717&Values=1588&Redirect=;ord=caAAmcv,bevhweRbWdwWN[1].htm not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\YA2KZNVY\c=1361547;met=1;v=1;pid=31532365;aid=209000748;ko=0;cid=27496334;rid=27514213;rv=2;&timestamp=1230231906765;eid1=2;ecn1=0;etm1=6;eid2=3;ecn2=1;etm2=1;eid3=4;ecn3=1;etm3=0;[1].gif not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\YA2KZNVY\CA4QLTE5CAP0JJOQCAC8PKP9CAM030HNCANQHQSGCAJVYR60CA6AL6R0CAK7GHTQCAGCBKTPCA7Y84PGCAA27KJMCA6AU62ACAYZWDYYCA1P2WGWCA3LY0JOCAHLRE2XCAJGRBH1CAFAMRE1CA6JVWQECA7EBJNMCAYPS56NCAXGW8FN not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\YA2KZNVY\CAC01O47CAV1X49ICAMTNCKPCA83E6V5CAIUS65UCAXMWVKCCACC237UCA2RO3M6CACAFEWSCA6AO6PQCA6EVN49CAUORZNZCAKH6NN8CAP9R2STCAYSRGNECAGSSRIBCA3YC7WPCA2CZ89WCAHAVF7UCAK6E5KXCA6GNFVCCARLRB8D not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\YA2KZNVY\CACVL0X4CAPPW4XGCA6HUQHICA60PBFLCARB8ATLCALXIPVFCA6SNXJNCAKBTY2LCATINDEGCAK1R65MCA189E72CAFKFV45CA34347JCAO4DPQHCAEJ63LICAYDKFX8CA7AJF95CACSM7RFCA9948ZACAXV7DVQCAABCU50CAM7OH1B not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\YA2KZNVY\CAJ48ZNFCAPW0JH0CAJ4XA73CANRNB59CAVGE2KOCA3O2RN4CAI8W4BCCA1XZ8EFCAVCDS5RCAPEFBXSCAH42Q6DCA1VZE2DCA8CT38WCAARKP2QCA3ROJAQCAT508FCCATGNQXQCAAFDUMXCAHDY5OBCARHPZCYCA0GR1CGCAGITTXA not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\YA2KZNVY\CAKA0332CAB1SC1KCA24KHM5CAHNIPUQCAD6WUYGCA3JOCKXCA5K6CVDCASJ4JLVCAR09JUICAGRHOY4CATHYMYKCA21J5BMCA6B5W0ZCAEV8LL0CAQX9BI8CAUKKM6CCABSFAR7CAGA6K8HCAM5PK58CA5LKPA4CAF03UABCACQLEQP not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QGLUZAET\,9781,9784,9853,11532,12825,13079,13760,14982,16113,17251,18517,18672,18823,18961,19419,20139,21203,21373,21464,21717,21878&Values=1588&Redirect=;ord=bwavKrp,bevhvNrbWdtye[1].htm not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QGLUZAET\897,14123,14888,15608,16113,16337,16351,17251,17373,18517,18672,18904,18961,18982,19036,20139,20644,21283,21717,21849,21876&Values=1588&Redirect=;ord=bpIhywl,bevhvrobWwukI[1].htm not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QGLUZAET\9419,19723,20093,20139,20197,20352,20644,20648,20766,20795,20806,20970,21141,21208,21239,21283,21373,21464,21717,21849,21876&Values=1588&Redirect=;ord=yxvuff,bevhvsibWdpii[1].htm not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QGLUZAET\CA7CA3MKCA9IQRCWCAHTVDCSCAK9IF45CAEWLL9OCAKYYZV0CAE3N0S3CAZ2NHQ5CAUS0AD7CAQHBX7WCAHTB8A5CA40GOTSCA0QH7S4CAS9WH34CA153816CAW81V9ECAH8XD2GCAR12WQICAG7Z3RFCALVSPBACAK3KO2SCAOJ84PM not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QGLUZAET\CANRT34KCAYTAM82CAOCGUJRCASOK0P8CAKVDEG2CAMBR4E1CA854M89CAU8RN4VCAIMY1UMCAEZRLO1CA2LCLCCCAIBV8L3CA7221A5CA3XNHJHCAM3W7LSCA9JFH9UCAEJ9OZOCASRY3SMCAB1L655CAOR9B7RCAS60N6DCAL5GO2K