Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Repair. Is it gone?


  • This topic is locked This topic is locked
22 replies to this topic

#1 thefigtree

thefigtree

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 01 July 2011 - 01:22 PM

2 weeks ago my computer was infected with Windows XP Repair. I've used a bunch of cleanups but I still think that some of it remains.

I posted this question at http://www.bleepingcomputer.com/forums/topic406327.html I was told to start a new topic and run dds and gmer. I also included an older rkill log.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/27/2011 at 17:14:40.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe


Rkill completed on 06/27/2011 at 17:16:16.





.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_24
Run by Jordan at 12:19:11 on 2011-07-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.358 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\PC Tools Security\TFEngine\TFService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [<NO NAME>]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
mRun: [EPSON Stylus CX4800 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 1)" /O6 "USB001" /M "Stylus CX4800"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe"
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [RunNarrator] Narrator.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.87.75.198 68.87.64.150
TCP: Interfaces\{C6C1B683-6CF4-4F5A-855E-690CEA6D1A10} : DhcpNameServer = 68.87.75.198 68.87.64.150
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jordan\application data\mozilla\firefox\profiles\99zl6t6g.default user\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dfc1008&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Firefox (default): {972ce4c6-7e08-4474-a285-3208198ce6fd} - %profile%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: AVG Security Toolbar em:version=7.005.030.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\pc tools security\bdt\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-6-17 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-6-17 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-6-17 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-6-26 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-6-26 69392]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-6-17 251560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-6-23 247760]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-30 366640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-6-17 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-6-17 1150936]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-30 22712]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-6-17 70536]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-6-26 33552]
R3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-6-17 1025352]
.
=============== Created Last 30 ================
.
2011-06-30 22:59:28 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-30 22:59:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 20:45:13 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-06-26 20:45:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-06-26 20:45:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-06-24 15:30:58 -------- d-----w- c:\documents and settings\jordan\application data\SUPERAntiSpyware.com
2011-06-24 15:30:58 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-24 15:30:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-24 11:36:24 -------- d-----w- c:\windows\PIF
2011-06-24 05:28:09 -------- d-----w- c:\documents and settings\jordan\local settings\application data\Threat Expert
2011-06-24 00:42:04 767952 ----a-w- c:\windows\BDTSupport.dll
2011-06-24 00:42:02 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-06-24 00:42:00 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-06-24 00:42:00 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-06-19 09:06:46 -------- d-----w- c:\documents and settings\jordan\local settings\application data\AVG Security Toolbar
2011-06-18 03:29:37 -------- d-----w- C:\$AVG
2011-06-18 02:48:22 -------- d-----w- c:\documents and settings\jordan\application data\AVG10
2011-06-18 02:40:49 -------- d-----w- c:\documents and settings\all users\application data\Common Files
2011-06-18 02:40:03 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar
2011-06-18 02:35:37 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-18 02:35:37 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-06-18 02:32:41 -------- d-----w- c:\program files\AVG
2011-06-18 02:25:29 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-06-18 00:35:34 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-06-18 00:35:34 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-06-18 00:35:33 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-06-18 00:35:19 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-06-18 00:35:19 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-06-18 00:34:59 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-06-18 00:34:38 -------- d-----w- c:\program files\common files\PC Tools
2011-06-18 00:34:37 -------- d-----w- c:\program files\PC Tools Security
2011-06-18 00:34:37 -------- d-----w- c:\documents and settings\jordan\application data\PC Tools
2011-06-17 22:08:18 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-06-14 21:11:22 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-11 01:17:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-06-27 21:09:47 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-24 22:03:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-24 22:03:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01:21 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH: 12:27:25.47 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 10 July 2011 - 07:06 AM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 thefigtree

thefigtree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 10 July 2011 - 11:29 AM

Nice to meet you etavares . Thanks for replying. Got all the logs you requested. Gmer took 3 hours to complete though and the log is HUGE. I was going to just attach it because it doesn't fit in a reply but it's also to big to be attached! I edited out the majority of it because I think what you want is the beginning and the end. I could easily be wrong though so let me know. I'm sorry if I did something wrong.


OTL logfile created on: 7/10/2011 8:36:03 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Jordan\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 59.35% Memory free
2.56 Gb Paging File | 1.43 Gb Available in Paging File | 55.85% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.26 Gb Total Space | 0.41 Gb Free Space | 1.08% Space Free | Partition Type: NTFS

Computer Name: BRENNA-6BK7J74T | User Name: Jordan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/10 08:34:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan\My Documents\Downloads\OTL.exe
PRC - [2011/06/24 03:06:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/04 04:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\FGuard.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2009/05/19 01:23:16 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/11/06 13:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/09/08 11:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/06 14:48:46 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
PRC - [2006/02/20 16:23:08 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe
PRC - [2006/02/07 02:10:34 | 000,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
PRC - [2005/02/02 05:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIADA.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/10 08:34:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan\My Documents\Downloads\OTL.exe
MOD - [2010/12/31 09:36:32 | 000,406,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\TFEngine\TFWAH.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/02/20 16:23:08 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/31 09:36:40 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/12/31 09:36:38 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/31 09:36:36 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2004/12/15 07:12:04 | 000,218,368 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/01/20 23:48:07 | 000,669,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214440339-362288127-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1214440339-362288127-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1214440339-362288127-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKU\S-1-5-21-1214440339-362288127-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1214440339-362288127-682003330-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-1214440339-362288127-682003330-1004\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1214440339-362288127-682003330-1004\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - HKU\S-1-5-21-1214440339-362288127-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4dfc1008&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1864: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1924: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.857: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/06/17 22:40:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/06/23 20:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/26 08:40:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/09 04:56:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 03:07:35 | 000,000,000 | ---D | M]

