Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Repair Malware


  • This topic is locked This topic is locked
16 replies to this topic

#1 Lenny Toucan

Lenny Toucan

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 01 July 2011 - 02:15 PM

Hi, I was advised by Broni in my original thread here to post in this section of the board.

In brief, I managed to get the Windows XP Repair virus/malware. I followed lots of advice and things are starting to finally get back to normal. However, my start menu is still only showing a small number of the programs I had on there before. It's mainly your basics (IE, WMP, Accessories etc) but also a little worryingly, it still has Windows XP Repair. So, I'm a little worried that there's still a bit of rootkit in my laptop somewhere, and that is when I was advised to post here.

It's probably worth mentioning that between my last post in the previous thread, and this new one, I spotted that my AVG had a rootkit scanner, so I thought 'what the hell' and ran it. It picked up on one rootkit, I removed it using AVG, scanned again and it is (supposedly) clean. I've since run the DDS and GMER logs for you clever people to interpret. If they say everything's ok then I guess AVG sorted it, but it still wouldn't explain why my Winamp, MS Office, etc are still not on my start menu.

Anyway, enough yapping, here are my results!





DDS:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Run by Vikki at 17:43:06 on 2011-07-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.153 [GMT 1:00]
.
AV: AVG Anti-Virus plus Firewall *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\CyberLink\YouCam\YouCam.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\mSpot\mSpot\mSpot.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?o=101806&l=dis
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=ao531h
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=ao531h
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=ao531h
uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=ao531h
uInternet Settings,ProxyOverride = *.local
BHO: {0db6dc1b-13a3-4e5f-b41e-6ae7f2235874} - c:\windows\system32\cabine.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Epson Stylus SX420W(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigce.exe /fu "c:\windows\temp\E_SA4.tmp" /EF "HKCU"
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
uRun: [wItHAvlLNNUfMh] c:\documents and settings\all users\application data\wItHAvlLNNUfMh.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.1"
mRun: [YouCam Mirage] "c:\program files\cyberlink\youcam\YCMMirage.exe"
mRun: [YouCam Tray] "c:\program files\cyberlink\youcam\YouCam.exe" /s
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
mRun: [lxcgmon.exe] "c:\program files\lexmark 2300 series\lxcgmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2300 series\ezprint.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [mSpot] c:\program files\mspot\mspot\mSpot.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\vikki\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1E73E2D5-06AE-4F7A-AE6D-B6D0EF5CE353} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{67F424D6-8D5C-4335-B358-CB804DD92418} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\vikki\application data\mozilla\firefox\profiles\cm5bh7xb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.toodledo.com/views/index.php#
FF - prefs.js: network.proxy.ftp - 129.105.15.38
FF - prefs.js: network.proxy.ftp_port - 3127
FF - prefs.js: network.proxy.gopher - 129.105.15.38
FF - prefs.js: network.proxy.gopher_port - 3127
FF - prefs.js: network.proxy.http - 129.105.15.38
FF - prefs.js: network.proxy.http_port - 3127
FF - prefs.js: network.proxy.socks - 129.105.15.38
FF - prefs.js: network.proxy.socks_port - 3127
FF - prefs.js: network.proxy.ssl - 129.105.15.38
FF - prefs.js: network.proxy.ssl_port - 3127
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\vikki\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-9-3 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-3 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-3 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-3 243152]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26762\RapportCerberus_26762.sys [2011-6-13 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-3 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-9-3 2331544]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-2-26 237568]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-9-3 30104]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-1-25 27504]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-9-3 30104]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-12-6 24576]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-2-26 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S4 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-26 24064]
.
=============== Created Last 30 ================
.
2011-06-29 17:16:24 248 ---ha-w- c:\documents and settings\all users\application data\~17096484.vir
2011-06-29 17:16:24 176 ---ha-w- c:\documents and settings\all users\application data\~17096484r.vir
2011-06-29 17:15:53 344 ---ha-w- c:\documents and settings\all users\application data\17096484.vir
2011-06-29 15:19:07 -------- d--h--w- c:\program files\iexplorer.exe
2011-06-29 14:17:16 248 ---ha-w- c:\documents and settings\all users\application data\~19324708.vir
2011-06-29 14:17:16 176 ---ha-w- c:\documents and settings\all users\application data\~19324708r.vir
2011-06-29 14:17:01 336 ---ha-w- c:\documents and settings\all users\application data\19324708.vir
2011-06-25 10:00:54 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-25 10:00:51 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-21 17:27:28 -------- d-----w- c:\documents and settings\vikki\application data\Frogwares
2011-06-21 13:30:06 -------- d--h--w- c:\documents and settings\all users\application data\Big Fish Games
2011-06-21 13:30:02 -------- d--h--w- c:\program files\bfgclient
2011-06-21 13:26:48 -------- d--h--w- c:\documents and settings\all users\application data\BigFishGamesCache
2011-06-21 13:03:56 -------- d--h--w- c:\documents and settings\all users\application data\PlayPond
2011-06-21 13:03:55 -------- d--h--w- c:\documents and settings\all users\application data\Trymedia
2011-06-21 12:50:57 -------- d--h--w- c:\windows\Mystery Legends Sleepy Hollow
2011-06-21 12:00:18 -------- d-----w- c:\documents and settings\vikki\application data\DDMSettings
2011-06-20 20:18:44 -------- d--h--w- c:\windows\system32\Adobe
2011-06-16 22:45:59 -------- d--h--w- c:\windows\SxsCaPendDel
2011-06-10 22:44:06 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-06-10 22:44:06 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-06-10 22:44:05 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-06-10 22:44:05 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-06-10 22:44:05 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-06-10 22:44:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-08 08:51:31 -------- d-----w- c:\documents and settings\vikki\application data\Philipp Winterberg
2011-06-08 08:51:18 -------- d--h--w- c:\program files\Free RAR Extract Frog
2011-06-06 17:35:47 -------- d-----w- c:\documents and settings\vikki\application data\SharePod
2011-06-06 16:05:27 -------- d--h--w- c:\program files\Bonjour
2011-06-06 12:51:02 1892184 ---ha-w- c:\windows\system32\D3DX9_42.dll
2011-06-06 12:50:55 2414360 ---ha-w- c:\windows\system32\d3dx9_31.dll
2011-06-06 12:50:26 -------- d--h--w- c:\windows\Logs
2011-06-06 12:48:18 -------- d--h--w- c:\program files\Winamp Detect
2011-06-06 12:47:45 59888 ---h--w- c:\windows\system32\pxwma.dll
2011-06-05 20:49:00 -------- d-----w- c:\documents and settings\vikki\application data\Malwarebytes
2011-06-05 20:44:52 -------- d-----w- c:\documents and settings\vikki\application data\SUPERAntiSpyware.com
2011-06-05 20:44:43 -------- d--h--w- c:\program files\SUPERAntiSpyware
2011-06-05 20:44:11 39984 ---ha-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 20:44:09 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-05 20:44:06 22712 ---ha-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 20:44:06 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2011-06-05 20:41:10 -------- d--h--w- c:\windows\pss
2011-06-05 20:30:56 -------- d--h--w- c:\program files\CCleaner
2011-06-04 15:19:59 -------- d--h--w- c:\program files\Pinhead Games
2011-06-02 17:53:02 94208 ---ha-w- c:\windows\system32\dpl100.dll
2011-06-01 16:46:49 -------- d--h--w- c:\program files\mSpot
.
==================== Find3M ====================
.
2011-05-25 17:43:57 243152 ---ha-w- c:\windows\system32\drivers\avgtdix.sys
2011-05-02 15:31:52 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ---ha-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-28 13:34:50 53816 ---ha-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-25 15:51:58 832512 ---ha-w- c:\windows\system32\wininet.dll
2011-04-25 15:51:57 78336 ---ha-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51:57 1830912 ---ha-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51:57 17408 ---ha-w- c:\windows\system32\corpol.dll
2011-04-25 12:01:21 389120 ---ha-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ---ha-w- c:\windows\system32\drivers\mup.sys
2011-04-06 15:20:16 91424 ---ha-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 75040 ---ha-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:20:16 197920 ---ha-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20:16 107808 ---ha-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 17:50:50.21 ===============