not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QGLUZAET\CAT8B1USCAV4QGHVCADRRTF0CA7UA05TCAUF5L5UCA2D9QJECA210QEACABI37XPCA9TQDK6CAUU898WCAMQUSXJCALC1I84CA4JS4YACALW9BBQCAVFW1LLCA3946XHCAZUYCH1CAYGVUE7CAL72J6SCA3S0176CAJ3CRT5CA4A4UA3 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QGLUZAET\CAV97T16CAYX64RNCAUU3Y3VCASP39NFCAR2MYMXCAQIB5YSCAMTZTO1CAKU5TKNCAUWCK8OCA8QBVAMCAWEUCELCA990YSJCAO3V2BWCALRB9U6CA6CMJJ9CAVGD4ZXCA6DYSWVCAFOK1HPCAWQ3CWQCARSHORLCALZL3MYCA8OK00D not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QGLUZAET\CAVCGF2LCAN0O2ALCAGSOH1ACAPM84VTCA0U1YXKCAV0Y49KCAAIEW90CAKRWSWWCAM8MTD6CAW3TDGHCAXUA2T9CAFLDN3FCAIHRCFMCAERR7V7CAIEL6ZICACXD3QCCA8711BFCAYYNEMRCAD6QC4GCAXTYKRDCAQ3WCSWCA8ZLHLU not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QGLUZAET\CAW4RUFACAVDJ48XCA9H9XGOCAMT2ML8CAWHWXL8CAXBI1EYCAWT3A98CAU785K2CAXBUL5QCA4F7UIYCAR1IO7VCAK3BS9WCAF3X7YICAFWH48HCAX7N5V7CAB6IXW0CAAV8MCZCAUG4WPLCAC0U2R5CAWT8R90CAHU04XXCA5220I2 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QGLUZAET\CAXB8I1XCAUMI6U3CAIPWRGPCAZ0FPIECAIE2F29CA9X28F6CAPFX1C2CAMGU1P5CAYTP6WPCA10KD5CCAFXHZNBCANJBN8JCAD8ZPOWCAYWZ63YCA589SD1CARA035ECAGGVDZ6CAJLWB6ACA2807HMCAPY1EHTCA9RIW7KCAX7D7P4 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QDZSGL99\6,19419,19723,20093,20139,20197,20352,20644,20648,20766,20795,20806,20970,21141,21208,21239,21283,21373,21464,21717,21849,21876&Values=1588&Redirect=;ord=bhzwzNx,bevhwjmbWdywm[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QDZSGL99\9784,9853,10378,11532,11790,13079,13760,14982,17251,18517,18672,18871,18961,18982,19419,20139,21203,21373,21464,21717,21878&Values=1588&Redirect=;ord=cimNytj,bevhweWbWdxah[1].htm not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CEEU1CM2\CA06I596CAUFLGJ3CA1WNATBCAFGIXI3CAQK9S4MCAQKU6JLCAC3NVI5CAB7XLNHCAHDQ68ZCABXARIHCAHFU6C9CA4C0G5ACAJYS0R0CA8XT5R3CAWCMJFGCACFNSTKCAS0SDXRCA8WUX7UCA9LQ8JFCA3SBUFVCAN9A5T8CA9WHA83 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CEEU1CM2\CA83Z2SFCAJ7CMU2CANS2HSPCAX5NEZGCA8D4OYCCAU1NJ10CAPF9FZNCA6KS49CCA60JA2HCATT6NIWCAJGSIUMCALUM7TUCA9N9MYSCA3X6SBVCAB87Y3ACA7GAX7WCAMELIOHCAMNB2T1CAP8H5KZCA06QHSYCAHA9NVQCA7PAWLW not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CEEU1CM2\CAG20AKGCAVQR649CA21EPGLCA0K0UDFCAYL992BCAWEMKVUCAGR5Q9ECA4Y6XISCAPXGXCZCA6I7FQVCA41ZQRNCAIU8A4HCAAV7VQ3CAC5JRJ9CAARP2G8CAAKK7Q3CALDW874CA9O3I5WCAM01MN7CAB1I2ZTCA1DYENRCA3TEF7H not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CEEU1CM2\CAQ9MGB9CAVKS3J6CA91KBQ6CA280DZ1CA546X3SCAQF6LBBCAC8W4QHCA0JFVTECA950OV2CAGAC59JCA263OCTCAZNQJ1XCAT1HBDGCAJ3EDAWCAXLEG37CAGFAGH3CAWHJD8GCAODB4Q1CATN4R7ECAWLKE2HCAK2Y448CAMDPQGF not found!
C:\WINDOWS\temp\Perflib_Perfdata_634.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat not found!