[2010/12/04 12:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan\Application Data\Mozilla\Extensions
[2011/07/09 19:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\extensions
[2005/09/27 20:29:49 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/07/09 19:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/01 19:14:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/12/24 23:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions
[2010/12/24 23:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/06/26 08:40:51 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/06/17 22:40:02 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/05/24 18:04:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/23 20:42:08 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKU\S-1-5-21-1214440339-362288127-682003330-1004\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-1214440339-362288127-682003330-1004\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1214440339-362288127-682003330-1004\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1214440339-362288127-682003330-1004\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [LXCRCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL ()
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKU\S-1-5-21-1214440339-362288127-682003330-1004..\Run: [] File not found
O4 - HKU\S-1-5-21-1214440339-362288127-682003330-1004..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-362288127-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1214440339-362288127-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jordan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/20 15:08:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3188133a-6225-11db-ba6a-000d561aae4b}\Shell - "" = AutoRun
O33 - MountPoints2\{3188133a-6225-11db-ba6a-000d561aae4b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3188133a-6225-11db-ba6a-000d561aae4b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk - C:\Program Files\Scrapbook Designer\scrapremind.exe - (Broderbund Properties LLC)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe - (Microsoft® Corporation)
MsConfig - StartUpReg: Aim6 - hkey= - key= - C:\Program Files\AIM6\aim6.exe (AOL LLC)
MsConfig - StartUpReg: ATI Launchpad - hkey= - key= - C:\Program Files\ATI Multimedia\main\launchpd.exe (ATI Technologies Inc.)
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: AVG7_CC - hkey= - key= - File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: Microsoft Works Portfolio - hkey= - key= - C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
MsConfig - StartUpReg: Microsoft Works Update Detection - hkey= - key= - C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RealPlayer - hkey= - key= - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - File not found
MsConfig - StartUpReg: WorksFUD - hkey= - key= - C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/30 18:59:28 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/30 18:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/30 18:59:21 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/26 16:45:13 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/06/26 16:45:13 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/06/26 16:45:13 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/06/24 11:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan\Application Data\SUPERAntiSpyware.com
[2011/06/24 11:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/24 11:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/24 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/24 07:36:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF
[2011/06/24 01:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan\Local Settings\Application Data\Threat Expert
[2011/06/23 20:42:02 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/06/23 20:42:00 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/06/23 20:42:00 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/06/19 05:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan\Local Settings\Application Data\AVG Security Toolbar
[2011/06/17 23:29:37 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/06/17 22:48:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan\Application Data\AVG10
[2011/06/17 22:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/17 22:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/06/17 22:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/06/17 22:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/17 22:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/06/17 22:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/06/17 22:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/17 20:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/06/17 20:35:34 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/06/17 20:35:34 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/06/17 20:35:33 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/06/17 20:35:19 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/06/17 20:35:19 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/06/17 20:34:59 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/06/17 20:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/06/17 20:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/06/17 20:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan\Application Data\PC Tools
[2011/06/17 18:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/17 18:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/06/17 02:22:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jordan\Recent
[2010/11/14 10:07:05 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrinpa.dll
[2010/11/14 10:07:05 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcriesc.dll
[2010/11/14 10:06:33 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrserv.dll
[2010/11/14 10:06:33 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrusb1.dll
[2010/11/14 10:06:33 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrprox.dll
[2010/11/14 10:06:33 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrpplc.dll
[2010/11/14 10:06:32 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomc.dll
[2010/11/14 10:06:32 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrlmpm.dll
[2010/11/14 10:06:32 | 000,495,616 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcoms.exe
[2010/11/14 10:06:32 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomm.dll
[2010/11/14 10:06:32 | 000,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrih.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/08 17:22:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/04 16:42:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/01 12:18:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jordan\defogger_reenable
[2011/06/29 03:04:47 | 000,715,130 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/27 15:39:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/27 15:15:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/26 08:13:29 | 119,890,339 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/26 02:30:59 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/25 22:15:56 | 119,872,366 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/06/17 02:17:17 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16310052
[2011/06/17 02:17:17 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16310052r
[2011/06/16 20:05:40 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16310052
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/01 12:18:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jordan\defogger_reenable
[2011/06/27 21:19:52 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/27 21:19:52 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/27 21:19:52 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ac.lnk
[2011/06/27 21:19:52 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/06/27 21:19:52 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lexmark Imaging Studio - 2400 Series.LNK
[2011/06/27 21:19:52 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2011/06/27 21:19:48 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/06/27 21:19:48 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/27 21:19:48 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/27 21:19:48 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/27 21:19:48 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/27 21:19:48 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/27 21:19:47 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM 6.lnk
[2011/06/27 21:19:47 | 000,001,076 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Fotomat.lnk
[2011/06/27 21:19:33 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2011/06/27 21:19:33 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/27 21:19:33 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/27 21:19:33 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works.lnk
[2011/06/27 21:19:33 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/27 21:19:33 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/06/27 21:19:33 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\RealPlayer.lnk
[2011/06/26 08:13:29 | 119,890,339 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/25 22:15:56 | 119,872,366 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/06/24 10:42:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/23 20:42:04 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/06/23 20:42:02 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/06/23 20:42:02 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/06/23 20:42:02 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/06/23 20:42:01 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/06/17 20:35:36 | 000,715,130 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/16 19:28:47 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16310052
[2011/06/16 19:28:47 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16310052r
[2011/06/16 19:28:40 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16310052
[2010/11/14 10:07:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcrvs.dll
[2010/11/14 10:07:03 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcrcoin.dll
[2010/11/14 10:06:49 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcrdrs.dll
[2010/11/14 10:06:49 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcrcaps.dll
[2010/11/14 10:06:48 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcrcnv4.dll
[2010/11/14 10:06:33 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\LXCRinst.dll
[2009/06/23 16:43:45 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/02/19 22:36:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2006/09/20 16:26:40 | 000,000,014 | ---- | C] () -- C:\WINDOWS\ASSE.dat
[2006/06/30 22:44:32 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/25 01:46:10 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/07 18:29:09 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/01/14 19:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/01/13 17:05:37 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2006/01/13 17:05:37 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabunin.exe
[2005/09/27 19:54:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/09/27 19:53:10 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2005/08/12 19:50:00 | 000,000,039 | ---- | C] () -- C:\WINDOWS\dbinside.ini
[2005/06/30 15:12:51 | 000,115,200 | ---- | C] () -- C:\Documents and Settings\Jordan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/28 18:20:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/20 15:47:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/20 15:41:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/06/20 15:41:50 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/06/20 15:41:37 | 000,004,249 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/06/20 15:32:07 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/06/20 15:15:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/06/20 15:06:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/06/20 10:38:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/20 10:37:36 | 001,257,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/20 23:39:05 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/01/20 23:37:33 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,383,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,053,608 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/28 14:31:52 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/06/10 01:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/06/17 22:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/06/26 08:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/17 20:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2007/02/19 22:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/06/17 22:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/25 01:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fKcDd06300
[2011/06/17 22:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/02/19 23:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2011/07/10 08:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/10 01:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/09/10 21:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/08/23 05:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AVG7
[2009/06/10 01:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan\Application Data\acccore
[2005/06/20 15:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan\Application Data\Aim
[2011/06/17 22:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan\Application Data\AVG10
[2011/06/17 20:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan\Application Data\AVG7
[2006/02/25 01:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan\Application Data\Viewpoint
[2007/03/09 22:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan\Application Data\Wal-Mart Digital Photo Manager
[2007/03/09 22:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan\Application Data\Wal-Mart Digital Photo Viewer
[2011/06/17 20:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/06/20 10:36:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/06/20 10:36:45 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/06/20 10:36:45 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2005/06/20 15:08:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/02/21 17:21:35 | 012,284,879 | ---- | M] () -- C:\AVG7QT.DAT
[2008/10/27 21:59:56 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2005/06/20 15:08:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/06/14 20:32:42 | 000,754,422 | ---- | M] () -- C:\France 003.jpg
[2006/06/14 20:32:45 | 000,715,051 | ---- | M] () -- C:\France 005.jpg
[2006/06/14 20:32:55 | 000,650,757 | ---- | M] () -- C:\France 012.jpg
[2006/06/14 20:32:58 | 000,451,104 | ---- | M] () -- C:\France 015.jpg
[2006/06/14 20:33:02 | 000,848,511 | ---- | M] () -- C:\France 018.jpg
[2006/06/14 20:33:12 | 001,076,673 | ---- | M] () -- C:\France 023.jpg
[2006/06/14 20:33:20 | 000,676,474 | ---- | M] () -- C:\France 028.jpg
[2006/06/14 20:33:33 | 000,651,823 | ---- | M] () -- C:\France 035.jpg
[2006/06/14 20:33:41 | 000,647,026 | ---- | M] () -- C:\France 042.jpg
[2006/06/14 20:34:03 | 000,596,090 | ---- | M] () -- C:\France 057.jpg
[2006/06/14 20:34:05 | 001,005,883 | ---- | M] () -- C:\France 058.jpg
[2006/06/14 20:34:08 | 000,682,901 | ---- | M] () -- C:\France 060.jpg
[2006/06/14 20:34:10 | 001,088,064 | ---- | M] () -- C:\France 061.jpg
[2006/06/14 20:34:20 | 001,109,336 | ---- | M] () -- C:\France 066.jpg
[2006/06/14 20:34:25 | 000,581,395 | ---- | M] () -- C:\France 070.jpg
[2006/06/14 20:34:27 | 000,901,712 | ---- | M] () -- C:\France 071.jpg
[2006/06/14 20:34:28 | 000,870,533 | ---- | M] () -- C:\France 072.jpg
[2006/06/14 20:34:30 | 001,113,420 | ---- | M] () -- C:\France 073.jpg
[2006/06/14 20:34:32 | 000,645,702 | ---- | M] () -- C:\France 074.jpg
[2006/06/14 20:34:38 | 001,044,304 | ---- | M] () -- C:\France 077.jpg
[2006/06/14 20:34:41 | 000,850,120 | ---- | M] () -- C:\France 079.jpg
[2006/06/14 20:34:52 | 001,377,961 | ---- | M] () -- C:\France 084.jpg
[2006/06/14 20:35:03 | 001,126,581 | ---- | M] () -- C:\France 089.jpg
[2006/06/14 20:35:05 | 001,107,690 | ---- | M] () -- C:\France 090.jpg
[2006/06/14 20:35:07 | 001,376,439 | ---- | M] () -- C:\France 091.jpg
[2006/06/14 20:35:09 | 000,696,879 | ---- | M] () -- C:\France 092.jpg
[2006/06/14 20:35:12 | 000,839,227 | ---- | M] () -- C:\France 094.jpg
[2006/06/14 20:35:22 | 001,110,575 | ---- | M] () -- C:\France 099.jpg
[2006/06/14 20:35:24 | 001,175,787 | ---- | M] () -- C:\France 100.jpg
[2006/06/14 20:35:28 | 000,963,738 | ---- | M] () -- C:\France 102.jpg
[2006/06/14 20:35:30 | 001,006,577 | ---- | M] () -- C:\France 103.jpg
[2006/06/14 20:35:33 | 000,921,968 | ---- | M] () -- C:\France 105.jpg
[2006/06/14 20:35:36 | 001,266,666 | ---- | M] () -- C:\France 106.jpg
[2006/06/14 20:35:38 | 001,230,890 | ---- | M] () -- C:\France 107.jpg
[2006/06/14 20:35:40 | 001,049,181 | ---- | M] () -- C:\France 108.jpg
[2006/06/14 20:35:42 | 001,160,717 | ---- | M] () -- C:\France 109.jpg
[2006/06/14 20:35:44 | 001,185,506 | ---- | M] () -- C:\France 110.jpg
[2006/06/14 20:35:46 | 001,144,571 | ---- | M] () -- C:\France 111.jpg
[2006/06/14 20:35:48 | 000,938,908 | ---- | M] () -- C:\France 112.jpg
[2006/06/14 20:35:50 | 001,102,885 | ---- | M] () -- C:\France 113.jpg
[2006/06/14 20:36:11 | 001,024,878 | ---- | M] () -- C:\France 123.jpg