EDIT: Still getting redirected on google, so obviously still something up :(

Attached Files


Edited by Lenny Toucan, 01 July 2011 - 02:36 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 10 July 2011 - 07:06 AM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Lenny Toucan

Lenny Toucan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 10 July 2011 - 02:29 PM

Thank you so much for helping, I have been waiting patiently!

Here is the 'OTL' Log:

OTL logfile created on: 10/07/2011 18:46:45 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Vikki\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1011.88 Mb Total Physical Memory | 293.58 Mb Available Physical Memory | 29.01% Memory free
2.37 Gb Paging File | 1.68 Gb Available in Paging File | 70.90% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.05 Gb Total Space | 46.90 Gb Free Space | 33.25% Space Free | Partition Type: NTFS

Computer Name: BABYCAKES | User Name: Vikki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/10 18:45:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vikki\My Documents\Downloads\OTL.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/16 05:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/04 18:58:48 | 001,099,136 | -H-- | M] (mSpot) -- C:\Program Files\mSpot\mSpot\mSpot.exe
PRC - [2011/03/22 19:37:06 | 000,074,752 | -H-- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/03/21 22:19:40 | 002,071,904 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/03/21 19:56:16 | 001,230,704 | -H-- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/25 15:16:27 | 002,331,544 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/11/25 15:16:26 | 000,725,344 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/22 15:08:54 | 000,621,920 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/03 15:01:25 | 001,101,152 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/03 15:01:25 | 000,515,424 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/03 15:01:16 | 000,842,592 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/09/03 15:01:16 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/03 14:57:56 | 000,389,120 | RH-- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/01/25 18:11:40 | 000,224,352 | -H-- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\YouCam\YouCam.exe
PRC - [2010/01/25 18:11:40 | 000,136,488 | -H-- | M] (CyberLink) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe
PRC - [2009/12/11 15:50:34 | 000,557,056 | RH-- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/11/19 17:19:48 | 000,598,016 | RH-- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/09/29 13:29:00 | 000,356,352 | RH-- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
PRC - [2009/09/29 13:28:26 | 001,011,712 | RH-- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009/09/29 13:03:02 | 000,462,848 | RH-- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009/09/29 12:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009/09/14 08:00:00 | 000,200,704 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIGCE.EXE
PRC - [2009/06/03 10:25:16 | 000,106,496 | RH-- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009/04/14 13:14:26 | 000,139,264 | -H-- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2008/11/27 12:00:58 | 000,237,568 | -H-- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/09/12 15:01:28 | 000,354,840 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/25 17:06:30 | 002,027,792 | -H-- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/07/25 17:02:54 | 000,563,984 | -H-- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/07/25 17:02:32 | 000,403,728 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/07/20 01:40:48 | 000,137,752 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/07/20 01:38:54 | 000,186,904 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2005/08/01 08:05:04 | 000,094,208 | -H-- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2300 Series\ezprint.exe
PRC - [2005/07/25 15:25:18 | 000,491,520 | -H-- | M] ( ) -- C:\WINDOWS\system32\lxcgcoms.exe
PRC - [2005/07/21 02:07:22 | 000,200,704 | -H-- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 2300 Series\lxcgmon.exe