Registry entries deleted on Reboot...
----------------------------------------------------------------

Honestly, I'm surprised those Temp and Cache folders have as much data in them to clear as they did. I always try to clean those out on a periodic basis- guess I haven't been doing as thorough a job as I figured...

Edited by Joel S., 18 June 2011 - 03:06 PM.


#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:02 PM

Posted 18 June 2011 - 10:35 PM

Hi,

We need to remove AVG so we can run Combofix freely, try to uninstall it in "Add Remove Programs" in the Control Panel. If you experience difficulties on its removal, you can try using the AVG remover that can be found HERE, run Combofix as instructed below after AVG was remove.


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 Joel S.

Joel S.
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 19 June 2011 - 02:09 AM

Hi Sempai,

I'll run the ComboFix instructions in the morning, since I'm heading to bed here in a few minutes. A few questions though first:

1) Should I completely remove AVG or just disable it temporarily? I only ask because the "see here" link below talks about just disabling real-time protection in these programs.

2) Will I also need to disable Windows Firewall, as well? I don't see that mentioned in the instructions.

3) If 2 is true, should I unplug the ethernet cable before ComboFix starts running? Obviously I'll need a connection to get the Recovery Console if necessary, but no protection software doesn't sound good for staying linked to the internet beyond that.

4) Is it OK to re-install and re-enable these programs once ComboFix is done- before I log back in to post the report?

I feel comfortable working with computers and all, but since everything I'm reading says ComboFix is such a powerful tool, I'd like to be extra careful before using it. Thanks if you could reply.

#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:02 PM

Posted 19 June 2011 - 02:34 AM

Hi Joel,

The Combofix instruction that I posted for you is created for general users meaning it's the same instruction that I am using for others with different computer set-up. That's "See here" link is intended for others who don't use AVG where uninstalling their AV programs is not necessary.

In your case we do want to uninstall AVG because Combofix will not run properly if it's still on board. You can re install it back after the Combofix run but we may need to run Combofix twice or more (defending on the situation) so you will also need to uninstall it again. Internet connection is needed when running Combofix to download the Recovery Console, no need to disable the Windows firewall.

Edited by sempai, 19 June 2011 - 02:36 AM.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 Joel S.

Joel S.
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 19 June 2011 - 03:13 PM

Alright Sempai, I ran the instructions you gave. Although I had uninstalled AVG, ComboFix failed the first time because it still detected AVG components (I've attached a shot of the message.) I deleted the AVG folder from Program Files and ran ComboFix again- no problems that time. The Recovery Console was also installed in the process. Here's the report it generated:

ComboFix 11-06-17.04 - Owner 06/19/2011 14:48:27.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1494 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\Start Menu\Programs\Windows Repair
c:\documents and settings\Owner\Templates\4c6fc4y216yk6gq5l2707x55p5b
c:\documents and settings\Owner\Templates\80n70x50l01od3etil60gw51se8kpkiyh3h30b436qut
c:\documents and settings\Owner\WINDOWS
c:\windows\Downloaded Program Files\Temp
c:\windows\Fonts\COMIC.TTF
c:\windows\system32\llmiwdno.ini
c:\windows\system32\LUENnnnn.ini
c:\windows\system32\LUENnnnn.ini2
c:\windows\system32\mlonmnnn.ini
c:\windows\system32\mlonmnnn.ini2
c:\windows\system32\mTBLnUvw.ini
c:\windows\system32\mTBLnUvw.ini2
c:\windows\system32\nskimscf.ini
c:\windows\system32\tdntvnpt.ini
c:\windows\system32\tmp.reg
c:\windows\system32\UBLmnnpo.ini
c:\windows\system32\UBLmnnpo.ini2
c:\windows\system32\ycfefpec.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-05-19 to 2011-06-19 )))))))))))))))))))))))))))))))
.
.
2011-06-18 19:03 . 2011-06-18 19:03 -------- d-----w- C:\_OTL
2011-06-18 19:00 . 2011-06-18 19:03 -------- d-----w- C:\0039e55fb568793d6e
2011-06-16 22:48 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-11 21:01 . 2011-06-11 21:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-11 21:01 . 2011-06-11 21:01 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-06-11 20:43 . 2011-06-11 20:43 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-11 20:43 . 2011-06-11 20:43 -------- d-----w- c:\program files\Trend Micro
2011-06-11 03:03 . 2011-06-11 03:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-06-11 03:02 . 2011-06-11 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-16 06:33 . 2011-05-16 06:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-04 09:52 . 2010-05-03 13:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25 . 2007-05-19 20:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2005-11-06 03:11 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2003-06-20 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2005-06-18 05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2003-06-20 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2003-06-20 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2003-06-20 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-05-01 02:42 . 2011-05-01 02:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-11 2424192]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 24576]
"CTDVDDET"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"WD Button Manager"="WDBtnMgr.exe" [2007-11-11 364544]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-15 344064]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-25 1325848]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-25 136472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2007-1-8 2000112]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-18 13:37 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fcdd578a
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/13/2008 12:43 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/13/2008 12:43 PM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [6/20/2003 7:00 AM 14336]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [12/27/2008 12:19 AM 598856]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [7/31/2009 6:02 PM 36224]
S2 gupdate1c9ec5b699f5ac0;Google Update Service (gupdate1c9ec5b699f5ac0);c:\program files\Google\Update\GoogleUpdate.exe [6/13/2009 2:16 PM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 EMSUSB2;EMSUSB2;c:\windows\system32\drivers\EMSUSB2.SYS [5/17/2010 10:17 AM 5520]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/13/2009 2:16 PM 133104]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [7/22/2009 9:15 AM 39048]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [7/18/2009 9:54 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [7/18/2009 9:54 PM 8320]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/13/2008 12:44 PM 12872]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 XPAD;XBox Controllers USB HID Mini Driver;c:\windows\system32\drivers\Xpad.sys [8/10/2009 5:20 PM 12800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 19:16]
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 19:16]
.
2011-06-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
2011-05-29 c:\windows\Tasks\videopadDowngrade.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-10-19 08:35]
.
2011-05-30 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-10-19 08:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v8wl9nvo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
AddRemove-{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA} - c:\documents and settings\Owner\Local Settings\Application Data\{74446DCE-D640-4DC3-B6F1-6B29FF4EF945}\setup_blazemp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-19 14:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\system32\WDBtnMgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-06-19 15:01:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-19 20:01
.
Pre-Run: 699,221,237,760 bytes free
Post-Run: 699,049,156,608 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - F9A663AFCEBC57FFF881E4785044F8DC

Attached Files



#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:02 PM

Posted 20 June 2011 - 07:01 AM

Hi Joel,

That's the exact reason why we must remove AVG first.


We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

FileLook::
C:\WINDOWS\System32\killapps.exe

DirLook::
C:\0039e55fb568793d6e

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"=dword:00000000

4. Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 Joel S.

Joel S.
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 20 June 2011 - 03:48 PM

Hey again Sempai,

You weren't kidding about AVG interfering with everything. :thumbup2:

I ran the script; here's the report:

ComboFix 11-06-19.0r1 - Owner 06/20/2011 15:21:27.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1596 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-05-20 to 2011-06-20 )))))))))))))))))))))))))))))))
.
.
2011-06-18 19:03 . 2011-06-18 19:03 -------- d-----w- C:\_OTL
2011-06-18 19:00 . 2011-06-18 19:03 -------- d-----w- C:\0039e55fb568793d6e
2011-06-16 22:48 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-11 21:01 . 2011-06-11 21:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-11 21:01 . 2011-06-11 21:01 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-06-11 20:43 . 2011-06-11 20:43 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-11 20:43 . 2011-06-11 20:43 -------- d-----w- c:\program files\Trend Micro
2011-06-11 03:03 . 2011-06-11 03:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-06-11 03:02 . 2011-06-11 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-16 06:33 . 2011-05-16 06:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-04 09:52 . 2010-05-03 13:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25 . 2007-05-19 20:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2005-11-06 03:11 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2003-06-20 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2005-06-18 05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2003-06-20 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2003-06-20 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2003-06-20 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-05-01 02:42 . 2011-05-01 02:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\System32\killapps.exe ---
Company:
File Description: killapps
File Version: 1, 0, 0, 1
Product Name: killapps
Copyright: Copyright © 2003-2004
Original Filename: killapps.exe
File size: 10240
Created time: 2005-11-06 03:26
Modified time: 2007-04-09 18:19
MD5: 52FC237AFF9EAA3BBD5A97A76B51B14B
SHA1: 989677A79D98E1F4ABC2F9D59E512082105110D0
.
---- Directory of C:\0039e55fb568793d6e ----
.
2011-01-19 04:36 . 2011-01-19 04:36 13152 ----a-w- c:\0039e55fb568793d6e\3082\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 12640 ----a-w- c:\0039e55fb568793d6e\1055\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 11104 ----a-w- c:\0039e55fb568793d6e\2052\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 12640 ----a-w- c:\0039e55fb568793d6e\2070\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 12640 ----a-w- c:\0039e55fb568793d6e\1049\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 12640 ----a-w- c:\0039e55fb568793d6e\1053\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 12640 ----a-w- c:\0039e55fb568793d6e\1044\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 13152 ----a-w- c:\0039e55fb568793d6e\1045\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 12640 ----a-w- c:\0039e55fb568793d6e\1046\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 11616 ----a-w- c:\0039e55fb568793d6e\1041\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 11616 ----a-w- c:\0039e55fb568793d6e\1042\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 12640 ----a-w- c:\0039e55fb568793d6e\1043\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 12640 ----a-w- c:\0039e55fb568793d6e\1038\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 12640 ----a-w- c:\0039e55fb568793d6e\1040\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 13152 ----a-w- c:\0039e55fb568793d6e\1036\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 12128 ----a-w- c:\0039e55fb568793d6e\1037\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 12640 ----a-w- c:\0039e55fb568793d6e\1033\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 12640 ----a-w- c:\0039e55fb568793d6e\1035\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 13152 ----a-w- c:\0039e55fb568793d6e\1031\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 13152 ----a-w- c:\0039e55fb568793d6e\1032\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 12640 ----a-w- c:\0039e55fb568793d6e\1029\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 12640 ----a-w- c:\0039e55fb568793d6e\1030\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 11104 ----a-w- c:\0039e55fb568793d6e\1028\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 11104 ----a-w- c:\0039e55fb568793d6e\3076\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 321888 ----a-w- c:\0039e55fb568793d6e\HotFixInstaller.exe
2011-01-19 04:36 . 2011-01-19 04:36 12128 ----a-w- c:\0039e55fb568793d6e\1025\HotFixInstallerUI.dll
2011-01-19 04:36 . 2011-01-19 04:36 2687488 ----a-w- c:\0039e55fb568793d6e\NDP20SP2-KB2478658.msp
2011-01-19 04:27 . 2011-01-19 04:27 15616 ----a-w- c:\0039e55fb568793d6e\DHtmlHeader.html
2011-01-19 04:27 . 2011-01-19 04:27 7306 ----a-w- c:\0039e55fb568793d6e\header.bmp
2011-01-19 04:27 . 2011-01-19 04:27 3580 ----a-w- c:\0039e55fb568793d6e\ParameterInfo.xml
2011-01-19 04:27 . 2011-01-19 04:27 110348 ----a-w- c:\0039e55fb568793d6e\watermark.bmp