[2006/06/14 20:36:14 | 000,892,358 | ---- | M] () -- C:\France 125.jpg
[2006/06/14 20:36:17 | 000,830,781 | ---- | M] () -- C:\France 127.jpg
[2006/06/14 20:36:19 | 000,803,596 | ---- | M] () -- C:\France 128.jpg
[2006/06/14 20:36:20 | 000,784,932 | ---- | M] () -- C:\France 129.jpg
[2006/06/14 20:36:22 | 000,965,453 | ---- | M] () -- C:\France 130.jpg
[2006/06/14 20:36:23 | 000,724,833 | ---- | M] () -- C:\France 131.jpg
[2006/06/14 20:36:25 | 000,611,040 | ---- | M] () -- C:\France 132.jpg
[2006/06/14 20:36:26 | 000,740,917 | ---- | M] () -- C:\France 133.jpg
[2006/06/14 20:36:38 | 000,548,172 | ---- | M] () -- C:\France 141.jpg
[2006/06/14 20:36:40 | 001,028,714 | ---- | M] () -- C:\France 142.jpg
[2006/06/14 20:36:41 | 000,890,251 | ---- | M] () -- C:\France 143.jpg
[2006/06/14 20:36:43 | 000,999,995 | ---- | M] () -- C:\France 144.jpg
[2006/06/14 20:36:50 | 000,907,219 | ---- | M] () -- C:\France 148.jpg
[2006/06/14 20:36:54 | 000,829,522 | ---- | M] () -- C:\France 150.jpg
[2006/06/14 20:36:56 | 001,113,904 | ---- | M] () -- C:\France 151.jpg
[2006/06/14 20:36:58 | 001,143,051 | ---- | M] () -- C:\France 152.jpg
[2006/06/14 20:37:04 | 001,107,167 | ---- | M] () -- C:\France 155.jpg
[2006/06/14 20:37:12 | 001,191,853 | ---- | M] () -- C:\France 159.jpg
[2006/06/14 20:37:35 | 000,840,248 | ---- | M] () -- C:\France 172.jpg
[2006/06/14 20:37:37 | 001,513,570 | ---- | M] () -- C:\France 173.jpg
[2006/06/14 20:37:42 | 001,396,464 | ---- | M] () -- C:\France 175.jpg
[2006/06/14 20:37:56 | 000,851,082 | ---- | M] () -- C:\France 184.jpg
[2006/06/14 20:38:21 | 001,081,949 | ---- | M] () -- C:\France 199.jpg
[2006/06/14 20:38:33 | 000,856,917 | ---- | M] () -- C:\France 207.jpg
[2006/06/14 20:38:37 | 001,552,872 | ---- | M] () -- C:\France 209.jpg
[2006/06/14 20:38:51 | 000,708,417 | ---- | M] () -- C:\France 216.jpg
[2006/06/14 20:39:03 | 001,134,711 | ---- | M] () -- C:\France 223.jpg
[2006/06/14 20:39:17 | 001,249,474 | ---- | M] () -- C:\France 230.jpg
[2006/06/14 20:39:19 | 000,994,590 | ---- | M] () -- C:\France 231.jpg
[2006/06/14 20:39:28 | 000,823,144 | ---- | M] () -- C:\France 236.jpg
[2006/06/14 20:39:31 | 000,917,557 | ---- | M] () -- C:\France 238.jpg
[2006/06/14 20:39:39 | 000,881,929 | ---- | M] () -- C:\France 242.jpg
[2006/06/14 20:39:45 | 000,941,823 | ---- | M] () -- C:\France 246.jpg
[2006/06/14 20:39:47 | 000,945,820 | ---- | M] () -- C:\France 247.jpg
[2006/06/14 20:40:00 | 000,912,604 | ---- | M] () -- C:\France 254.jpg
[2006/06/14 20:40:11 | 001,015,554 | ---- | M] () -- C:\France 260.jpg
[2006/06/14 20:40:26 | 000,797,507 | ---- | M] () -- C:\France 267.jpg
[2006/06/14 20:40:35 | 001,028,577 | ---- | M] () -- C:\France 271.jpg
[2006/06/14 20:40:40 | 000,899,408 | ---- | M] () -- C:\France 274.jpg
[2006/06/14 20:40:42 | 000,942,110 | ---- | M] () -- C:\France 275.jpg
[2006/06/14 20:40:44 | 001,104,216 | ---- | M] () -- C:\France 276.jpg
[2006/06/14 20:40:49 | 001,099,887 | ---- | M] () -- C:\France 279.jpg
[2006/06/14 20:40:52 | 001,188,965 | ---- | M] () -- C:\France 280.jpg
[2006/06/14 20:40:55 | 000,756,333 | ---- | M] () -- C:\France 282.jpg
[2006/06/14 20:40:57 | 000,955,979 | ---- | M] () -- C:\France 283.jpg
[2006/06/14 20:40:58 | 000,975,255 | ---- | M] () -- C:\France 284.jpg
[2006/06/14 20:41:00 | 000,658,529 | ---- | M] () -- C:\France 285.jpg
[2006/06/14 20:41:01 | 000,814,828 | ---- | M] () -- C:\France 286.jpg
[2006/06/14 20:41:03 | 000,893,181 | ---- | M] () -- C:\France 287.jpg
[2006/06/14 20:41:09 | 000,537,217 | ---- | M] () -- C:\France 291.jpg
[2006/06/14 20:41:22 | 000,619,628 | ---- | M] () -- C:\France 300.jpg
[2006/06/14 20:41:23 | 000,861,471 | ---- | M] () -- C:\France 301.jpg
[2006/06/14 20:41:38 | 000,749,483 | ---- | M] () -- C:\France 311.jpg
[2006/06/14 20:41:43 | 001,036,781 | ---- | M] () -- C:\France 315.jpg
[2006/06/14 20:41:59 | 001,408,472 | ---- | M] () -- C:\France 325.jpg
[2006/06/14 20:42:04 | 000,727,648 | ---- | M] () -- C:\France 328.jpg
[2006/06/14 20:42:26 | 000,625,276 | ---- | M] () -- C:\France 339.jpg
[2006/06/14 20:42:32 | 000,937,748 | ---- | M] () -- C:\France 343.jpg
[2006/06/14 20:43:07 | 000,524,370 | ---- | M] () -- C:\France 363.jpg
[2006/06/14 20:43:17 | 001,169,377 | ---- | M] () -- C:\France 369.jpg
[2006/06/14 20:43:29 | 001,232,565 | ---- | M] () -- C:\France 375.jpg
[2006/06/14 20:43:35 | 001,043,208 | ---- | M] () -- C:\France 378.jpg
[2006/06/14 20:43:46 | 000,910,291 | ---- | M] () -- C:\France 383.jpg
[2006/06/14 20:45:29 | 000,856,608 | ---- | M] () -- C:\France 402.jpg
[2006/06/14 20:45:35 | 000,837,054 | ---- | M] () -- C:\France 405.jpg
[2006/06/14 20:45:56 | 000,758,655 | ---- | M] () -- C:\France 417.jpg
[2006/06/14 20:45:59 | 000,883,067 | ---- | M] () -- C:\France 419.jpg
[2006/06/14 20:46:00 | 000,748,249 | ---- | M] () -- C:\France 420.jpg
[2006/06/14 20:46:05 | 000,756,015 | ---- | M] () -- C:\France 423.jpg
[2006/06/14 20:46:06 | 000,524,616 | ---- | M] () -- C:\France 424.jpg
[2006/06/14 20:46:09 | 000,697,380 | ---- | M] () -- C:\France 426.jpg
[2006/06/14 20:46:18 | 000,760,808 | ---- | M] () -- C:\France 433.jpg
[2006/06/14 20:46:22 | 000,761,462 | ---- | M] () -- C:\France 436.jpg
[2006/06/14 20:46:24 | 000,858,424 | ---- | M] () -- C:\France 437.jpg
[2006/06/14 20:46:34 | 001,072,298 | ---- | M] () -- C:\France 442.jpg
[2006/06/14 20:46:36 | 000,938,172 | ---- | M] () -- C:\France 443.jpg
[2006/06/14 20:46:38 | 000,806,337 | ---- | M] () -- C:\France 444.jpg
[2006/06/14 20:46:39 | 000,723,532 | ---- | M] () -- C:\France 445.jpg
[2006/06/14 20:46:53 | 000,836,974 | ---- | M] () -- C:\France 453.jpg
[2006/06/14 20:46:54 | 000,630,581 | ---- | M] () -- C:\France 454.jpg
[2006/06/14 20:46:58 | 000,728,809 | ---- | M] () -- C:\France 456.jpg
[2006/06/14 20:47:00 | 000,916,204 | ---- | M] () -- C:\France 457.jpg
[2006/06/14 20:47:01 | 000,751,054 | ---- | M] () -- C:\France 458.jpg
[2006/06/14 20:47:04 | 000,720,217 | ---- | M] () -- C:\France 460.jpg
[2006/06/14 20:47:17 | 000,651,873 | ---- | M] () -- C:\France 468.jpg
[2006/06/14 20:47:22 | 000,904,934 | ---- | M] () -- C:\France 471.jpg
[2006/06/14 20:47:28 | 001,067,564 | ---- | M] () -- C:\France 474.jpg
[2006/06/14 20:47:31 | 000,717,453 | ---- | M] () -- C:\France 476.jpg
[2006/06/14 20:47:33 | 000,700,219 | ---- | M] () -- C:\France 477.jpg
[2006/06/14 20:47:34 | 000,668,536 | ---- | M] () -- C:\France 478.jpg
[2006/06/14 20:47:37 | 000,828,422 | ---- | M] () -- C:\France 480.jpg
[2006/06/14 20:48:00 | 001,049,455 | ---- | M] () -- C:\France 493.jpg
[2006/06/14 20:48:02 | 001,000,245 | ---- | M] () -- C:\France 494.jpg
[2006/06/14 20:48:04 | 000,756,808 | ---- | M] () -- C:\France 495.jpg
[2006/06/14 20:48:05 | 000,739,253 | ---- | M] () -- C:\France 496.jpg
[2006/06/14 20:48:11 | 000,918,244 | ---- | M] () -- C:\France 499.jpg
[2006/06/14 20:48:17 | 000,820,594 | ---- | M] () -- C:\France 502.jpg
[2006/06/14 20:48:23 | 001,019,653 | ---- | M] () -- C:\France 506.jpg
[2006/06/14 20:48:38 | 001,712,300 | ---- | M] () -- C:\France 512.jpg
[2006/06/14 20:48:43 | 000,881,061 | ---- | M] () -- C:\France 515.jpg
[2006/06/14 20:48:48 | 000,661,936 | ---- | M] () -- C:\France 518.jpg
[2006/06/14 20:48:52 | 001,099,868 | ---- | M] () -- C:\France 520.jpg
[2006/06/14 20:48:57 | 000,721,029 | ---- | M] () -- C:\France 523.jpg
[2006/06/14 20:49:02 | 000,611,313 | ---- | M] () -- C:\France 526.jpg
[2006/06/14 20:49:03 | 000,766,565 | ---- | M] () -- C:\France 527.jpg
[2006/06/14 20:49:06 | 000,656,690 | ---- | M] () -- C:\France 529.jpg
[2006/06/14 20:49:08 | 000,886,545 | ---- | M] () -- C:\France 530.jpg
[2006/06/14 20:49:18 | 001,310,507 | ---- | M] () -- C:\France 536.jpg
[2006/06/14 20:49:30 | 001,112,675 | ---- | M] () -- C:\France 542.jpg
[2006/06/14 20:49:35 | 000,808,738 | ---- | M] () -- C:\France 545.jpg
[2006/06/14 20:49:44 | 000,847,158 | ---- | M] () -- C:\France 550.jpg
[2006/06/14 20:49:46 | 000,949,953 | ---- | M] () -- C:\France 551.jpg
[2006/06/14 20:49:48 | 000,957,028 | ---- | M] () -- C:\France 552.jpg
[2006/06/14 20:49:50 | 000,918,950 | ---- | M] () -- C:\France 553.jpg
[2006/06/14 20:49:52 | 001,035,107 | ---- | M] () -- C:\France 554.jpg
[2006/06/14 20:50:01 | 001,425,208 | ---- | M] () -- C:\France 559.jpg
[2006/06/14 20:50:20 | 001,001,003 | ---- | M] () -- C:\France 566.jpg
[2006/06/14 20:50:23 | 001,734,858 | ---- | M] () -- C:\France 567.jpg
[2006/06/14 20:50:46 | 001,055,805 | ---- | M] () -- C:\France 581.jpg
[2006/06/14 20:50:48 | 001,126,770 | ---- | M] () -- C:\France 582.jpg
[2006/06/14 20:50:50 | 000,754,883 | ---- | M] () -- C:\France 583.jpg
[2006/06/14 20:50:52 | 001,050,223 | ---- | M] () -- C:\France 584.jpg
[2006/06/14 20:50:54 | 001,084,925 | ---- | M] () -- C:\France 585.jpg
[2006/06/14 20:50:58 | 001,155,836 | ---- | M] () -- C:\France 587.jpg
[2006/06/14 20:51:00 | 001,006,527 | ---- | M] () -- C:\France 588.jpg
[2006/06/14 20:51:02 | 001,142,208 | ---- | M] () -- C:\France 589.jpg
[2006/06/14 20:51:04 | 001,088,015 | ---- | M] () -- C:\France 590.jpg
[2006/06/14 20:51:07 | 001,156,592 | ---- | M] () -- C:\France 591.jpg
[2006/06/14 20:51:09 | 001,125,049 | ---- | M] () -- C:\France 592.jpg
[2006/06/14 20:51:11 | 001,178,576 | ---- | M] () -- C:\France 593.jpg
[2006/06/14 20:51:13 | 001,167,836 | ---- | M] () -- C:\France 594.jpg
[2006/06/14 20:51:15 | 001,146,569 | ---- | M] () -- C:\France 595.jpg
[2006/06/14 20:51:29 | 001,161,333 | ---- | M] () -- C:\France 601.jpg
[2006/06/14 20:51:31 | 001,163,976 | ---- | M] () -- C:\France 602.jpg
[2006/06/14 20:51:33 | 001,026,673 | ---- | M] () -- C:\France 603.jpg
[2006/06/14 20:51:35 | 001,013,014 | ---- | M] () -- C:\France 604.jpg
[2006/06/14 20:51:37 | 001,007,023 | ---- | M] () -- C:\France 605.jpg
[2006/06/14 20:51:39 | 001,061,474 | ---- | M] () -- C:\France 606.jpg
[2006/06/14 20:51:44 | 001,154,892 | ---- | M] () -- C:\France 608.jpg
[2006/06/14 20:51:46 | 001,143,136 | ---- | M] () -- C:\France 609.jpg
[2006/06/14 20:51:50 | 001,119,272 | ---- | M] () -- C:\France 611.jpg
[2006/06/14 20:51:52 | 001,126,189 | ---- | M] () -- C:\France 612.jpg
[2006/06/14 20:51:55 | 001,132,136 | ---- | M] () -- C:\France 613.jpg
[2006/06/14 20:51:57 | 001,063,427 | ---- | M] () -- C:\France 614.jpg
[2006/06/14 20:52:01 | 001,122,841 | ---- | M] () -- C:\France 616.jpg
[2006/06/14 20:52:03 | 001,143,929 | ---- | M] () -- C:\France 617.jpg
[2006/06/14 20:52:06 | 001,173,422 | ---- | M] () -- C:\France 618.jpg
[2006/06/14 20:52:08 | 001,042,524 | ---- | M] () -- C:\France 619.jpg
[2006/06/14 20:52:22 | 001,037,536 | ---- | M] () -- C:\France 626.jpg
[2006/06/14 20:52:39 | 000,709,554 | ---- | M] () -- C:\France 635.jpg
[2006/06/14 20:52:56 | 000,719,265 | ---- | M] () -- C:\France 646.jpg
[2006/06/14 20:52:59 | 000,812,374 | ---- | M] () -- C:\France 648.jpg
[2006/06/14 20:53:02 | 000,821,628 | ---- | M] () -- C:\France 650.jpg
[2006/06/14 20:53:28 | 001,149,050 | ---- | M] () -- C:\France 664.jpg
[2006/06/14 20:53:32 | 000,733,243 | ---- | M] () -- C:\France 666.jpg
[2006/06/14 20:53:36 | 000,931,014 | ---- | M] () -- C:\France 668.jpg
[2006/06/14 20:54:00 | 000,472,301 | ---- | M] () -- C:\France 684.jpg
[2006/06/14 20:54:26 | 001,105,488 | ---- | M] () -- C:\France 701.jpg
[2006/06/14 20:54:31 | 000,662,447 | ---- | M] () -- C:\France 704.jpg
[2006/06/14 20:55:10 | 001,261,697 | ---- | M] () -- C:\France 726.jpg
[2006/06/14 20:56:01 | 000,867,726 | ---- | M] () -- C:\France 760.jpg
[2006/06/14 20:56:03 | 000,883,403 | ---- | M] () -- C:\France 761.jpg
[2006/06/14 20:56:06 | 000,687,937 | ---- | M] () -- C:\France 763.jpg
[2006/06/14 20:56:24 | 000,971,297 | ---- | M] () -- C:\France 776.jpg
[2006/06/14 20:56:35 | 000,797,201 | ---- | M] () -- C:\France 782.jpg
[2006/06/14 20:56:42 | 000,783,928 | ---- | M] () -- C:\France 787.jpg
[2006/06/14 20:56:53 | 000,772,901 | ---- | M] () -- C:\France 794.jpg
[2006/06/14 20:56:59 | 000,767,477 | ---- | M] () -- C:\France 798.jpg
[2006/06/14 20:57:02 | 000,692,894 | ---- | M] () -- C:\France 800.jpg
[2006/06/14 20:57:06 | 000,630,703 | ---- | M] () -- C:\France 803.jpg
[2006/06/14 20:57:21 | 000,639,213 | ---- | M] () -- C:\France 812.jpg
[2006/06/14 20:57:22 | 000,682,162 | ---- | M] () -- C:\France 813.jpg
[2006/06/14 20:57:24 | 000,531,841 | ---- | M] () -- C:\France 815.jpg
[2006/06/14 20:57:26 | 000,895,607 | ---- | M] () -- C:\France 816.jpg
[2006/06/14 20:57:29 | 000,953,281 | ---- | M] () -- C:\France 818.jpg
[2006/06/14 20:57:33 | 000,791,094 | ---- | M] () -- C:\France 820.jpg
[2006/06/14 20:57:39 | 000,772,334 | ---- | M] () -- C:\France 824.jpg
[2006/06/14 20:57:59 | 000,733,789 | ---- | M] () -- C:\France 839.jpg
[2006/06/14 20:58:02 | 000,879,349 | ---- | M] () -- C:\France 841.jpg
[2006/06/14 20:58:10 | 000,850,200 | ---- | M] () -- C:\France 846.jpg
[2006/06/14 20:58:13 | 001,005,837 | ---- | M] () -- C:\France 848.jpg
[2006/06/14 20:58:23 | 000,927,792 | ---- | M] () -- C:\France 856.jpg
[2006/06/14 20:58:27 | 000,769,965 | ---- | M] () -- C:\France 858.jpg
[2006/06/14 20:58:28 | 000,560,294 | ---- | M] () -- C:\France 859.jpg
[2006/06/14 20:58:34 | 000,822,818 | ---- | M] () -- C:\France 862.jpg
[2006/06/14 20:58:36 | 000,864,099 | ---- | M] () -- C:\France 863.jpg
[2006/06/14 20:58:41 | 000,766,572 | ---- | M] () -- C:\France 866.jpg
[2006/06/14 20:58:42 | 000,758,340 | ---- | M] () -- C:\France 867.jpg
[2006/06/14 20:58:44 | 001,079,294 | ---- | M] () -- C:\France 868.jpg
[2006/06/14 20:58:48 | 000,577,899 | ---- | M] () -- C:\France 871.jpg
[2006/06/14 20:58:53 | 000,812,549 | ---- | M] () -- C:\France 874.jpg
[2006/06/14 20:58:54 | 000,750,247 | ---- | M] () -- C:\France 875.jpg
[2006/06/14 20:59:04 | 000,922,865 | ---- | M] () -- C:\France 881.jpg
[2006/06/14 20:59:06 | 000,944,542 | ---- | M] () -- C:\France 882.jpg
[2006/06/14 20:59:08 | 000,885,987 | ---- | M] () -- C:\France 883.jpg
[2006/06/14 20:59:10 | 000,926,005 | ---- | M] () -- C:\France 884.jpg
[2006/06/14 20:59:12 | 000,937,261 | ---- | M] () -- C:\France 885.jpg
[2006/06/14 20:59:14 | 000,759,367 | ---- | M] () -- C:\France 886.jpg
[2006/06/14 20:59:15 | 000,752,816 | ---- | M] () -- C:\France 887.jpg
[2006/06/14 20:59:17 | 000,901,861 | ---- | M] () -- C:\France 888.jpg
[2006/06/14 20:59:19 | 000,701,570 | ---- | M] () -- C:\France 889.jpg
[2006/06/14 20:59:20 | 000,720,520 | ---- | M] () -- C:\France 890.jpg
[2006/06/14 20:59:22 | 000,619,585 | ---- | M] () -- C:\France 891.jpg
[2006/06/14 20:59:23 | 000,761,594 | ---- | M] () -- C:\France 892.jpg
[2006/06/14 20:59:40 | 001,056,408 | ---- | M] () -- C:\France 900.jpg
[2006/06/14 20:59:41 | 000,606,517 | ---- | M] () -- C:\France 901.jpg
[2006/06/14 20:59:46 | 000,642,950 | ---- | M] () -- C:\France 904.jpg
[2006/06/14 20:59:53 | 001,775,899 | ---- | M] () -- C:\France 907.jpg
[2006/06/14 21:00:01 | 001,304,939 | ---- | M] () -- C:\France 911.jpg
[2006/06/14 21:00:07 | 000,962,554 | ---- | M] () -- C:\France 914.jpg
[2006/06/14 21:00:11 | 001,110,484 | ---- | M] () -- C:\France 916.jpg
[2006/06/14 21:00:19 | 001,172,533 | ---- | M] () -- C:\France 920.jpg
[2006/06/14 21:00:28 | 001,133,102 | ---- | M] () -- C:\France 925.jpg
[2006/06/14 21:00:37 | 000,968,411 | ---- | M] () -- C:\France 930.jpg
[2006/06/14 21:00:43 | 000,983,612 | ---- | M] () -- C:\France 933.jpg
[2006/06/14 21:00:58 | 001,331,110 | ---- | M] () -- C:\France 940.jpg
[2006/06/14 21:01:02 | 000,983,644 | ---- | M] () -- C:\France 942.jpg
[2006/06/14 21:01:14 | 000,822,228 | ---- | M] () -- C:\France 948.jpg
[2006/06/14 21:01:18 | 001,058,128 | ---- | M] () -- C:\France 950.jpg
[2006/06/14 21:01:20 | 001,193,769 | ---- | M] () -- C:\France 951.jpg
[2006/06/14 21:01:27 | 001,173,221 | ---- | M] () -- C:\France 954.jpg
[2006/06/14 21:01:50 | 000,856,313 | ---- | M] () -- C:\France 964.jpg
[2001/09/05 21:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2005/06/20 15:08:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/10 01:26:07 | 000,002,634 | ---- | M] () -- C:\IPH.PH
[2005/10/08 22:06:10 | 000,035,094 | ---- | M] () -- C:\log.txt
[2011/07/04 16:49:36 | 000,003,450 | ---- | M] () -- C:\lxcr.log
[2011/06/27 10:57:53 | 000,000,214 | ---- | M] () -- C:\lxcrscan.log
[2005/06/20 15:08:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/09 01:23:50 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/27 22:44:56 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/08 20:10:12 | 1557,495,808 | -HS- | M] () -- C:\pagefile.sys
[2011/07/01 13:30:10 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2005/09/29 14:51:50 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2011/06/27 17:07:34 | 000,042,308 | ---- | M] () -- C:\TDSSKiller.2.5.6.0_27.06.2011_17.05.16_log.txt
[2011/06/27 17:30:34 | 000,040,662 | ---- | M] () -- C:\TDSSKiller.2.5.6.0_27.06.2011_17.19.53_log.txt
[2011/06/27 22:29:11 | 000,040,662 | ---- | M] () -- C:\TDSSKiller.2.5.6.0_27.06.2011_22.28.29_log.txt
[2011/06/28 01:06:17 | 000,002,152 | ---- | M] () -- C:\TDSSKiller.2.5.6.0_28.06.2011_01.06.09_log.txt
[2011/06/28 18:28:54 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.6.0_28.06.2011_18.28.17_log.txt
[2011/07/01 14:10:17 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.7.0_01.07.2011_14.10.09_log.txt
[2011/06/28 18:31:16 | 000,004,510 | ---- | M] () -- C:\TDSSKiller.2.5.7.0_28.06.2011_18.30.51_log.txt
[2011/07/01 14:12:59 | 000,040,900 | ---- | M] () -- C:\TDSSKiller.2.5.8.0_01.07.2011_14.11.18_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/01/12 11:20:04 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\lxcrpp5c.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >


OTL Extras logfile created on: 7/10/2011 8:36:03 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Jordan\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 59.35% Memory free
2.56 Gb Paging File | 1.43 Gb Available in Paging File | 55.85% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.26 Gb Total Space | 0.41 Gb Free Space | 1.08% Space Free | Partition Type: NTFS

Computer Name: BRENNA-6BK7J74T | User Name: Jordan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader: 6881

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{41FE2866-7D7D-4EDF-9C7A-F1F6A346BA83}" = Wal-Mart Digital Photo Manager
"{45D228AA-4284-467A-9DB6-942B92BFF656}" = DVDDec
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E370E0D-004C-4DC8-9986-A43F8C79404E}" = Creating Keepsakes Scrapbook Designer
"{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}" = NetZero For Riverdeep
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91D2C605-AD2B-44C8-A0A1-9B116B3C91CB}" = AVG 2011
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite
"{B7DC0CAF-0D27-4ACE-8E34-8594C8D7C1DB}" = MMC86
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D2DFC174-494B-435D-BB9D-D82520D03C28}" = My Sam's Club Digital Photo Center
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires" = Microsoft Age of Empires
"AIM_6" = AIM 6
"AOL Toolbar" = AOL Toolbar 2.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"Battle.net" = Battle.net
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BlitzMail" = BlitzMail
"Browser Defender_is1" = Browser Defender 3.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo" = Diablo
"Digby's Donuts_is1" = Digby's Donuts v3.0
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FoneSync" = FoneSync
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{45D228AA-4284-467A-9DB6-942B92BFF656}" = ATI DVD Decoder 2.2.0.0
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{B7DC0CAF-0D27-4ACE-8E34-8594C8D7C1DB}" = ATI Multimedia Center 8.6.0.0
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"Lexmark 2400 Series" = Lexmark 2400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Spyware Doctor" = Spyware Doctor 8.0
"Super Collapse! II" = Super Collapse! II (remove only)
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"World of Warcraft" = World of Warcraft
"WT014593" = Digby's Donuts

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214440339-362288127-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/6/2007 8:13:06 PM | Computer Name = BRENNA-6BK7J74T | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.3861.0, faulting module
locateui.ocm, version 5.9.3861.0, fault address 0x00015627.

Error - 12/18/2007 12:54:44 AM | Computer Name = BRENNA-6BK7J74T | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16574, faulting
module unknown, version 0.0.0.0, fault address 0x13404230.

[ System Events ]
Error - 7/1/2011 12:32:02 PM | Computer Name = BRENNA-6BK7J74T | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 7/1/2011 12:32:04 PM | Computer Name = BRENNA-6BK7J74T | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 7/1/2011 12:32:16 PM | Computer Name = BRENNA-6BK7J74T | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 7/1/2011 12:32:18 PM | Computer Name = BRENNA-6BK7J74T | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 7/1/2011 6:44:56 PM | Computer Name = BRENNA-6BK7J74T | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error 3221684417
(0xC00700C1).

Error - 7/2/2011 5:18:47 PM | Computer Name = BRENNA-6BK7J74T | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error 3221684417
(0xC00700C1).

Error - 7/4/2011 4:43:58 PM | Computer Name = BRENNA-6BK7J74T | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error 3221684417
(0xC00700C1).

Error - 7/4/2011 4:49:32 PM | Computer Name = BRENNA-6BK7J74T | Source = Service Control Manager | ID = 7022
Description = The PC Tools Security Service service hung on starting.

Error - 7/4/2011 4:55:10 PM | Computer Name = BRENNA-6BK7J74T | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 7/8/2011 9:22:53 PM | Computer Name = BRENNA-6BK7J74T | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >



GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-10 12:11:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_2F040L0 rev.VAM51JJ0
Running: gmer.exe; Driver: C:\DOCUME~1\Jordan\LOCALS~1\Temp\kfpdraoc.sys


---- System - GMER 1.0.15 ----

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF7433C30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF745EF68]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF745F230]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF7433E90]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF7433F50]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF7433AD0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF7820738]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF748196E]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF7434150]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF78207DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF7820878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF7820914]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[144] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[144] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [55, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[144] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[144] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[144] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[144] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[144] kernel32.dll!VirtualProtectEx




THIS .TEXT STUFF CONTINUES FOREVVVVER



.text C:\Program Files\Mozilla Firefox\firefox.exe[6000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[6000] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 007F0001
.text C:\Program Files\Mozilla Firefox\firefox.exe[6000] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A20F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[6000] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[6000] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[6000] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A4, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[6000] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719F0F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

---- EOF - GMER 1.0.15 ----

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 10 July 2011 - 02:11 PM

Hello, thefigtree.








Viewpoint (foistware) Warning"

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.








Step 1


You definitely have some leftover changes on your computer. I also see you ran TDSS Killer a week or two ago. Did it find anything to cure?

Are your programs in your start menu still hidden?

Do you have any other symptoms?



Step 2

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 thefigtree

thefigtree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 11 July 2011 - 01:11 AM

Thanks for the warning on Viewpoint. I deleted all of the components.

I used unhide probably about a week ago and it fixed my start menu except for a program (or whatever you call it) called startup. It still says its empty. I don't know if this startup was here before or not, so I don't know if it's a problem.

My main problem is that the computer is running slow, especially the internet.

Here's the end of a tdss killer log I found. Says there was 1 problem. Also, I just re-ran tdss killer and it didn't find anything.

2011/06/27 17:05:59.0203 3212 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/27 17:05:59.0375 3212 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/27 17:05:59.0375 3212 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/06/27 17:05:59.0390 3212 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/27 17:05:59.0546 3212 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/27 17:05:59.0734 3212 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/27 17:06:00.0078 3212 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/27 17:06:00.0203 3212 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/27 17:06:00.0375 3212 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/27 17:06:00.0718 3212 Boot (0x1200) (ad491d8c15d27d6dfe329889b6df0534) \Device\Harddisk0\DR0\Partition0
2011/06/27 17:06:00.0734 3212 ================================================================================
2011/06/27 17:06:00.0734 3212 Scan finished
2011/06/27 17:06:00.0734 3212 ================================================================================
2011/06/27 17:06:00.0828 1220 Detected object count: 1
2011/06/27 17:06:00.0828 1220 Actual detected object count: 1
2011/06/27 17:07:04.0234 1220 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/27 17:07:04.0234 1220 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/06/27 17:07:06.0375 1220 Backup copy found, using it..
2011/06/27 17:07:06.0828 1220 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/06/27 17:07:06.0828 1220 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/06/27 17:07:34.0953 2260 Deinitialize success




aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-10 15:36:05
-----------------------------
15:36:05.656 OS Version: Windows 5.1.2600 Service Pack 3
15:36:05.656 Number of processors: 1 586 0x209
15:36:05.656 ComputerName: BRENNA-6BK7J74T UserName: Jordan
15:36:07.421 Initialize success
15:38:25.109 AVAST engine defs: 11071000
15:40:32.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:40:32.578 Disk 0 Vendor: Maxtor_2F040L0 VAM51JJ0 Size: 39205MB BusType: 3
15:40:32.640 Disk 0 MBR read successfully
15:40:32.640 Disk 0 MBR scan
15:40:32.640 Disk 0 Windows XP default MBR code
15:40:32.687 Disk 0 scanning sectors +80292870
15:40:32.765 Disk 0 scanning C:\WINDOWS\system32\drivers
15:43:08.234 Service scanning
15:43:12.781 Disk 0 trace - called modules:
15:43:12.843 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll pciide.sys
15:43:12.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a178ab8]
15:43:12.843 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8a181920]
15:43:12.843 5 PCTCore.sys[f7462099] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a1d6b00]
15:43:15.218 AVAST engine scan C:\WINDOWS
17:55:43.515 AVAST engine scan C:\Documents and Settings\Jordan
18:41:52.781 AVAST engine scan C:\Documents and Settings\All Users
18:47:15.281 Scan finished successfully
02:08:28.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jordan\Desktop\MBR.dat"
02:08:28.515 The log file has been saved successfully to "C:\Documents and Settings\Jordan\Desktop\aswMBR.txt"

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 11 July 2011 - 09:34 PM

Hello, thefigtree.

OK, you had a rootkit based on the TDSS log, so I need to give you a warning about backdoor viruses:

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.




Step 1

ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first. We can reinstall it when we're done with CF. Please let me know if you do uninstall it.

Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 thefigtree

thefigtree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 12 July 2011 - 07:55 AM

I tried to uninstall AVG but it wouldn't let me! I posted a log that came up:

[AVG.MFA.APP] INFO 2011-07-12 12:04:33,656 BRENNA-6BK7J74T PID:1012 THID:5184 ID:0bafcdf6-d958-495a-9178-d86d23a7bd27:78.1387.230504113.0 MSG:*
[AVG.MFA.MSI] INFO 2011-07-12 12:04:34,031 BRENNA-6BK7J74T PID:1012 THID:5184 ID:f269371b-fb99-431c-9bca-2666798e5680:503.1387.230504113.0 MSG:*
[AVG.MFA.MSI] INFO 2011-07-12 12:07:01,687 BRENNA-6BK7J74T PID:1012 THID:4176 ID:21278d9e-a864-44af-9d03-df0650288767:315.1387.230504113.0 MSG:aCyImk5Zn/SXgg6Xo70Bxw4S6N5GK5JN7RWN1o5pjXzH09yOPBfALUjvveKK25Pjt0Fp9OrF56GLpb852TVA8rKUqbaXidv0w3pelr6wXLNDs8wi1pv2gX21NBcPtYVVN4eowhAf+AQImz2OmqeW+uMZtPlbnP7klqSCSYjdcNeDjKnLgoFCuAunFoq2yEmGZxLoRo7CBg3AKZSzwijYKfcvsNYgP9llGCONvrqr56v3meCBvvGm4P6gjkjlhFHnFp3kh9PMD80CusqOmuhk20P7zELywm8EuDTkq+t5wAXTT5jCMCP8cUlr1ab/wrffziFohZfUs/iKyJ4B2eEgp4KogYLSrWqlM74uu6KwTNYLTtEM=
[AVG.MFA.MSI] INFO 2011-07-12 12:07:01,703 BRENNA-6BK7J74T PID:1012 THID:4176 ID:21278d9e-a864-44af-9d03-df0650288767:339.1387.230504113.0 MSG:*
[AVG.MFA.MSI] INFO 2011-07-12 12:07:01,703 BRENNA-6BK7J74T PID:1012 THID:4176 ID:21278d9e-a864-44af-9d03-df0650288767:741.1387.230504113.0 MSG:aALNbkW96pd35xCVAohCCE2Xq1uIiQNf6lgqtxDG9bZYZJv7ZwvCwWXUhkvfbpmPoCkU9fN211GOI220AQ2tROpK+Ww==
[AVG.MFA.MSI] INFO 2011-07-12 12:07:02,593 BRENNA-6BK7J74T PID:1012 THID:4176 ID:21278d9e-a864-44af-9d03-df0650288767:341.1387.230504113.0 MSG:*
[AVG.MFA.MSI] INFO 2011-07-12 12:07:02,609 BRENNA-6BK7J74T PID:1012 THID:4176 ID:21278d9e-a864-44af-9d03-df0650288767:315.1387.230504113.0 MSG:aCrCXUf5H5jSs7MaEYs0CG71S9d53Tl6il3cCp6tIaVN2fumjdynrEPHvM3ifz02g3twS0WuDosVDR+eek+YfhOe43GeKVuYhkvjGwyGaXwjVG8r6W1dthr9ZcsfcSmMvRHzvuXEp6R2e6Ct90MgWsMT6S487k/yUHAr916muD9fk8dJ7imG0GOLsxsg/lEVB/RWG71pkT7WLdgmx1Ro+Fh8q7qRhLf8byKBnWJSbRaSXqRbNfOT9nxQBqp6T5w7I5OuQJY09shK2qs3BJ55ARfocw/sIckmk0SIUv7s4PxxWb6i5eyntVNH8N32ZwgTkz/BMwT3d8NECC6nMvqBd
[AVG.MFA.MSI] INFO 2011-07-12 12:07:02,624 BRENNA-6BK7J74T PID:1012 THID:4176 ID:21278d9e-a864-44af-9d03-df0650288767:339.1387.230504113.0 MSG:*
[AVG.MFA.MSI] INFO 2011-07-12 12:07:02,624 BRENNA-6BK7J74T PID:1012 THID:4176 ID:21278d9e-a864-44af-9d03-df0650288767:741.1387.230504113.0 MSG:aBwx2NG2tC4ga3UAfXwGC6/N/uJ6vKlVq+qTvuvZd/MksYtfFXMdCma0o/CtvMiY=
[AVG.MFA.MSI] INFO 2011-07-12 12:07:03,124 BRENNA-6BK7J74T PID:1012 THID:4176 ID:21278d9e-a864-44af-9d03-df0650288767:341.1387.230504113.0 MSG:*
[AVG.MFA.APP] WARN 2011-07-12 12:12:04,515 BRENNA-6BK7J74T PID:1012 THID:5184 ID:0bafcdf6-d958-495a-9178-d86d23a7bd27:84.1387.230504113.0 MSG:aBUSkb6+TCnMewCGCkE88dmZ/V9rKWtTV
[AVG.MFA.APP] INFO 2011-07-12 12:12:04,531 BRENNA-6BK7J74T PID:1012 THID:5184 ID:1494cdbc-c326-48aa-ac13-4fda7e5eea18:53.1387.230504113.0 MSG:aCYTZ21LLxj9uwX52ekNPfQ9JbilJWzVKnHdn4i478UhmYGdM+cfm2m59ld9N0GjIPTRXjCC/bKxX7Xydu6nUlZGwkOFo6ogLbMRxcWdNTVcrWGcvWGI5VoFFdOJ5MP1PEnFnJPbY49Rrbui/R9w8jWlwNNZ69jP4EdJErvWA9r2TipD8Y+GITQ==
[AVG.MFA.APP] INFO 2011-07-12 12:12:04,531 BRENNA-6BK7J74T PID:1012 THID:5184 ID:0bafcdf6-d958-495a-9178-d86d23a7bd27:157.1387.230504113.0 MSG:*
[AVG.MFA.APP] WARN 2011-07-12 12:12:04,640 BRENNA-6BK7J74T PID:1012 THID:5184 ID:0bafcdf6-d958-495a-9178-d86d23a7bd27:119.1387.230504113.0 MSG:aA8raDbvt6OqeJRq77TW/O8HsKd7KkvYw
[AVG.MFA.APP] INFO 2011-07-12 12:12:04,640 BRENNA-6BK7J74T PID:1012 THID:5184 ID:0bafcdf6-d958-495a-9178-d86d23a7bd27:122.1387.230504113.0 MSG:*
[AVG.MFA.APP] INFO 2011-07-12 12:12:04,640 BRENNA-6BK7J74T PID:1012 THID:5184 ID:1494cdbc-c326-48aa-ac13-4fda7e5eea18:58.1387.230504113.0 MSG:aBwx2NG2tC55O6H4eRAec5tsnm5S2O09Z1aHcg8csl9g7e+ThdOFjt5kE6H97bjFSQmT++mdpJPkZt6/3R0eXMjUfIkdRnkeuAON1CF5Gk+XyM5uUtypCFt+H2o/ZbJuKaVDC2lbWBw==
[AVG.MFA.Core.Statemachine] INFO 2011-07-12 12:12:04,656 BRENNA-6BK7J74T PID:1012 THID:5184 ID:7853AC64-5536-4768-ABEF-33720DA13AD5:122.1387.230504113.0 MSG:aCrCXUf5H5jSs+d3FP5dTXPodyNpaeUOiqmBD/ukPAAdAeq8=
[AVG.MFA.Core.Statemachine] INFO 2011-07-12 12:12:04,656 BRENNA-6BK7J74T PID:1012 THID:5184 ID:7853AC64-5536-4768-ABEF-33720DA13AD5:322.1387.230504113.0 MSG:aDMnXyfcWhh1ebQGtKhuuBdupp/l0hgrXsHdEOVN7
[AVG.MFA.Core.Statemachine] INFO 2011-07-12 12:12:04,671 BRENNA-6BK7J74T PID:1012 THID:5184 ID:7853AC64-5536-4768-ABEF-33720DA13AD5:279.1387.230504113.0 MSG:aCYTZ21LLxiNu22RkYk5CZSNeZQ9OXTNXoEFj6CxojhwkVRI=
[AVG.MFA.Core.Statemachine] INFO 2011-07-12 12:12:04,671 BRENNA-6BK7J74T PID:1012 THID:5184 ID:7853AC64-5536-4768-ABEF-33720DA13AD5:198.1387.230504113.0 MSG:aBtfKZVsoBinTICKdEtq1OWaV5Sn1Lxfh1aIy+EmmWDkbApE=
[AVG.MFA.Core.Statemachine] INFO 2011-07-12 12:12:04,687 BRENNA-6BK7J74T PID:1012 THID:5184 ID:7853AC64-5536-4768-ABEF-33720DA13AD5:202.1387.230504113.0 MSG:aDkxXujl+2p8VqvPur5krcQDAq6lNpqclQPb37TGmqPSDaao=
[AVG.MFA.DialogFactory] INFO 2011-07-12 12:12:04,687 BRENNA-6BK7J74T PID:1012 THID:5184 ID:2A434B3A-07AE-43e6-B815-743CED0FB7F9:39.1387.230504113.0 MSG:aDkxXrTpjspJB6f+/88V6NVmfpMs=
[AVG.MFA.APP] INFO 2011-07-12 12:12:04,718 BRENNA-6BK7J74T PID:1012 THID:5184 ID:f01f0dbd-3fea-4fcf-bc8e-1705f9d44d8a:54.1387.230504113.0 MSG:aCYTZzVTLszhD51RANBJbcnoBPHoKG28C3gQ01ApO5ygMY3RL2PzL5l5Zw4NUxzGXZEIA0X/9JMEVzVuu5oy+//DCrdxUo7wnRulRU0lyUX4uRGg+aUE1S4FQcusyfakBLkt2cdjhwO1eHw==
[AVG.MFA.APP] INFO 2011-07-12 12:13:11,562 BRENNA-6BK7J74T PID:1012 THID:5184 ID:f01f0dbd-3fea-4fcf-bc8e-1705f9d44d8a:81.1387.230504113.0 MSG:aCyImhZBniD7Nqo6N5EY5k5qqU+DjldIu
[AVG.MFA.Core] INFO 2011-07-12 12:13:11,578 BRENNA-6BK7J74T PID:1012 THID:5184 ID:bd165e6f-fbe0-4e53-93f4-5c2369f4486a:1260.1387.230504113.0 MSG:*
[AVG.MFA.Core.Statemachine] ERROR 2011-07-12 12:13:12,015 BRENNA-6BK7J74T PID:1012 THID:5184 ID:7853AC64-5536-4768-ABEF-33720DA13AD5:234.1387.230504113.0 MSG:aAuF9w98TkPdb1PYPkI3gh7NnAG46umwa
[AVG.MFA.APP] INFO 2011-07-12 12:13:12,015 BRENNA-6BK7J74T PID:1012 THID:5184 ID:0876df7e-4ce9-40da-b5dd-63f1ec9a8b12:358.1387.230504113.0 MSG:aBwx2NG2tC4pQ8XwEUweE4/Exup6xKkVC1IDR2/Qx56huUdHBWt4AvrQttzxfH1clLhWYjWZ+dKV/lIvJFGGENDMCPzdYi1n2Y7tMPUIJl/j/Mt6xqiNDReez/qHrSu2/LQ7q0k3UTZ68MaphZiZkHg4VvroaIWy8A7e+8ShSmTwYHzAJXbZV9hH9bC5fCJbj+RmXm6YfR0LTz+vc61vJl3tM194b9UmUuDKODlUZXSMkE//6CyNuuF2LlcNTdp00JhESEkuNVKVU0XEOWweX79cssYK3K0dC3paV1st3/51oW9XHXtdvlLkNuyxmMHIHOTG392MbUeBmybX2K1SpbRVZEz1o0mCCbcJcQGEytMnWcsq+iQJuSse32pTYeemdbFHEx1LdR6yyEaAqdR1gED068/orMkG4SI2rxAlq2ANgMRUIWopcrk71Y01RCJSqzTqKg6ohQUXns8SKl17InW5N6vJLw0yRviCmJmwwISYTIK+WGghJnV+QmvkNY4YrBgQ/BFiJWOVB930RTC+T4vQorpa3Jxt1ga7sidR+1p1ySsWTWt1E2I4kpjtqMGYRLhWipncbe7xMl6fkDXKJKTkMJQ5WkRGPQfVxMX0gsc7/K5+rsy5FXeebyZDeaNOSaxDXxVbPXLGzMqYubzJgFhs7oJ4+I23kDtTBlUo41nEmERgJSotQp0zkdC9FD5zu0CqTlaY9GweIypqay0LIuXhT391rwU+cqCKmcjMifSsBFbitb3dBt02QmskRZ4F9ahEtLkq7XrxO5mIMVAPNuuIjt4SOLk9Yz5fGh9lo3sUtQsr6SOZQn68gtipOMWUHT2Sythsve61zt7LgD3CKMhsOJQ5WkQz4f9JkAkA1lfjoNp2SsDNaetqB3KvkQv6KblHE8FTXRcXtOZF/M2kxVUplsrYbL3utc7ey4A9wijIZAj8TXIdF9nP1cQNUB4Lu3zyKnqwhWkr3k9uS+ljyvW5M2cF21lOLvCa3ckMfVyU/B4eVEjx6tkzVwpdMfpkMOx4lKmq2dLlS7mIgVRWD6/k6qoWiIVVa2obNgopY3opqV9XWG5QHuYsGmwtQH2YHHCDp7XcPXp53oKjkGmeLNHoOPhJVmxGlT/UwD1VGg/7xL46Sp2EGYN6AwYDOK8+QfUqWylTGAJC8N7dvcCtnBBs3p685OiipTI2NzBFngiUpTSUIGYxFpFChYxRDEpXnviybhbUmRVPI3NSa+2rIjE9Hxcde3nOMvDOmG2ozZF9DZ/7zb3866AvWh9kxa4YlNB40LFyGDP912Ck1HSij3MgT07j3DXxnlqPhq/RHlqlIevX7FodpspAJrjNPEEYhEzqbuTIIYbVbqZrVDWuLJ2dcLRt1kFasRfNADEQOzcmkA7qYoDpLU9WG28bWZd/YT1vCx1LdR4uBAL4jIwtyBwAnkosnPmSwXYWPzBJsxQQ7GTA7dLlwj0H1cTFcCZf54iOymLQqVGDegNuP2GXylm9K199X1kTF7T2uAmI3bxYXOq+kNCs160KYtsQUbJElNAw/BFyqX6JO8mQMXAq/5PImw8a/M2tQ2r/HgtI2jYRgc+X6fdpMnZMgvyo+H1clCmz45Do9YaVCqajsO2uJJSkpOBVcnEWkUvgtLgo6oPjxOIyWrm9gX9eX27r2XfykXWjxggvPXLWuKJ4gZBhoDhcEr74/c0vjYqCUxghvgC4uHnEGV5sRmEX1ZAReAYPW3zOS15Y8Q0TIrumWx2fSm31K39xVk2SZqSCOAkUfRQMGNZKmOCl7hVOXkohPMtRxalpgVRTOA/sQtCdDXAmX9uISrb6TPUlGlbPMgvtk2JlwA8rPduBpqK8uomFCEk0tJReBhwcLXJBqq6n2QDKZPBc+GDdLkEHlYddXO1UUs8vaGZGbpypUC8eO5bX+W8mXbBD35XzlRYqbLr4rZiw8Hg4ZnYMHPGepEKe37DhMsRUTIRQxfLMM+1z9XT55NoLl7nG9mK4/R1jCz/eay0bosUxM2cMV90mLvCO+KlExbQ4QNa2hajJ0lG2tq9cScssEEz4QJXW6Yohhzy0RTCujw84tkYftC29l+rDko+BC9b5LA4bPR/5zsY0zvT8tGk41PBOcixMLRZZ6ocaVAX6oExM9IwhJ0XSFYcNcKGcvvszJYs6LvwJ1f+uAx5aZTf6/IWHKz3bgaaivLqJhSh9XK08X9JYTIWusU4GV0Q4ihC4+TQICTYtYpUfyTCxcCtDf7TqMhJ8OVkbXm8uHw2LUljx618da722+nAWzO2ICcQMRP5KjOS1pr1fKmtMQfpkNCSQBFVaPH4JjyVo6DSXK1townYKuKkhCyNLJiNMr6J1oSt/dXMB8ubEt8hpwO3MRLhW+ujsna7hKjZTLXUaENDsxHCF4u1C/Qd1gDFMNrOP/KZeUqyVRGNqExZrLRuixTEzZwxX6Zq/gHq4zTg1IMgA7vuQeAFuNf6i36ThUoAxnXi0bdKx4m1LuYEN7I7Xa3Rm5yvMzWnvou/iU2HuVs1l75uB+4Xa9jwWTG0JjMB4OGZ2DBzxnqRCvvuAtVLN9ahEtKmq2YblP8T4hUQiXw9piz8fwfFpK9qHhtsVky9ZQV9X9Tt4dzIgY6xcuEFI0JBjjhWMMUogTtbLoPk7IEQ4pEi8Uy3iBbclsEX01udrsMI7ZjAlgevK87bb2X/PFXwTq40ncR4q8LPIJajJkES4VmI0LD16eD9SH2TBRrBAoAiFJdrN1h2nCXjh9W6/24hKtvpM9SUaVovqp81/iqFkDys924Gmory6iYVE7Yw0dIPOYMi9ktUe3jtUNcIAzKREtKmq2YblP8T4/VS+e+eo+kpv+M1p76Lv4lNh7lap5U9nFXo5chJASmx9xMXFMIBGdjwMdWOQOmIfoLku1MjUdfzRci3ysUsJ2CmAHhOKjAIKLjhxvZsmd2Mjkbs+1e0z70lXXQYyyM6sAbTJ4X0IosocEB1irUZTV9jhWtgUIPR4pdaYM+1z9XT55NoLl7nGto4Ibb3n1tfqp4luGp2BC++By41KXrW+GDVAbQDAxHJ6YGBhBnXu2xsQLZZYlOx8yD0WDfJhp0WICQEik+P8xjZGsPUtFho7Uq+RC64pzTpjmcvF5tZsA735/IkwxOwS8pSdgXZByoa3gMVa8EB9QYBtFsmKCcPN/HR4zg+/sYrSYsStHWJuwx4jRYtyUdVHKz3XWRZzrdZAmdxxoDBMmt/dnMnSWUoC68zpGgDQ/DiUCXcIBt1zRcQ5bB5fvzj6Kn/4MHGr/ncuT2m7VjG8e191fk3OdqTW7IWQtXSMeOO6fJCt6qmKli9URa4YhLgQ+CRm7UL9B3V0rcSKR/v8DjpagJFpK64DNkN5kzotdaPHlXsFTkbIv734zcDFMQ2f2+CsyWKtRgI7GCUuBfWsRLTdLkFW+Q/VABlcvlLffCbmLvx9UWd+Hy5LjcsudIXjE1l7PXKivLrY6YCpXBwAnp6U5cznpENTVlE461zwmPzQFVpBFmUXwZQRCA5S3ryOCpaYrT0XPyp6v2XjPtnlb0tZfjhCEoRO3OnA3bwU7Or2+NiJkvFqoksYYbJYlZ1wtG2qLVLtk7n4IHiujw9sxmZ6tKnVC3oKV18t36Ix5TvLcVdYOqrgluzx3CmQRBge6rydzOaVCt4/ADUaKLj9DAh5Ki1SmY+l1Dls1hO/uYs+LvxxSU8u2x4jSJe6WdVDFx1rfTLGzKKYcdztxX0Mosp4yI3i2TIWJ3C1jkShnLms7fZBSvk3kfhlDRpHk+n+tkrc7T1jcgfSn22ebrW9bxMBn8lCIsSixLnc3bgxSEK++NhJFn3+gmtEcfpkUNQI9BViNeLhp72MZUQqc7/piz4u/G0lC2p78j9puhsgsBIeBAYIUhKEUmwNmKGQOTzqhuDovZKVCsbLpGHSALA4UIQIEzk23Bw==