========== Modules (SafeList) ==========

MOD - [2011/07/10 18:45:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vikki\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/11/25 15:16:27 | 002,331,544 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/09/03 15:01:16 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/11/27 12:00:58 | 000,237,568 | -H-- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/09/12 15:01:28 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/07/20 01:42:30 | 000,141,848 | -H-- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/07/20 01:40:48 | 000,137,752 | -H-- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/07/20 01:38:54 | 000,186,904 | -H-- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/12/19 18:23:20 | 000,094,208 | -H-- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2005/07/25 15:25:18 | 000,491,520 | -H-- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/06/13 20:50:48 | 000,057,144 | -H-- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2011/05/25 18:43:57 | 000,243,152 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/03 15:02:02 | 000,052,872 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/09/03 15:01:50 | 000,216,400 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/03 15:01:50 | 000,029,584 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/09/03 15:01:03 | 000,030,104 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/09/03 15:01:03 | 000,030,104 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/05/10 19:41:30 | 000,067,656 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/25 18:12:40 | 000,027,504 | -H-- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\clwvd.sys -- (clwvd)
DRV - [2009/09/15 21:04:58 | 000,032,768 | -H-- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/06/10 17:49:32 | 000,024,576 | -H-- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/02/24 04:22:48 | 000,038,400 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2009/02/03 07:42:30 | 000,162,816 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/01/20 11:53:06 | 005,027,840 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/30 04:02:32 | 001,346,464 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2007/10/01 14:59:46 | 001,769,984 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/08/08 11:12:40 | 000,101,120 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/07/20 01:39:50 | 002,142,488 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/20 01:37:56 | 002,109,592 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/07/19 01:44:22 | 003,599,000 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2007/07/19 01:44:22 | 000,022,296 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007/07/19 01:44:00 | 000,041,752 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/19 01:42:29 | 001,920,920 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/07/18 18:42:42 | 000,025,624 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=ao531h
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=ao531h


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=ao531h
IE - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101806&l=dis
IE - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.toodledo.com/views/index.php#"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: wikilook@testpilot:2.5.5
FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:3.3.51
FF - prefs.js..network.proxy.backup.ftp: "69.178.68.212"
FF - prefs.js..network.proxy.backup.ftp_port: 27977
FF - prefs.js..network.proxy.backup.gopher: "69.178.68.212"
FF - prefs.js..network.proxy.backup.gopher_port: 27977
FF - prefs.js..network.proxy.backup.socks: "69.178.68.212"
FF - prefs.js..network.proxy.backup.socks_port: 27977
FF - prefs.js..network.proxy.backup.ssl: "69.178.68.212"
FF - prefs.js..network.proxy.backup.ssl_port: 27977
FF - prefs.js..network.proxy.ftp: "129.105.15.38"
FF - prefs.js..network.proxy.ftp_port: 3127
FF - prefs.js..network.proxy.gopher: "129.105.15.38"
FF - prefs.js..network.proxy.gopher_port: 3127
FF - prefs.js..network.proxy.http: "129.105.15.38"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "129.105.15.38"
FF - prefs.js..network.proxy.socks_port: 3127
FF - prefs.js..network.proxy.ssl: "129.105.15.38"
FF - prefs.js..network.proxy.ssl_port: 3127
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Vikki\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/27 13:15:53 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/21 12:57:40 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 15:52:09 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/10 23:44:16 | 000,000,000 | -H-D | M]

[2009/09/18 16:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vikki\Application Data\Mozilla\Extensions
[2011/06/10 23:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vikki\Application Data\Mozilla\Firefox\Profiles\cm5bh7xb.default\extensions
[2010/04/30 09:32:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Vikki\Application Data\Mozilla\Firefox\Profiles\cm5bh7xb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/08 19:58:38 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Documents and Settings\Vikki\Application Data\Mozilla\Firefox\Profiles\cm5bh7xb.default\extensions\facepad@lazyrussian.com
[2011/06/01 17:50:18 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Documents and Settings\Vikki\Application Data\Mozilla\Firefox\Profiles\cm5bh7xb.default\extensions\video.downloader.plugin@ffpimp.com
[2010/06/24 14:03:40 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Vikki\Application Data\Mozilla\Firefox\Profiles\cm5bh7xb.default\searchplugins\imdb.xml
[2010/06/24 14:04:51 | 000,001,180 | ---- | M] () -- C:\Documents and Settings\Vikki\Application Data\Mozilla\Firefox\Profiles\cm5bh7xb.default\searchplugins\urban-dictionary.xml
[2011/07/01 15:52:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VIKKI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CM5BH7XB.DEFAULT\EXTENSIONS\WIKILOOK@TESTPILOT.XPI
[2010/01/21 19:49:35 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/16 05:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/06/15 22:14:35 | 000,393,216 | -H-- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/22 19:38:12 | 000,012,800 | -H-- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0DB6DC1B-13A3-4E5F-B41E-6AE7F2235874} - File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [LXCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [lxcgmon.exe] C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [mSpot] C:\Program Files\mSpot\mSpot\mSpot.exe (mSpot)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-4087772427-1690550294-72185382-1005..\Run: [BitTorrent] File not found
O4 - HKU\S-1-5-21-4087772427-1690550294-72185382-1005..\Run: [Epson Stylus SX420W(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-4087772427-1690550294-72185382-1005..\Run: [wItHAvlLNNUfMh] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Vikki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vikki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/26 19:35:30 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{419e700f-0abb-11df-8f27-0025567bfa23}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{419e700f-0abb-11df-8f27-0025567bfa23}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{419e700f-0abb-11df-8f27-0025567bfa23}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{667ac8d6-db96-11de-8e8f-0025567bfa23}\Shell - "" = AutoRun
O33 - MountPoints2\{667ac8d6-db96-11de-8e8f-0025567bfa23}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{667ac8d6-db96-11de-8e8f-0025567bfa23}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "EpsonBidirectionalService"
MsConfig - Services: "gupdatem"
MsConfig - Services: "gupdate1ca4fe240d924fa"
MsConfig - Services: "GoogleDesktopManager-080708-050100"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 0