2011-01-19 04:27 . 2011-01-19 04:27 76237 ----a-w- c:\0039e55fb568793d6e\1025\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 37119 ----a-w- c:\0039e55fb568793d6e\1028\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 74519 ----a-w- c:\0039e55fb568793d6e\1029\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 76465 ----a-w- c:\0039e55fb568793d6e\1030\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 116656 ----a-w- c:\0039e55fb568793d6e\1031\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 78951 ----a-w- c:\0039e55fb568793d6e\1032\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 100363 ----a-w- c:\0039e55fb568793d6e\1033\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 75533 ----a-w- c:\0039e55fb568793d6e\1035\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 127060 ----a-w- c:\0039e55fb568793d6e\1036\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 59647 ----a-w- c:\0039e55fb568793d6e\1037\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 67624 ----a-w- c:\0039e55fb568793d6e\1038\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 115589 ----a-w- c:\0039e55fb568793d6e\1040\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 104768 ----a-w- c:\0039e55fb568793d6e\1041\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 147711 ----a-w- c:\0039e55fb568793d6e\1042\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 76257 ----a-w- c:\0039e55fb568793d6e\1043\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 73305 ----a-w- c:\0039e55fb568793d6e\1044\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 73386 ----a-w- c:\0039e55fb568793d6e\1045\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 97721 ----a-w- c:\0039e55fb568793d6e\1046\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 141033 ----a-w- c:\0039e55fb568793d6e\1049\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 76556 ----a-w- c:\0039e55fb568793d6e\1053\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 77193 ----a-w- c:\0039e55fb568793d6e\1055\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 102032 ----a-w- c:\0039e55fb568793d6e\2052\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 76519 ----a-w- c:\0039e55fb568793d6e\2070\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 37119 ----a-w- c:\0039e55fb568793d6e\3076\eula.rtf
2011-01-19 04:27 . 2011-01-19 04:27 94271 ----a-w- c:\0039e55fb568793d6e\3082\eula.rtf
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-11 2424192]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 24576]
"CTDVDDET"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"WD Button Manager"="WDBtnMgr.exe" [2007-11-11 364544]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-15 344064]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-25 1325848]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-25 136472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2007-1-8 2000112]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-18 13:37 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1253:TCP"= 1253:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/13/2008 12:43 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/13/2008 12:43 PM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [6/20/2003 7:00 AM 14336]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [12/27/2008 12:19 AM 598856]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [7/31/2009 6:02 PM 36224]
S2 gupdate1c9ec5b699f5ac0;Google Update Service (gupdate1c9ec5b699f5ac0);c:\program files\Google\Update\GoogleUpdate.exe [6/13/2009 2:16 PM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 EMSUSB2;EMSUSB2;c:\windows\system32\drivers\EMSUSB2.SYS [5/17/2010 10:17 AM 5520]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/13/2009 2:16 PM 133104]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [7/22/2009 9:15 AM 39048]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [7/18/2009 9:54 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [7/18/2009 9:54 PM 8320]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/13/2008 12:44 PM 12872]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 XPAD;XBox Controllers USB HID Mini Driver;c:\windows\system32\drivers\Xpad.sys [8/10/2009 5:20 PM 12800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 19:16]
.
2011-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 19:16]
.
2011-06-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
2011-05-29 c:\windows\Tasks\videopadDowngrade.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-10-19 08:35]
.
2011-05-30 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-10-19 08:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v8wl9nvo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-20 15:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3132)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-20 15:31:25
ComboFix-quarantined-files.txt 2011-06-20 20:31
ComboFix2.txt 2011-06-19 20:01
.
Pre-Run: 699,043,729,408 bytes free
Post-Run: 699,016,404,992 bytes free
.
- - End Of File - - E32BC3ACC79FF48E848A76A6F2CD741F

-----------------------------------------------------------

P.S.- If you're wondering about that killapps.exe file being a problem (as I was when I looked at your ComboFix script), I browsed around for more information about it. I guess there were a lot of questions raised about this around 2005, and everything I read suggests killapps.exe is used by Creative when adding\removing hardware and drivers. They'd categorized it as "Riskware", so it could be used harmfully; the spot it's in on my PC looks legitimate, though. Here's a concise example: Tech Support Forum

Hope that helps.

Edited by Joel S., 20 June 2011 - 07:38 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users