[AVG.MFA.APP] INFO 2011-07-12 12:13:12,031 BRENNA-6BK7J74T PID:1012 THID:5184 ID:0876df7e-4ce9-40da-b5dd-63f1ec9a8b12:370.1387.230504113.0 MSG:aDMnX2OwL8HJ2RSONG10=
[AVG.MFA.APP] INFO 2011-07-12 12:13:12,406 BRENNA-6BK7J74T PID:1012 THID:5184 ID:0876df7e-4ce9-40da-b5dd-63f1ec9a8b12:377.1387.230504113.0 MSG:*
[AVG.MFA.APP] ERROR 2011-07-12 12:13:12,406 BRENNA-6BK7J74T PID:1012 THID:5184 ID:0876df7e-4ce9-40da-b5dd-63f1ec9a8b12:396.1387.230504113.0 MSG:aBwx2ImutfpljzlQoClaI6a5vycf1exUR
[AVG.MFA.APP] INFO 2011-07-12 12:15:45,609 BRENNA-6BK7J74T PID:1528 THID:5132 ID:0bafcdf6-d958-495a-9178-d86d23a7bd27:78.1387.230504113.0 MSG:*
[AVG.MFA.MSI] INFO 2011-07-12 12:15:45,921 BRENNA-6BK7J74T PID:1528 THID:5132 ID:f269371b-fb99-431c-9bca-2666798e5680:503.1387.230504113.0 MSG:*
[AVG.MFA.APP] WARN 2011-07-12 12:21:30,656 BRENNA-6BK7J74T PID:1528 THID:5132 ID:0bafcdf6-d958-495a-9178-d86d23a7bd27:84.1387.230504113.0 MSG:aAuF9w98TkPdb1PYPkI3gh7NnAG46umwa
[AVG.MFA.APP] INFO 2011-07-12 12:21:30,656 BRENNA-6BK7J74T PID:1528 THID:5132 ID:1494cdbc-c326-48aa-ac13-4fda7e5eea18:53.1387.230504113.0 MSG:aCIZsD+TafIGDeROcwz8DcMTp8h/ItIBfMsZh9Fmzij06sEfnXDgLjPOXA5iG4gp/0lZVdohwR5QB6aI8lmpfBQWyJTXe+zK1gXwcm94xAVrg+PsZ2Y2MQy/0cvQOuIY6TqFHj1MnDoL2hH74jO5eOoYSNizSORjAR9aaD9hDfS0HiCUo1fAy8w==
[AVG.MFA.APP] INFO 2011-07-12 12:21:30,671 BRENNA-6BK7J74T PID:1528 THID:5132 ID:0bafcdf6-d958-495a-9178-d86d23a7bd27:157.1387.230504113.0 MSG:*
[AVG.MFA.APP] WARN 2011-07-12 12:21:31,015 BRENNA-6BK7J74T PID:1528 THID:5132 ID:0bafcdf6-d958-495a-9178-d86d23a7bd27:119.1387.230504113.0 MSG:aAQ5rhkV9deB/nzAqBID3yQ0NSID76Rpw
[AVG.MFA.APP] INFO 2011-07-12 12:21:31,015 BRENNA-6BK7J74T PID:1528 THID:5132 ID:0bafcdf6-d958-495a-9178-d86d23a7bd27:122.1387.230504113.0 MSG:*
[AVG.MFA.APP] INFO 2011-07-12 12:21:31,031 BRENNA-6BK7J74T PID:1528 THID:5132 ID:1494cdbc-c326-48aa-ac13-4fda7e5eea18:58.1387.230504113.0 MSG:aAQ5rkEN9AOdSuRocStHjwHhFHNO/r0Q4/LJ/5gwTuOyOLpQyioad0F445W758ldBX4YFHaB1lT/Dr9kJXJVkseodP+N/TkzXHLIRClCQ7MNRURzTvr5Jd/aUeeoSU7S+3AWyCaix+Q==
[AVG.MFA.Core.Statemachine] INFO 2011-07-12 12:21:31,031 BRENNA-6BK7J74T PID:1528 THID:5132 ID:7853AC64-5536-4768-ABEF-33720DA13AD5:122.1387.230504113.0 MSG:aBtfKZVsoBinTICKdEtq1OWaV5Sn1Lxfh1aIy+EmmWDkbApE=
[AVG.MFA.Core.Statemachine] INFO 2011-07-12 12:21:31,031 BRENNA-6BK7J74T PID:1528 THID:5132 ID:7853AC64-5536-4768-ABEF-33720DA13AD5:322.1387.230504113.0 MSG:aCyImk5Zn/TngjKS7qhctnO/iAbOg1YhmREIw8Np3
[AVG.MFA.Core.Statemachine] INFO 2011-07-12 12:21:31,031 BRENNA-6BK7J74T PID:1528 THID:5132 ID:7853AC64-5536-4768-ABEF-33720DA13AD5:279.1387.230504113.0 MSG:aCyImk5Zn/SXglr6pshoghMP1CpWn0457eHQ0+tgkNmXC82U=
[AVG.MFA.Core.Statemachine] INFO 2011-07-12 12:21:31,031 BRENNA-6BK7J74T PID:1528 THID:5132 ID:7853AC64-5536-4768-ABEF-33720DA13AD5:198.1387.230504113.0 MSG:aCrCXUf5H5jSs+d3FP5dTXPodyNpaeUOiqmBD/ukPAAdAeq8=
[AVG.MFA.Core.Statemachine] INFO 2011-07-12 12:21:31,031 BRENNA-6BK7J74T PID:1528 THID:5132 ID:7853AC64-5536-4768-ABEF-33720DA13AD5:202.1387.230504113.0 MSG:aBORTM8h5soXL+SylUyTQAqD00+kP3VqGgShy3M7uC9vpdUM=
[AVG.MFA.DialogFactory] INFO 2011-07-12 12:21:31,046 BRENNA-6BK7J74T PID:1528 THID:5132 ID:2A434B3A-07AE-43e6-B815-743CED0FB7F9:39.1387.230504113.0 MSG:aDMnX3vQL7gwKNBfubkryWa7ho70=
[AVG.MFA.APP] INFO 2011-07-12 12:21:31,109 BRENNA-6BK7J74T PID:1528 THID:5132 ID:f01f0dbd-3fea-4fcf-bc8e-1705f9d44d8a:54.1387.230504113.0 MSG:aBtfKc10oczL+HBK5RIasLj/KvFyxaUu0q+dlxG+AMQ0zNPdr/I3oDg1OdGpaBxduGAnmCNwGs/YUURmIVoPgiZSRvmJdQHwt+xIXqjnmpiJrj+gY0jMR/fSzI/tXs38kERz1UfyQ4wUNCA==
[AVG.MFA.APP] INFO 2011-07-12 12:23:49,890 BRENNA-6BK7J74T PID:1528 THID:4668 ID:f01f0dbd-3fea-4fcf-bc8e-1705f9d44d8a:329.1387.230504113.0 MSG:aDZralSWSgG102cnkIYTtIm+Zyc7pEbpmg86wkEC3eEYcHzkweejOcC/XKqxvJ0QagB/hkZXpXD/gnAejFBfA8FCUk5YQtNIRR5P53TCK/jlhmq3h8hi8YbD9n+pfzHJRX0ACI27ig1AnyzfxVh53IaAfx6bptkQmnL8ymygk3fh7iZyoFYneETXV2c4ti/8iZ7Hky/4kuGaEgYqXX91WeQkCPy84w4daI8gTnmUhThyKGYbm+LRGIsKDGalTANnwRYe+swOy30Jw+cTuKYT+LkmEwtLvELhmidj0nX/xYHMaFT02feGhWiL3JrxWCGE4lzvO65CMeXr5wTmcKyLtqXbPv5wg7etlSerpoBOx3QhI2rnu0TmRbpD1qNtq3UViBk0deETBgVUz1iqxRxUyPLI6l4XBrVQqz4sEkzwYzaRsiJi0Apz7XHTFzO4jkfAkbtfJxu8VhV+q/Y3Md+x4Zg8TNR5x641XMNJhvkULbiGVPd+804lBN8nRNPUhMM7nTJaYqAWzmk1qzYXeJ5HtIm6Q/vvaGLUyuc+s33DRZWYeHDchefGHWSibC75HB04Qmh/zt9C4fDPAjxyTFBXX7VqTl7FfocxBeNXs4zGR+CdslvnO9BqNe4HZ9J0ztxQjVERrPmTMgEUy2iOzVgJQKLUy05jRtEIm09FG/EVG3fhwiLyiHKnUfHbGwfghkaR7fIvE1NoCvirV9afed+xIegsUY3Jk+adFAtQ4sVQUczm5Y4eq2JBTDsCFGbsYGsDqWp7A9w28819R2cL/I4H8Bm+T6JqrCKVejc+94FDEYWQcHywDe/GHWSiGfIBgEn0tjzvFoM26RTDdkDuuDgDs13C+j7QesvlDYMyYvTqmqXs3x7qfqgilXo3PveBQxGFkHB8sAXfrmlM+z3KMRwd8Ob0s05fHrUksz5ALgxwH1clqsri0A6/IYWHa1uwlgKQLQaHK6sg9hleezqbfMrQWJxIMEiNr8aNlD/49rVwUXzivLdaxwY1SIs+fG64JEcW5ap6PsBij3wwjjuTbBazdGEGQ6MnvU/4yreqO5EfeZXELHipie+qbWiKbIbBHRnA4/C3DudSpRSePzCGqDx3H/RmPlacF4MNDcYnN7DSAuTh1kevO+B28fJicud9q+016Cxc7MTjxgRY1zyCvExVrLqg72vbXvFI1yI8SvFMI3chYiImVCLPOSWn60ewwkc0ibZKwlqhE4CrdjviYMfFYWgcTOyxr4KVTP4Z7impfSnCSDeGA6PRvd+O2JuIsPezHddaskjWD8gEw4O/ACpnlB06wzsb1Iap3qtWlyE7sVGYHHjl/KfmSeincKLpBNnMptGP07PidTyDUgRKhCQeB5Vef3ZUUtM5Fas7W0QOJ9WtVhOjV6CiYYpzQoM5i+U15AFAaI2zksnsA+gu+RwdOMbM5xKrYlU80xJ4hqg8HyOtXspO1BaHWQGHNmL0+mdQqaZn5wvUVt3GJgfvRf8BFfwAEOyx5641TE9UmsUASczGwEdm63eQRP92hEa4wG8XhBM2BujyT82ptxcDDI4j8dkGhyt+jQvd/n9W10U7ebVAHHDsxXOycUyXPIK1KW1FngA7FucOrQS6Bqh6jGAf9xW+8oYcnh4sceNXo/iup9ixGnuHCyxWtetH/8/FH4kdjAxUwNmulj1gimxy6RxJ7M7st65fItQAW0okFvCE10fRVkp6nBanVQiTtxPkjudQNQbPs0/ootX2Lz5XAcOQJJF5Bb3IvtNwbd4l+7AFTPDGzOcuq6YppE9ODB+E8EMXIVpicqky8xmFX4PX/LZW3Cky7wvDYO5RCqeiA+UzfdyteDCIPS8y+RCnLYZ5lIUQ4rh32kuK2TCfEnkqzATnyzWmJkrZfgexrUszXyy2J/S5yyvHb1ieQQp7TuYNAwW1TICQLC1TAuHMKhn+jTytBFIws2KaKmk8u0Y0ZtkAr3fh0qLSWA6/KAkDA1uwgifwZb5vhxfoXsi+QwIT+St1WeR5eGgtLxKx6A+gMnn1bbiGRDf6G1rZQbeWlJI4/OOTTcLW7kUzwxlBJ+uzdMIrpZUS42uncJphWqfGG6UawFGoSPQ0LSPeBRmj+AZ5xKlcKlRDxgZnpXD/svz6fDxvRqn++uvsuvMZhV+D1/y2VtwJBocSa2E6FVoPfvMBm41BlThEwJjjWi0Iy0iG4QDpTMbB+4qXBq1Mf4JwHoxQXwPBQlJPmNaHOTVjk48wGhO0qXIfsxPAosHyP3b/ELexSexIMExFR1ZxZNpUGnHssRWCfZOuSy7pVLsSCA7xdFc/gGaiYsgWp1Et39eThLsXMOGWF/vvaBKl+hd+o2WriSjYqESojRMiodwLaO75vFnM+twLet9KwQyvLm1muCxnd+HSotJYDr8oCTe/ysB2Z5QZTvt3V9AT3W6LvnexPwWhTODUSfyv5knsV8h+tXBY8Fpkb55Xinh1z3ZA6nDQk0+tJ1baDNJDpaVb/4N8GpM0KPcbx29YnkEKe07mDSMhhRjgmY3Nk+aNlD+s9sENIXjyyOf6SmegQcJKQC4IuPfH2VovTihij9FlplJHYG9zBZk6k2/HXWZYmruaYgFLEaVUiXQ8WXMamG3LyBZJ7Gm4QjxfnpMupDgznqjuGMzHxxW2zwIVLnOpea87X7C/F3yJskv772iKeTq3qjpwz8VhbPTkOMHf1wHkK/wOWcChHEOEBy6rpimkT04MH4S0m7sBtoq2DTLzGYVfg9f8tlbcZZZXiyO9Ji3eN0KXUUPhUZhwVLTFk+aNlD+s9sENIQDiVMMSixbVMft2QOpw0JNPrSdWvoxyvzEk51dnAEazJOW+Ho/XeJ5xGv+z0nH/xaUUnICwtaKu9UzL2KK1wAHUNvSrf6/ulXA7ypSe9EgSP11yPsKEDjdtCYMjR4jCc1iVsjrCX5wiUQaXsu8Jzo3dTOiMbEEjKoHofhn+jTytBFIws2KaKinQC9aU4gTom7tFpxqK6DY3pZVTbyv1ssdsYRbbf5NMki1269Y3oUbBFYAkDOyNq5oZKOvYclmMUfS3yCsW3yqpGLNOBBPIBCOzXcKuPqQHu72VG8OjLA9ioN3y63u7LBrZiwumA4UbbYVo6KQ4HJbSSSgvoBo9BCWJziS3SpJmTTzHFjRnvPxvP4lCcka8evMZiYczBu3an8D9CnuPG6Q3kIpDAhsFnzHJRKhUqJ3vxi1J7izOjYwdxNr050obFrUh+4tYrixIX1OlclYm1UaHUSCT6wPk2jPcsc6vMy/dUjGGJzrrxQv1UegcTPzZx6oAWAto7vm8rVByYP8O3+KlBIMqQC58PEdftVo6OhyeH7El22sziLNioey7Ho5aoTOtukOy7wmf4R2InFGNzZPm+RCnfOrxHNnk6lTqKl/KeXD/xnhirCBfV0ECLmPs3st9JeNX1/y2B7Ch0oejV6B22fNGN+YMzoxUlVkIiPkrgjFkpzx26QhN7L7k6iufYpXImxYUEu0VC6OpKj7OjFKTfSDmZ2fEQgOw4aZnq7vUHrXOA0KzJT+RHcwADO38p+ZJlMt4/m1wId3ORDf6Tyr5JLcS/A6oNSZD4RaiJowGE1UJhh/foJozqP1SS/tPIALxi0Y210VD5QWYqHzAnNtaXRTLeIpxbA3E2jyrSppnoXD/ymBK/ORvP4Reuk68fs85NaMXs4yuRyj9lh7CW5wiNd4HMpt9i/11GDwQ2f1u/snIp2DqyVghmLvw/2bKEikU31YUZqA4o4OhV26i1FLLJcEXZ1eErhvg/aZjjh98VrXOw8Y/sR+xQdxIMCi136YxXNPI8ll0VZjywMtKymehcP/SlO6oLEc25V5SPqxCsxlBR4OnoNID1H3mH6JqqCKU1