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 17:41:20 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Vikki\Desktop\dds.scr
[2011/07/01 11:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/07/01 11:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/30 23:29:43 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\Vikki\Desktop\fsbl.exe
[2011/06/30 22:52:38 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Vikki\Desktop\RootRepeal.exe
[2011/06/30 22:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vikki\Desktop\RootRepeal
[2011/06/29 22:37:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vikki\Start Menu\Programs\Administrative Tools
[2011/06/29 22:36:23 | 004,129,550 | R--- | C] (Swearware) -- C:\Documents and Settings\Vikki\Desktop\ComboFix.exe
[2011/06/29 22:35:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/29 22:10:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/29 21:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vikki\Desktop\iexplorer
[2011/06/29 18:24:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vikki\Recent
[2011/06/29 16:19:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iexplorer
[2011/06/29 16:19:07 | 000,000,000 | -H-D | C] -- C:\Program Files\iexplorer.exe
[2011/06/29 15:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vikki\Start Menu\Programs\Windows XP Repair
[2011/06/22 18:01:26 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/06/21 18:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vikki\Application Data\Frogwares
[2011/06/21 15:47:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dracula - Love Kills Collector's Edition
[2011/06/21 14:30:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/06/21 14:30:02 | 000,000,000 | -H-D | C] -- C:\Program Files\bfgclient
[2011/06/21 14:26:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011/06/21 14:03:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2011/06/21 14:03:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2011/06/21 13:50:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Mystery Legends Sleepy Hollow
[2011/06/21 13:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vikki\Application Data\DDMSettings
[2011/06/20 21:18:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Adobe
[2011/06/16 23:45:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/06/11 17:02:03 | 001,183,744 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
[2010/06/11 17:02:03 | 001,134,592 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll
[2010/06/11 17:02:03 | 000,704,512 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
[2010/06/11 17:02:03 | 000,491,520 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcgcoms.exe
[2010/06/11 17:02:03 | 000,483,328 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
[2010/06/11 17:02:03 | 000,413,696 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
[2010/06/11 17:02:03 | 000,372,736 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcgih.exe
[2010/06/11 17:02:03 | 000,155,648 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
[2010/06/11 17:02:03 | 000,114,688 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
[2009/06/24 06:42:00 | 000,196,608 | -H-- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/06/24 06:41:58 | 000,172,032 | -H-- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/02/27 03:19:16 | 000,049,152 | -H-- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/10 18:48:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vikki\Local Settings\Application Data\prvlcl.dat
[2011/07/10 18:39:42 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/10 18:39:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/10 18:39:34 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/01 17:41:35 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Vikki\Desktop\dds.scr
[2011/07/01 15:52:14 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Vikki\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/01 15:52:13 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/01 13:28:44 | 000,016,862 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\downloading.htm
[2011/06/30 23:29:48 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\Vikki\Desktop\fsbl.exe
[2011/06/30 22:52:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\settings.dat
[2011/06/30 22:52:11 | 000,465,298 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\RootRepeal.rar
[2011/06/30 10:55:25 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\RKUnhookerLE.EXE
[2011/06/30 10:21:55 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\Shortcut to mbam.exe.lnk
[2011/06/30 09:57:14 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\SecurityCheck.exe
[2011/06/29 22:55:45 | 001,008,041 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\rkill.com
[2011/06/29 22:37:22 | 004,129,550 | R--- | M] (Swearware) -- C:\Documents and Settings\Vikki\Desktop\ComboFix.exe
[2011/06/29 19:12:00 | 001,317,103 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\iexplorer.zip
[2011/06/29 18:16:24 | 000,000,248 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17096484.vir
[2011/06/29 18:16:24 | 000,000,176 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17096484r.vir
[2011/06/29 18:15:53 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\17096484.vir
[2011/06/29 15:23:20 | 000,000,248 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19324708.vir
[2011/06/29 15:23:19 | 000,000,176 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19324708r.vir
[2011/06/29 15:17:01 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\19324708.vir
[2011/06/29 12:26:46 | 078,849,187 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/06/29 11:05:08 | 000,118,272 | ---- | M] () -- C:\Documents and Settings\Vikki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 20:52:18 | 000,655,467 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2011/06/25 11:15:11 | 000,437,590 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/25 11:15:11 | 000,069,650 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/23 11:57:29 | 000,013,725 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\untitled.JPG
[2011/06/23 11:50:31 | 000,082,766 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\untitled.bmp
[2011/06/22 19:04:10 | 000,000,534 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\Shortcut to MSc.lnk
[2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/06/17 00:01:01 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/01 18:44:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\gmer.exe
[2011/07/01 15:52:13 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Vikki\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/01 15:52:13 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/01 15:52:13 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/01 13:28:49 | 000,016,862 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\downloading.htm
[2011/06/30 22:52:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\settings.dat
[2011/06/30 22:52:11 | 000,465,298 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\RootRepeal.rar
[2011/06/30 10:55:25 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\RKUnhookerLE.EXE
[2011/06/30 10:21:55 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\Shortcut to mbam.exe.lnk
[2011/06/30 09:57:14 | 000,879,028 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\SecurityCheck.exe
[2011/06/29 22:55:45 | 001,008,041 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\rkill.com
[2011/06/29 21:23:47 | 001,317,103 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\iexplorer.zip
[2011/06/29 18:16:24 | 000,000,248 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17096484.vir
[2011/06/29 18:16:24 | 000,000,176 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17096484r.vir
[2011/06/29 18:15:53 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\17096484.vir
[2011/06/29 15:17:16 | 000,000,248 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19324708.vir
[2011/06/29 15:17:16 | 000,000,176 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19324708r.vir
[2011/06/29 15:17:01 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\19324708.vir
[2011/06/23 11:55:26 | 000,013,725 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\untitled.JPG
[2011/06/23 11:50:30 | 000,082,766 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\untitled.bmp
[2011/06/16 23:47:05 | 000,001,374 | -H-- | C] () -- C:\WINDOWS\imsins.BAK
[2010/12/07 14:10:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\DbgOut.INI
[2010/10/01 18:52:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/10/01 16:56:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Vikki\Local Settings\Application Data\prvlcl.dat
[2010/08/27 18:57:24 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2010/06/11 17:02:03 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2010/05/12 21:14:58 | 000,021,504 | -H-- | C] () -- C:\WINDOWS\jestertb.dll
[2010/04/25 17:46:51 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Vikki\Application Data\setup_ldm.iss
[2010/03/25 17:16:43 | 000,058,163 | RH-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/03 21:02:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/26 21:53:22 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\Vikki\Application Data\wklnhst.dat
[2009/12/16 19:43:11 | 000,055,376 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/27 21:50:26 | 000,069,361 | -H-- | C] () -- C:\WINDOWS\Huawei ModemsUninstall.exe
[2009/11/16 20:04:58 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/18 18:45:24 | 000,118,272 | ---- | C] () -- C:\Documents and Settings\Vikki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/18 16:42:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/24 06:42:00 | 001,769,984 | -H-- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/06/24 06:42:00 | 000,028,160 | -H-- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/06/24 06:42:00 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\PidList.ini
[2009/02/27 03:18:54 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/02/27 03:18:52 | 000,437,590 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/27 03:18:52 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/02/27 03:18:52 | 000,069,650 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/27 03:18:52 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/02/27 03:18:51 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/02/27 03:18:51 | 000,004,524 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/02/27 03:18:50 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/02/27 03:18:47 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/02/27 03:18:47 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/02/27 03:18:41 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/02/27 03:18:39 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/02/26 21:21:37 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/26 20:28:14 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/02/26 20:25:57 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/02/26 20:25:57 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/02/26 20:25:57 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/02/26 20:25:57 | 000,000,164 | -H-- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/02/26 20:25:57 | 000,000,008 | -H-- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/02/26 19:38:18 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\AMove.exe
[2009/02/26 19:38:18 | 000,006,782 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/02/26 19:37:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/26 19:33:24 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/26 19:32:33 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/02/26 19:30:10 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/26 19:29:24 | 000,251,088 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/25 03:20:23 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2007/07/18 18:42:42 | 000,025,624 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2003/01/07 16:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/07/01 17:13:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/06/21 14:30:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/06/06 15:56:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2011/03/21 22:21:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/09/30 19:07:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/11/12 20:40:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2009/09/18 17:27:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/02/18 18:35:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2010/01/08 23:10:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2010/12/06 22:33:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2009/09/24 20:47:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/06/21 14:03:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2010/12/06 22:33:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2011/06/23 19:46:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/17 16:53:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/09/30 18:59:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/02/06 19:37:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2009/02/26 21:00:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\Application Data\Acer
[2010/06/09 21:45:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2010/03/25 17:07:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\Trusteer
[2010/03/18 18:37:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2009/02/26 21:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\Acer
[2011/06/29 15:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\BitTorrent
[2010/02/18 19:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\Boomzap
[2011/06/21 13:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\DDMSettings
[2009/12/15 22:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\DivoGames
[2010/06/15 22:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\E-centives
[2010/10/01 16:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\Epson
[2011/06/06 15:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\eSobi
[2010/06/21 18:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\Facebook
[2011/06/21 18:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\Frogwares
[2010/02/18 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\Green Clover Games
[2011/05/28 11:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\MysteryStudio
[2011/06/08 09:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\Philipp Winterberg
[2009/11/16 21:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\Playrix Entertainment
[2011/06/06 18:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\SharePod
[2010/12/06 22:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\Teleca
[2010/02/13 22:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\Template
[2010/03/17 16:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\Trusteer
[2010/07/16 21:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vikki\Application Data\WindSolutions