Here's the error that came up after uninstallment failed:

Error code: 0xC0070643
Error message: General internal error.
Additional message: service 'AVGIDSAgent' AVGIDSAgent could not be stopped. Verify that you have sufficient privileges to stop services. (0xC0070781)
Context: MSI action failed

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 12 July 2011 - 06:03 PM

Try booting into Safe Mode and uninstalling it from there. Make sure you use an account with administrator access if you have more than one profile.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 thefigtree

thefigtree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 12 July 2011 - 09:40 PM

By using safe mode, I was able to uninstall AVG.

Unfortunately, I think I might be having some problems with combofix. Maybe not though.

One thing is that after combofix was installed it came up with a screen that differs than the one you show. It says:

Congratulations!!! The Microsoft Recovery Console was successfully installed.

On each restart of the machine, a black screen will offer you the option to boot into recovery console mode. For normal use, just ignore the black screen. Windows shall boot normally in 2 seconds.

Click 'Yes' to continue scanning for malware.



I clicked yes and then it started something called Autoscan, scanning different "levels". I believe that's what it called it. There were 50 I believe. After, it said it was deleting something. (and didn't ask if I wanted it to). Then it said it was deleting c:/documentsandsettings/jordan/WINDOWS. Since you had not said anything about this I clicked no, which stopped the scan (I think).

Also, when this scan runs all of my desktop items, my taskbar, and my start menu disappear. So basically I don't think it's going to run.

I have no idea why combofix isn't proceeding like your steps. Sorry if I did something wrong.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 13 July 2011 - 05:32 PM

Please re-run Combofix...that is a folder that should be removed. It's OK when things disappear...that is expected. It should get through about 50 stages, then have a logfile pop up.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 thefigtree

thefigtree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 14 July 2011 - 05:05 AM

Here is the combofix log:

ComboFix 11-07-13.04 - Jordan 07/14/2011 5:31.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.844 [GMT -4:00]
Running from: c:\documents and settings\Jordan\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jordan\Error.log
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-14 00:23 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2011-07-14 00:23 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2011-06-30 22:59 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-30 22:59 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 20:45 . 2010-12-31 13:36 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-06-26 20:45 . 2010-12-31 13:36 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-06-26 20:45 . 2010-12-31 13:36 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-06-24 15:30 . 2011-06-24 15:30 -------- d-----w- c:\documents and settings\Jordan\Application Data\SUPERAntiSpyware.com
2011-06-24 15:30 . 2011-06-24 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-24 15:30 . 2011-06-24 15:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-24 11:36 . 2011-06-24 11:36 -------- d-----w- c:\windows\PIF
2011-06-24 05:28 . 2011-06-24 05:28 -------- d-----w- c:\documents and settings\Jordan\Local Settings\Application Data\Threat Expert
2011-06-24 00:42 . 2011-01-07 18:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-06-24 00:42 . 2011-01-07 18:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-06-24 00:42 . 2011-01-07 18:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-06-24 00:42 . 2011-01-07 18:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-06-19 09:06 . 2011-06-19 09:06 -------- d-----w- c:\documents and settings\Jordan\Local Settings\Application Data\AVG Security Toolbar
2011-06-18 03:29 . 2011-06-18 03:29 -------- d-----w- C:\$AVG
2011-06-18 02:48 . 2011-06-18 02:48 -------- d-----w- c:\documents and settings\Jordan\Application Data\AVG10
2011-06-18 02:40 . 2011-06-18 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2011-06-18 02:35 . 2011-07-13 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-06-18 02:35 . 2011-07-13 00:08 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-18 02:32 . 2011-06-18 02:32 -------- d-----w- c:\program files\AVG
2011-06-18 02:25 . 2011-07-13 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-06-18 00:35 . 2010-07-16 18:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-06-18 00:35 . 2010-07-16 18:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-06-18 00:35 . 2011-01-17 13:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-06-18 00:35 . 2010-12-10 20:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-06-18 00:35 . 2010-12-10 17:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-06-18 00:34 . 2010-12-16 12:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-06-18 00:34 . 2011-06-18 00:38 -------- d-----w- c:\program files\Common Files\PC Tools
2011-06-18 00:34 . 2011-07-11 05:08 -------- d-----w- c:\program files\PC Tools Security
2011-06-18 00:34 . 2011-06-18 00:34 -------- d-----w- c:\documents and settings\Jordan\Application Data\PC Tools
2011-06-17 22:11 . 2011-07-14 08:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-06-17 22:08 . 2011-06-24 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-06-16 23:53 . 2011-06-18 00:31 -------- d-----w- c:\documents and settings\Administrator
2011-06-14 21:11 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 23:09 . 2011-06-11 01:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-27 21:09 . 2003-07-16 20:50 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-06-02 14:02 . 2003-07-16 20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 08:52 . 2011-05-24 22:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2011-05-24 22:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2005-06-20 19:06 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2003-07-16 20:43 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2003-07-16 20:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2003-07-16 20:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 15:51 . 2005-10-21 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2003-07-16 20:30 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2003-07-16 20:37 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-14_00.30.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-14 07:27 . 2011-07-14 07:27 16384 c:\windows\Temp\Perflib_Perfdata_5ec.dat
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2005-06-20 19:15 . 2011-07-13 12:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-06-20 19:15 . 2011-07-14 08:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-06-18 17:45 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll
- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
- 2005-06-20 14:37 . 2011-05-25 17:07 1257232 c:\windows\system32\FNTCACHE.DAT
+ 2005-06-20 14:37 . 2011-07-14 07:27 1257232 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-19 03:46 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2006-02-02 20:58 . 2011-07-14 07:03 49089992 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"EPSON Stylus CX4800 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Creating Keepsakes Scrapbook Designer Event Reminder.lnk
backup=c:\windows\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
2003-09-02 10:46 106574 ----a-w- c:\program files\ATI Multimedia\main\LaunchPd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-01-21 01:10 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-02-23 20:45 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2000-08-08 20:00 311350 ----a-w- c:\program files\Microsoft Works\wkssb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-08-08 20:00 28739 ----a-w- c:\program files\Microsoft Works\WkDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
2006-06-02 17:32 1003520 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 20:07 49263 ----a-w- c:\program files\Java\jre1.5.0_10\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2000-08-08 20:00 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/17/2011 8:35 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [6/17/2011 8:35 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [6/17/2011 8:35 PM 656320]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/17/2011 8:35 PM 251560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/30/2011 6:59 PM 22712]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [6/17/2011 8:34 PM 70536]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 68.87.75.198 68.87.64.150
FF - ProfilePath - c:\documents and settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dfc1008&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Firefox (default): {972ce4c6-7e08-4474-a285-3208198ce6fd} - %profile%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-14 05:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(536)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(592)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2011-07-14 05:58:44
ComboFix-quarantined-files.txt 2011-07-14 09:58
ComboFix2.txt 2011-07-14 09:14
ComboFix3.txt 2011-07-14 00:41
.
Pre-Run: 3,372,544,000 bytes free
Post-Run: 3,353,817,088 bytes free
.
- - End Of File - - 889964BA6C64B88F6956362E833B9364

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 14 July 2011 - 06:01 PM

That ran perfect. Can you please attach these logs in your reply? I need to see if Combofix removed anything else. T hanks!

C:\Qoobox\ComboFix2.txt
C:\Qoobox\ComboFix3.txt


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 thefigtree

thefigtree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 14 July 2011 - 08:31 PM

ComboFix 11-07-13.04 - Jordan 07/14/2011 4:43.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.935 [GMT -4:00]
Running from: c:\documents and settings\Jordan\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-14 00:23 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2011-07-14 00:23 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2011-06-30 22:59 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-30 22:59 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 20:45 . 2010-12-31 13:36 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-06-26 20:45 . 2010-12-31 13:36 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-06-26 20:45 . 2010-12-31 13:36 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-06-24 15:30 . 2011-06-24 15:30 -------- d-----w- c:\documents and settings\Jordan\Application Data\SUPERAntiSpyware.com
2011-06-24 15:30 . 2011-06-24 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-24 15:30 . 2011-06-24 15:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-24 11:36 . 2011-06-24 11:36 -------- d-----w- c:\windows\PIF
2011-06-24 05:28 . 2011-06-24 05:28 -------- d-----w- c:\documents and settings\Jordan\Local Settings\Application Data\Threat Expert
2011-06-24 00:42 . 2011-01-07 18:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-06-24 00:42 . 2011-01-07 18:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-06-24 00:42 . 2011-01-07 18:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-06-24 00:42 . 2011-01-07 18:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-06-19 09:06 . 2011-06-19 09:06 -------- d-----w- c:\documents and settings\Jordan\Local Settings\Application Data\AVG Security Toolbar
2011-06-18 03:29 . 2011-06-18 03:29 -------- d-----w- C:\$AVG
2011-06-18 02:48 . 2011-06-18 02:48 -------- d-----w- c:\documents and settings\Jordan\Application Data\AVG10
2011-06-18 02:40 . 2011-06-18 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2011-06-18 02:35 . 2011-07-13 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-06-18 02:35 . 2011-07-13 00:08 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-18 02:32 . 2011-06-18 02:32 -------- d-----w- c:\program files\AVG
2011-06-18 02:25 . 2011-07-13 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-06-18 00:35 . 2010-07-16 18:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-06-18 00:35 . 2010-07-16 18:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-06-18 00:35 . 2011-01-17 13:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-06-18 00:35 . 2010-12-10 20:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-06-18 00:35 . 2010-12-10 17:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-06-18 00:34 . 2010-12-16 12:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-06-18 00:34 . 2011-06-18 00:38 -------- d-----w- c:\program files\Common Files\PC Tools
2011-06-18 00:34 . 2011-07-11 05:08 -------- d-----w- c:\program files\PC Tools Security
2011-06-18 00:34 . 2011-06-18 00:34 -------- d-----w- c:\documents and settings\Jordan\Application Data\PC Tools
2011-06-17 22:11 . 2011-07-14 08:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-06-17 22:08 . 2011-06-24 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-06-16 23:53 . 2011-06-18 00:31 -------- d-----w- c:\documents and settings\Administrator
2011-06-14 21:11 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 23:09 . 2011-06-11 01:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-27 21:09 . 2003-07-16 20:50 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-06-02 14:02 . 2003-07-16 20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 08:52 . 2011-05-24 22:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2011-05-24 22:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2005-06-20 19:06 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2003-07-16 20:43 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2003-07-16 20:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2003-07-16 20:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 15:51 . 2005-10-21 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2003-07-16 20:30 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2003-07-16 20:37 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-14_00.30.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-14 07:27 . 2011-07-14 07:27 16384 c:\windows\Temp\Perflib_Perfdata_5ec.dat
+ 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2005-06-20 19:15 . 2011-07-13 12:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-06-20 19:15 . 2011-07-14 08:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-06-20 19:15 . 2011-07-13 12:42 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-07-14 02:43 . 2011-07-14 08:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll
- 2005-06-20 14:37 . 2011-05-25 17:07 1257232 c:\windows\system32\FNTCACHE.DAT
+ 2005-06-20 14:37 . 2011-07-14 07:27 1257232 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-19 03:46 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2006-02-02 20:58 . 2011-07-14 07:03 49089992 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"EPSON Stylus CX4800 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Creating Keepsakes Scrapbook Designer Event Reminder.lnk
backup=c:\windows\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
2003-09-02 10:46 106574 ----a-w- c:\program files\ATI Multimedia\main\LaunchPd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-01-21 01:10 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-02-23 20:45 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2000-08-08 20:00 311350 ----a-w- c:\program files\Microsoft Works\wkssb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-08-08 20:00 28739 ----a-w- c:\program files\Microsoft Works\WkDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
2006-06-02 17:32 1003520 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 20:07 49263 ----a-w- c:\program files\Java\jre1.5.0_10\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2000-08-08 20:00 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/17/2011 8:35 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [6/17/2011 8:35 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [6/17/2011 8:35 PM 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [6/26/2011 4:45 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [6/26/2011 4:45 PM 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/17/2011 8:35 PM 251560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [6/23/2011 8:42 PM 247760]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/30/2011 6:59 PM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/30/2011 6:59 PM 22712]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [6/17/2011 8:34 PM 70536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [6/17/2011 8:34 PM 366840]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [6/26/2011 4:45 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 68.87.75.198 68.87.64.150
FF - ProfilePath - c:\documents and settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dfc1008&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Firefox (default): {972ce4c6-7e08-4474-a285-3208198ce6fd} - %profile%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-14 05:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(536)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(592)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(3032)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-07-14 05:14:46
ComboFix-quarantined-files.txt 2011-07-14 09:14
ComboFix2.txt 2011-07-14 00:41
.
Pre-Run: 3,372,838,912 bytes free
Post-Run: 3,358,121,984 bytes free
.
- - End Of File - - 094D3C678335055E9C9B7659E4CE2046