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/02/26 19:29:04 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/02/26 19:29:04 | 001,064,960 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/02/26 19:29:04 | 000,905,216 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2009/02/26 19:35:30 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2011/06/05 21:43:37 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2009/02/26 19:35:30 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2011/07/10 18:39:34 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/26 19:35:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/07/10 18:40:19 | 000,000,116 | ---- | M] () -- C:\lxcg.log
[2010/06/11 17:01:57 | 000,000,275 | -H-- | M] () -- C:\lxcgfire.csv
[2010/06/11 17:02:15 | 000,000,867 | -H-- | M] () -- C:\lxcginst.csv
[2011/06/13 13:02:20 | 000,002,394 | -H-- | M] () -- C:\lxcgscan.log
[2011/02/06 19:38:55 | 000,471,812 | -H-- | M] () -- C:\lxcgUNST.000
[2011/06/05 21:33:44 | 000,471,812 | -H-- | M] () -- C:\lxcgUNST.csv
[2009/02/18 10:26:30 | 000,002,016 | -H-- | M] () -- C:\MOD01SET0J00P2000K.enc
[2008/08/07 02:16:21 | 000,002,488 | -H-- | M] () -- C:\MOD01WOS02ENP20001.enc
[2009/02/26 19:35:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/10 18:39:33 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys
[2009/02/26 20:26:26 | 000,001,708 | -H-- | M] () -- C:\RHDSetup.log
[2011/06/29 23:13:14 | 000,000,397 | ---- | M] () -- C:\rkill.log
[2009/06/24 06:46:26 | 000,000,218 | -H-- | M] () -- C:\Setup.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 13:06:10 | 000,089,088 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/08/17 00:53:52 | 000,073,728 | -H-- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\lxcgpp5c.dll
[2006/10/26 20:56:12 | 000,033,104 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26205E86
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5520ED93
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8F070C2
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFFC9DD0
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01AAB269

< End of report >


Here is the 'Extras' Log:

OTL Extras logfile created on: 10/07/2011 18:46:45 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Vikki\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1011.88 Mb Total Physical Memory | 293.58 Mb Available Physical Memory | 29.01% Memory free
2.37 Gb Paging File | 1.68 Gb Available in Paging File | 70.90% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.05 Gb Total Space | 46.90 Gb Free Space | 33.25% Space Free | Partition Type: NTFS

Computer Name: BABYCAKES | User Name: Vikki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-4087772427-1690550294-72185382-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Acer\Acer VCM\VC.exe" = C:\Program Files\Acer\Acer VCM\VC.exe:*:Disabled:Acer Video Quality Enhancement -- (Acer Incoporated)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{166ADB53-ABA6-4CAB-B297-A188869D465A}" = The Goat In The Grey Fedora
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.1.221_Foxconn Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{69A4C67F-0129-4B21-AAAF-968726150097}" = mSpot
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73490214-D4F4-450B-9DAC-416E4CEB3C58}" = Acer ScreenSaver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{98B8052E-1E55-41D4-9A03-E2F718825D38}" = HTC Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG9Uninstall" = AVG 9.0
"BFGC" = Big Fish Games: Game Manager
"BFG-Dracula - Love Kills Collector's Edition" = Dracula: Love Kills Collector's Edition
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EPSON Scanner" = EPSON Scan
"EPSON SX420W Series" = EPSON SX420W Series Printer Uninstall
"EPSON SX420W Series Manual" = EPSON SX420W Series Manual
"EPSON SX420W Series Network Guide" = EPSON SX420W Series Network Guide
"Escape the Museum1.0" = Escape the Museum
"Free RAR Extract Frog" = Free RAR Extract Frog
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Huawei Modems" = Huawei Modems
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IrfanView" = IrfanView (remove only)
"Lexmark 2300 Series" = Lexmark 2300 Series
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QcDrv" = Logitech® Camera Driver
"Rapport_msi" = Rapport
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 0.9.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Write-N-Cite" = Write-N-Cite
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4087772427-1690550294-72185382-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/07/2011 10:11:06 | Computer Name = BABYCAKES | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.

Error - 04/07/2011 18:35:48 | Computer Name = BABYCAKES | Source = ESENT | ID = 490
Description = svchost (1560) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 04/07/2011 18:37:08 | Computer Name = BABYCAKES | Source = ESENT | ID = 490
Description = svchost (1560) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 04/07/2011 18:37:08 | Computer Name = BABYCAKES | Source = ESENT | ID = 470
Description = Catalog Database (1560) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 05/07/2011 17:21:29 | Computer Name = BABYCAKES | Source = Application Error | ID = 1000
Description = Faulting application lxcgmon.exe, version 2.6.62.20, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00010f1e.

Error - 05/07/2011 18:14:21 | Computer Name = BABYCAKES | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00ac26b0.

Error - 07/07/2011 18:14:19 | Computer Name = BABYCAKES | Source = Application Error | ID = 1000
Description = Faulting application lxcgmon.exe, version 2.6.62.20, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00010f1e.

Error - 09/07/2011 06:08:27 | Computer Name = BABYCAKES | Source = Application Error | ID = 1000
Description = Faulting application lxcgmon.exe, version 2.6.62.20, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00010f1e.

Error - 09/07/2011 06:18:22 | Computer Name = BABYCAKES | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00ac26b0.

Error - 09/07/2011 06:18:54 | Computer Name = BABYCAKES | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

[ System Events ]
Error - 29/06/2011 17:10:48 | Computer Name = BABYCAKES | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 29/06/2011 17:28:48 | Computer Name = BABYCAKES | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 03/07/2011 00:11:30 | Computer Name = BABYCAKES | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 03/07/2011 10:15:51 | Computer Name = BABYCAKES | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
1 time(s).

Error - 03/07/2011 10:17:49 | Computer Name = BABYCAKES | Source = DCOM | ID = 10010
Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register
with DCOM within the required timeout.

Error - 05/07/2011 17:17:27 | Computer Name = BABYCAKES | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 0025567BFA23 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 05/07/2011 17:21:13 | Computer Name = BABYCAKES | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 07/07/2011 18:13:49 | Computer Name = BABYCAKES | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 07/07/2011 19:41:05 | Computer Name = BABYCAKES | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 10/07/2011 13:42:28 | Computer Name = BABYCAKES | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >


GMER log is attached.

Thanks again!

Attached Files

  • Attached File  ark2.txt   29.59KB   1 downloads


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 10 July 2011 - 04:15 PM

Hello, Lenny Toucan.

If you detected a rootkit, I need to warn you about backdoors below.

Also, your start menu items should just be moved, and many things are hidden based on your logs, but it should all be there.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.




Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578











Step 1


Please download unhide.exe and save it to your desktop. Double-click unhide.exe to run it.

You should see your files, start menu items and Internet Explorer favorites return. If you do not, please let me know in your reply. It is important to check, as other steps as we clean your computer may mean we delete your start menu items and favorites unreturnable. (Your files would still be fine, though).




Step 2

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Step 3


Do you know if you have a proxy set up? You do, but it could be malware related. My gut feel is this one is intentionally set and appears to be related with Northwestern University in the US.

etavares

Edited by etavares, 10 July 2011 - 04:15 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Lenny Toucan

Lenny Toucan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 11 July 2011 - 04:48 AM

Ok thank you! Oh dear, this sounds really bad.

Regarding the Ccleaner, my friend told me to download it... I've only used it once and won't use it again now. I'll pass the message on to him too.

I ran the unhide and it seems all my programs are back!

Also ran the asw thing - it asked me if I wanted to get Avast! for better results but I said no - please advise if I should get it and run it again. Here are the results from it:

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-11 10:36:56
-----------------------------
10:36:56.015 OS Version: Windows 5.1.2600 Service Pack 3
10:36:56.015 Number of processors: 2 586 0x1C02
10:36:56.015 ComputerName: BABYCAKES UserName: Vikki
10:36:58.421 Initialize success
10:37:14.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:37:14.390 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
10:37:14.406 Disk 0 MBR read successfully
10:37:14.406 Disk 0 MBR scan
10:37:14.421 Disk 0 unknown MBR code
10:37:14.421 Disk 0 MBR hidden
10:37:14.437 Disk 0 scanning sectors +312578048
10:37:14.468 Disk 0 scanning C:\WINDOWS\system32\drivers
10:37:36.375 Service scanning
10:37:37.968 Disk 0 trace - called modules:
10:37:38.046 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865fbf16]<<
10:37:38.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f659c0]
10:37:38.062 3 CLASSPNP.SYS[f77a7fd7] -> nt!IofCallDriver -> \Device\0000006f[0x86f665e0]
10:37:38.078 5 ACPI.sys[f771e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86a09028]
10:37:38.671 \Driver\iaStor[0x86fc87c8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x865fbf16
10:37:38.687 Scan finished successfully
10:38:12.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Vikki\Desktop\MBR.dat"
10:38:12.453 The log file has been saved successfully to "C:\Documents and Settings\Vikki\Desktop\aswMBR.txt"




And finally, as for the proxy... I have no idea what a proxy is and whether I'm meant to have one, but I'm in no way affiliated with Northwestern Uni - I live in the UK for a start - so I really don't think it should be there.

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 11 July 2011 - 09:37 PM

Hello, Lenny Toucan.
CCleaner is OK, I would just avoid using the registry cleaner function within it.



Step 1

ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first. We can reinstall it when we're done with CF. Please let me know if you do uninstall it.

Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Lenny Toucan

Lenny Toucan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 12 July 2011 - 03:23 PM

Here's the ComboFix Log:

ComboFix 11-07-12.04 - Vikki 12/07/2011 13:01:52.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.469 [GMT 1:00]
Running from: c:\documents and settings\Vikki\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Vikki\Start Menu\Programs\Windows XP Repair
c:\documents and settings\Vikki\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk
c:\documents and settings\Vikki\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk
c:\program files\iexplorer.exe
c:\program files\iexplorer.exe\changes.rtf
c:\program files\iexplorer.exe\Languages\arabic.lng
c:\program files\iexplorer.exe\Languages\belarusian.lng
c:\program files\iexplorer.exe\Languages\bosnian.lng
c:\program files\iexplorer.exe\Languages\bulgarian.lng
c:\program files\iexplorer.exe\Languages\catalan.lng
c:\program files\iexplorer.exe\Languages\chineseSI.lng
c:\program files\iexplorer.exe\Languages\chineseTR.lng
c:\program files\iexplorer.exe\Languages\croatian.lng
c:\program files\iexplorer.exe\Languages\czech.lng
c:\program files\iexplorer.exe\Languages\danish.lng
c:\program files\iexplorer.exe\Languages\dutch.lng
c:\program files\iexplorer.exe\Languages\english.lng
c:\program files\iexplorer.exe\Languages\estonian.lng
c:\program files\iexplorer.exe\Languages\finnish.lng
c:\program files\iexplorer.exe\Languages\french.lng
c:\program files\iexplorer.exe\Languages\german.lng
c:\program files\iexplorer.exe\Languages\greek.lng
c:\program files\iexplorer.exe\Languages\hebrew.lng
c:\program files\iexplorer.exe\Languages\hungarian.lng
c:\program files\iexplorer.exe\Languages\italian.lng
c:\program files\iexplorer.exe\Languages\korean.lng
c:\program files\iexplorer.exe\Languages\latvian.lng
c:\program files\iexplorer.exe\Languages\lithuanian.lng
c:\program files\iexplorer.exe\Languages\macedonian.lng
c:\program files\iexplorer.exe\Languages\norwegian.lng
c:\program files\iexplorer.exe\Languages\polish.lng
c:\program files\iexplorer.exe\Languages\portugueseBR.lng
c:\program files\iexplorer.exe\Languages\portuguesePT.lng
c:\program files\iexplorer.exe\Languages\romanian.lng
c:\program files\iexplorer.exe\Languages\russian.lng
c:\program files\iexplorer.exe\Languages\serbian.lng
c:\program files\iexplorer.exe\Languages\slovak.lng
c:\program files\iexplorer.exe\Languages\slovenian.lng
c:\program files\iexplorer.exe\Languages\spanish.lng
c:\program files\iexplorer.exe\Languages\swedish.lng
c:\program files\iexplorer.exe\Languages\turkish.lng
c:\program files\iexplorer.exe\Languages\vietnamese.lng
c:\program files\iexplorer.exe\license.txt
c:\program files\iexplorer.exe\mbam.chm
c:\program files\iexplorer.exe\mbam.dll
c:\program files\iexplorer.exe\mbam.exe
c:\program files\iexplorer.exe\mbamcore.dll
c:\program files\iexplorer.exe\mbamext.dll
c:\program files\iexplorer.exe\mbamgui.exe
c:\program files\iexplorer.exe\mbamnet.dll
c:\program files\iexplorer.exe\mbamservice.exe
c:\program files\iexplorer.exe\ssubtmr6.dll
c:\program files\iexplorer.exe\unins000.dat
c:\program files\iexplorer.exe\unins000.exe
c:\program files\iexplorer.exe\unins000.msg
c:\program files\iexplorer.exe\vbalsgrid6.ocx
c:\windows\jestertb.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-01 10:12 . 2011-07-01 10:12 -------- d-----w- c:\program files\Microsoft Silverlight
2011-06-29 17:16 . 2011-06-29 17:16 248 ----a-w- c:\documents and settings\All Users\Application Data\~17096484.vir
2011-06-29 17:16 . 2011-06-29 17:16 176 ----a-w- c:\documents and settings\All Users\Application Data\~17096484r.vir
2011-06-29 17:15 . 2011-06-29 17:15 344 ----a-w- c:\documents and settings\All Users\Application Data\17096484.vir
2011-06-29 14:17 . 2011-06-29 14:23 248 ----a-w- c:\documents and settings\All Users\Application Data\~19324708.vir
2011-06-29 14:17 . 2011-06-29 14:23 176 ----a-w- c:\documents and settings\All Users\Application Data\~19324708r.vir
2011-06-29 14:17 . 2011-06-29 14:17 336 ----a-w- c:\documents and settings\All Users\Application Data\19324708.vir
2011-06-25 10:00 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-25 10:00 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-22 17:01 . 2011-06-22 17:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-06-21 17:27 . 2011-06-21 17:27 -------- d-----w- c:\documents and settings\Vikki\Application Data\Frogwares
2011-06-21 13:30 . 2011-06-21 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish Games
2011-06-21 13:30 . 2011-06-21 13:30 -------- d-----w- c:\program files\bfgclient
2011-06-21 13:26 . 2011-06-21 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2011-06-21 13:03 . 2011-06-21 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayPond
2011-06-21 13:03 . 2011-06-21 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2011-06-21 12:50 . 2011-06-21 12:50 -------- d-----w- c:\windows\Mystery Legends Sleepy Hollow
2011-06-21 12:00 . 2011-06-21 12:00 -------- d-----w- c:\documents and settings\Vikki\Application Data\DDMSettings
2011-06-20 20:18 . 2011-06-20 20:19 -------- d-----w- c:\windows\system32\Adobe
2011-06-16 22:45 . 2011-06-17 09:54 -------- d-----w- c:\windows\SxsCaPendDel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-29 08:11 . 2011-06-05 20:44 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2011-06-05 20:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31 . 2009-02-26 18:33 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2009-02-27 02:18 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2009-02-27 02:18 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2009-02-27 02:19 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2009-02-27 02:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2009-02-27 02:18 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2009-02-27 02:18 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2009-02-27 02:18 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2009-02-27 02:18 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-16 04:17 . 2011-06-10 22:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2010-01-25 136488]
"YouCam Tray"="c:\program files\CyberLink\YouCam\YouCam.exe" [2010-01-25 224352]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 94208]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"mSpot"="c:\program files\mSpot\mSpot\mSpot.exe" [2011-04-04 1099136]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBGAFcALQBOADMAWgAyAE4ALQA4ADYAQgBKAEsALQA2AFIAVwBHAEEALQBBADQAVgBRAFQALQBWAFkANABQAFcA&inst=NwA2AC0AOAA2ADkANQAzADcAMgA5ADAALQBYAE8AMwA2ACsAMQAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkALQBEAEQAVAArADAA&prod=93&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Vikki\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-2-26 565248]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"EpsonBidirectionalService"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate1ca4fe240d924fa"=2 (0x2)
"GoogleDesktopManager-080708-050100"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [13/06/2011 20:50 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [22/06/2011 18:01 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [22/06/2011 18:01 158904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [22/06/2011 18:01 870200]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [26/02/2009 21:00 237568]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [25/01/2010 18:12 27504]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [06/12/2010 22:32 24576]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [22/06/2011 18:01 53816]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [26/02/2009 20:29 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26/02/2009 20:40 24064]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101806&l=dis
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=ao531h
uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=ao531h
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Vikki\Application Data\Mozilla\Firefox\Profiles\cm5bh7xb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.toodledo.com/views/index.php#
FF - prefs.js: network.proxy.ftp - 129.105.15.38
FF - prefs.js: network.proxy.ftp_port - 3127
FF - prefs.js: network.proxy.gopher - 129.105.15.38
FF - prefs.js: network.proxy.gopher_port - 3127
FF - prefs.js: network.proxy.http - 129.105.15.38
FF - prefs.js: network.proxy.http_port - 3127
FF - prefs.js: network.proxy.socks - 129.105.15.38
FF - prefs.js: network.proxy.socks_port - 3127
FF - prefs.js: network.proxy.ssl - 129.105.15.38
FF - prefs.js: network.proxy.ssl_port - 3127
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0DB6DC1B-13A3-4E5F-B41E-6AE7F2235874} - c:\windows\system32\cabine.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKCU-Run-wItHAvlLNNUfMh - c:\documents and settings\All Users\Application Data\wItHAvlLNNUfMh.exe
AddRemove-BFG-Dracula - Love Kills Collector's Edition - c:\program files\Dracula - Love Kills Collector's Edition\Uninstall.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\iexplorer.exe\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-12 20:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe [9920] 0xFCF9B320
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(7152)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\lxcgcoms.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
.
**************************************************************************
.
Completion time: 2011-07-12 21:16:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-12 20:16
.
Pre-Run: 51,493,056,512 bytes free
Post-Run: 52,340,494,336 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7BA32F7C182B0A6EFE48B7E2C8459438