ComboFix 11-07-13.03 - Jordan 07/13/2011 19:55:20.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.902 [GMT -4:00]
Running from: c:\documents and settings\Jordan\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jordan\WINDOWS
.
c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-14 00:23 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2011-07-14 00:23 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2011-07-13 09:00 . 2011-07-13 09:00 -------- d-----w- c:\windows\LastGood
2011-06-30 22:59 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-30 22:59 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 20:45 . 2010-12-31 13:36 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-06-26 20:45 . 2010-12-31 13:36 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-06-26 20:45 . 2010-12-31 13:36 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-06-24 15:30 . 2011-06-24 15:30 -------- d-----w- c:\documents and settings\Jordan\Application Data\SUPERAntiSpyware.com
2011-06-24 15:30 . 2011-06-24 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-24 15:30 . 2011-06-24 15:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-24 11:36 . 2011-06-24 11:36 -------- d-----w- c:\windows\PIF
2011-06-24 05:28 . 2011-06-24 05:28 -------- d-----w- c:\documents and settings\Jordan\Local Settings\Application Data\Threat Expert
2011-06-24 00:42 . 2011-01-07 18:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-06-24 00:42 . 2011-01-07 18:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-06-24 00:42 . 2011-01-07 18:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-06-24 00:42 . 2011-01-07 18:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-06-19 09:06 . 2011-06-19 09:06 -------- d-----w- c:\documents and settings\Jordan\Local Settings\Application Data\AVG Security Toolbar
2011-06-18 03:29 . 2011-06-18 03:29 -------- d-----w- C:\$AVG
2011-06-18 02:48 . 2011-06-18 02:48 -------- d-----w- c:\documents and settings\Jordan\Application Data\AVG10
2011-06-18 02:40 . 2011-06-18 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2011-06-18 02:35 . 2011-07-13 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-06-18 02:35 . 2011-07-13 00:08 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-18 02:32 . 2011-06-18 02:32 -------- d-----w- c:\program files\AVG
2011-06-18 02:25 . 2011-07-13 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-06-18 00:35 . 2010-07-16 18:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-06-18 00:35 . 2010-07-16 18:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-06-18 00:35 . 2011-01-17 13:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-06-18 00:35 . 2010-12-10 20:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-06-18 00:35 . 2010-12-10 17:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-06-18 00:34 . 2010-12-16 12:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-06-18 00:34 . 2011-06-18 00:38 -------- d-----w- c:\program files\Common Files\PC Tools
2011-06-18 00:34 . 2011-07-11 05:08 -------- d-----w- c:\program files\PC Tools Security
2011-06-18 00:34 . 2011-06-18 00:34 -------- d-----w- c:\documents and settings\Jordan\Application Data\PC Tools
2011-06-17 22:11 . 2011-07-13 12:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-06-17 22:08 . 2011-06-24 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-06-16 23:53 . 2011-06-18 00:31 -------- d-----w- c:\documents and settings\Administrator
2011-06-14 21:11 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 23:09 . 2011-06-11 01:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-27 21:09 . 2003-07-16 20:50 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-04 08:52 . 2011-05-24 22:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2011-05-24 22:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2005-06-20 19:06 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2003-07-16 20:43 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2003-07-16 20:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2005-10-21 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2003-07-16 20:30 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2003-07-16 20:37 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"EPSON Stylus CX4800 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Creating Keepsakes Scrapbook Designer Event Reminder.lnk
backup=c:\windows\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
2003-09-02 10:46 106574 ----a-w- c:\program files\ATI Multimedia\main\LaunchPd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-01-21 01:10 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-02-23 20:45 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2000-08-08 20:00 311350 ----a-w- c:\program files\Microsoft Works\wkssb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-08-08 20:00 28739 ----a-w- c:\program files\Microsoft Works\WkDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
2006-06-02 17:32 1003520 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 20:07 49263 ----a-w- c:\program files\Java\jre1.5.0_10\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2000-08-08 20:00 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/17/2011 8:35 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [6/17/2011 8:35 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [6/17/2011 8:35 PM 656320]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/17/2011 8:35 PM 251560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/30/2011 6:59 PM 22712]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [6/17/2011 8:34 PM 70536]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 68.87.75.198 68.87.64.150
FF - ProfilePath - c:\documents and settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dfc1008&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Firefox (default): {972ce4c6-7e08-4474-a285-3208198ce6fd} - %profile%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-84806968.sys
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-13 20:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(536)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(592)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2011-07-13 20:41:49
ComboFix-quarantined-files.txt 2011-07-14 00:41
.
Pre-Run: 2,858,651,648 bytes free
Post-Run: 3,452,407,808 bytes free
.
- - End Of File - - 71103ACE24C10452CB67A3E79D80B7FA

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 15 July 2011 - 03:50 PM

Hello, thefigtree.


Step 1


Go ahead and reinstall an antivirus at this point. YOu can reinstall AVG if you prefer.

ALso, I realized I didn't answer your question from earlier...the startup folder may be empty. It is a standard folder that if an icon is in there, Windows will launch it automatically at startup. It can be empty, or contain programs. So, it is not necessarily worrisome that it is empty.



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O4 - HKU\S-1-5-21-1214440339-362288127-682003330-1004..\Run: [] File not found
    MsConfig - StartUpReg: AVG7_CC - hkey= - key= - File not found
    MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found
    MsConfig - StartUpReg: swg - hkey= - key= - File not found
    @Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
    :files
    C:\Documents and Settings\All Users\Application Data\~16310052
    C:\Documents and Settings\All Users\Application Data\~16310052r
    C:\Documents and Settings\All Users\Application Data\16310052
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride"=0
    :commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 4

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 thefigtree

thefigtree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 16 July 2011 - 03:51 PM

One thing I forgot to mention: after running combofix, an internet explorer icon appeared on the desktop. I think this is good news because the virus that I got had installed a fake internet explorer which was probably blocking the real internet explorer.

anyways here are the logs you requested, except for ESET online scan because it found no threats.


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-362288127-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AVG7_CC\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Google Desktop Search\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\swg\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\~16310052 moved successfully.
C:\Documents and Settings\All Users\Application Data\~16310052r moved successfully.
C:\Documents and Settings\All Users\Application Data\16310052 moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|0 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->FireFox cache emptied: 3423991 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 5765 bytes

User: Jordan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9290876 bytes
->Java cache emptied: 17942243 bytes
->FireFox cache emptied: 89820882 bytes
->Flash cache emptied: 3149828 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 163907 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1145933 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 20 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 628832 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33313 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 120.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07152011_192521

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL logfile created on: 7/16/2011 4:05:30 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Jordan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 68.40% Memory free
1.86 Gb Paging File | 1.64 Gb Available in Paging File | 88.22% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.26 Gb Total Space | 3.17 Gb Free Space | 8.27% Space Free | Partition Type: NTFS

Computer Name: BRENNA-6BK7J74T | User Name: Jordan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/10 08:34:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan\Desktop\OTL.exe
PRC - [2011/06/24 03:06:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2009/05/19 01:23:16 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/11/06 13:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/06 14:48:46 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
PRC - [2006/02/20 16:23:08 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe
PRC - [2006/02/07 02:10:34 | 000,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
PRC - [2005/02/02 05:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIADA.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/10 08:34:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2006/02/20 16:23:08 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/12/31 09:36:40 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/12/31 09:36:38 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/31 09:36:36 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2004/12/15 07:12:04 | 000,218,368 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/01/20 23:48:07 | 000,669,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214440339-362288127-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1214440339-362288127-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1214440339-362288127-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKU\S-1-5-21-1214440339-362288127-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1214440339-362288127-682003330-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-1214440339-362288127-682003330-1004\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - HKU\S-1-5-21-1214440339-362288127-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4dfc1008&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1864: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1924: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.857: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/06/23 20:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/09 04:56:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/15 11:52:22 | 000,000,000 | ---D | M]

[2010/12/04 12:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan\Application Data\Mozilla\Extensions
[2011/07/15 06:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\extensions
[2005/09/27 20:29:49 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/07/15 06:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/01 19:14:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/12/24 23:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions
[2010/12/24 23:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/05/24 18:04:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/23 20:42:08 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/14 05:49:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-1214440339-362288127-682003330-1004\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-1214440339-362288127-682003330-1004\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1214440339-362288127-682003330-1004\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O4 - HKLM..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LXCRCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL ()
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKU\S-1-5-21-1214440339-362288127-682003330-1004..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-362288127-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1214440339-362288127-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1214440339-362288127-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1214440339-362288127-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1214440339-362288127-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jordan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/20 15:08:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/15 19:26:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/15 19:25:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/13 20:23:52 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2011/07/13 20:23:52 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grpconv.exe
[2011/07/12 20:37:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/12 20:33:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/12 20:33:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/12 20:33:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/12 20:33:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/12 20:30:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/12 20:07:29 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/07/12 08:26:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/10 08:34:21 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jordan\Desktop\OTL.exe
[2011/07/01 19:14:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/01 19:14:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/01 19:14:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/30 18:59:28 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/30 18:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/30 18:59:21 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/26 16:45:13 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/06/26 16:45:13 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/06/26 16:45:13 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/06/24 11:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan\Application Data\SUPERAntiSpyware.com
[2011/06/24 11:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/24 11:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/24 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/24 07:36:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF
[2011/06/24 01:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan\Local Settings\Application Data\Threat Expert
[2011/06/23 20:42:02 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/06/23 20:42:00 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/06/23 20:42:00 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/06/19 05:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan\Local Settings\Application Data\AVG Security Toolbar
[2011/06/17 23:29:37 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/06/17 22:48:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan\Application Data\AVG10
[2011/06/17 22:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/17 22:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/17 22:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/06/17 22:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/06/17 22:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/17 20:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/06/17 20:35:34 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/06/17 20:35:34 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/06/17 20:35:33 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/06/17 20:35:19 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/06/17 20:35:19 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/06/17 20:34:59 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/06/17 20:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/06/17 20:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/06/17 20:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan\Application Data\PC Tools
[2011/06/17 18:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/17 18:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/06/17 02:22:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jordan\Recent
[2010/11/14 10:07:05 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrinpa.dll
[2010/11/14 10:07:05 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcriesc.dll
[2010/11/14 10:06:33 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrserv.dll
[2010/11/14 10:06:33 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrusb1.dll
[2010/11/14 10:06:33 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrprox.dll
[2010/11/14 10:06:33 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrpplc.dll
[2010/11/14 10:06:32 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomc.dll
[2010/11/14 10:06:32 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrlmpm.dll
[2010/11/14 10:06:32 | 000,495,616 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcoms.exe
[2010/11/14 10:06:32 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomm.dll
[2010/11/14 10:06:32 | 000,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrih.exe

========== Files - Modified Within 30 Days ==========

[2011/07/15 19:44:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/15 19:42:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/15 17:22:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/15 11:52:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/07/14 05:49:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/14 03:27:08 | 001,257,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 03:09:51 | 000,717,014 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/07/14 03:02:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 21:58:49 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\Jordan\Desktop\Shortcut to ComboFix.lnk
[2011/07/12 20:37:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/11 02:08:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jordan\Desktop\MBR.dat
[2011/07/10 08:34:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan\Desktop\OTL.exe
[2011/07/01 19:09:38 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/01 12:18:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jordan\defogger_reenable
[2011/06/27 15:15:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 22:15:56 | 119,872,366 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/06/16 20:26:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/07/15 11:52:23 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/15 11:52:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/07/12 21:58:48 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\Jordan\Desktop\Shortcut to ComboFix.lnk
[2011/07/12 21:43:16 | 000,001,076 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Fotomat.lnk
[2011/07/12 21:43:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/12 21:43:15 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2011/07/12 21:43:15 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2011/07/12 20:37:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/12 20:37:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/12 20:33:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/12 20:33:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/12 20:33:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/12 20:33:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/12 20:33:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/11 02:08:27 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jordan\Desktop\MBR.dat
[2011/07/01 12:18:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jordan\defogger_reenable
[2011/06/27 21:19:52 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/27 21:19:52 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ac.lnk
[2011/06/27 21:19:52 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/06/27 21:19:52 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lexmark Imaging Studio - 2400 Series.LNK
[2011/06/27 21:19:52 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2011/06/27 21:19:48 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/06/27 21:19:48 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/27 21:19:48 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/27 21:19:48 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/27 21:19:48 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/27 21:19:48 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/27 21:19:47 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM 6.lnk
[2011/06/27 21:19:33 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2011/06/27 21:19:33 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/27 21:19:33 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works.lnk
[2011/06/27 21:19:33 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/27 21:19:33 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/06/27 21:19:33 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\RealPlayer.lnk
[2011/06/25 22:15:56 | 119,872,366 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/06/24 10:42:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/23 20:42:04 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/06/23 20:42:02 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/06/23 20:42:02 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/06/23 20:42:02 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/06/23 20:42:01 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/06/17 20:35:36 | 000,717,014 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/11/14 10:07:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcrvs.dll
[2010/11/14 10:07:03 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcrcoin.dll
[2010/11/14 10:06:49 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcrdrs.dll
[2010/11/14 10:06:49 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcrcaps.dll
[2010/11/14 10:06:48 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcrcnv4.dll
[2010/11/14 10:06:33 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\LXCRinst.dll
[2009/06/23 16:43:45 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/02/19 22:36:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2006/09/20 16:26:40 | 000,000,014 | ---- | C] () -- C:\WINDOWS\ASSE.dat
[2006/06/30 22:44:32 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/25 01:46:10 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/07 18:29:09 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/01/14 19:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/01/13 17:05:37 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2006/01/13 17:05:37 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabunin.exe
[2005/09/27 19:54:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/09/27 19:53:10 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2005/08/12 19:50:00 | 000,000,039 | ---- | C] () -- C:\WINDOWS\dbinside.ini
[2005/06/30 15:12:51 | 000,115,200 | ---- | C] () -- C:\Documents and Settings\Jordan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/28 18:20:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/20 15:47:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/20 15:41:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/06/20 15:41:50 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/06/20 15:41:37 | 000,004,249 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/06/20 15:32:07 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/06/20 15:15:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/06/20 15:06:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/06/20 10:38:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/20 10:37:36 | 001,257,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/20 23:39:05 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/01/20 23:37:33 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,383,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,053,608 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/28 14:31:52 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >




Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7136

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

7/16/2011 4:27:19 AM
mbam-log-2011-07-16 (04-27-19).txt

Scan type: Quick scan
Objects scanned: 172889
Time elapsed: 11 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users