I don't seem to be getting the google-redirect anymore, and now that my programs have all been restored in my start menu, it all seems to be running fine (superficially at least).

Also, not sure if it's relevant but I told my flatmate about the proxy and he said he had set it up for me last month and I had forgotten because I didn't really use it! Silly me!

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 12 July 2011 - 06:20 PM

Hello, Lenny Toucan.
Thanks for letting me know...I'll leave the proxy as is then. Let's move on.



Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :files
    c:\documents and settings\All Users\Application Data\~17096484.vir
    c:\documents and settings\All Users\Application Data\~17096484r.vir
    c:\documents and settings\All Users\Application Data\17096484.vir
    c:\documents and settings\All Users\Application Data\~19324708.vir
    c:\documents and settings\All Users\Application Data\~19324708r.vir
    c:\documents and settings\All Users\Application Data\19324708.vir
    :OTL
    O2 - BHO: (no name) - {0DB6DC1B-13A3-4E5F-B41E-6AE7F2235874} - File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKU\S-1-5-21-4087772427-1690550294-72185382-1005..\Run: [BitTorrent] File not found
    O4 - HKU\S-1-5-21-4087772427-1690550294-72185382-1005..\Run: [wItHAvlLNNUfMh] File not found
    @Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26205E86
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5520ED93
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8F070C2
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFFC9DD0
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01AAB269
    :Commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 Lenny Toucan

Lenny Toucan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 13 July 2011 - 07:03 AM

Run Fix Report:

All processes killed
========== FILES ==========
c:\documents and settings\All Users\Application Data\~17096484.vir moved successfully.
c:\documents and settings\All Users\Application Data\~17096484r.vir moved successfully.
c:\documents and settings\All Users\Application Data\17096484.vir moved successfully.
c:\documents and settings\All Users\Application Data\~19324708.vir moved successfully.
c:\documents and settings\All Users\Application Data\~19324708r.vir moved successfully.
c:\documents and settings\All Users\Application Data\19324708.vir moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0DB6DC1B-13A3-4E5F-B41E-6AE7F2235874}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DB6DC1B-13A3-4E5F-B41E-6AE7F2235874}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-4087772427-1690550294-72185382-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-4087772427-1690550294-72185382-1005\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent not found.
Registry value HKEY_USERS\S-1-5-21-4087772427-1690550294-72185382-1005\Software\Microsoft\Windows\CurrentVersion\Run\\wItHAvlLNNUfMh not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:206470A5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:26205E86 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5520ED93 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F8F070C2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CFFC9DD0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:01AAB269 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 61406633 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 396 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: Vikki
->Temp folder emptied: 1282596 bytes
->Temporary Internet Files folder emptied: 16399886 bytes
->Java cache emptied: 21041048 bytes
->FireFox cache emptied: 111841732 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 59775 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 94208 bytes
%systemroot%\System32 .tmp files removed: 4470801 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 462 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2936585 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 210.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07132011_124504

Files\Folders moved on Reboot...
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\X8NIOXQT\640333491305213094647687[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\X8NIOXQT\redirect_v92_cim_11_10_4[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\X8NIOXQT\v=4;m=3;l=15728;c=157591;b=1449166;ts=20110713124323[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\X0I9JZTB\generatehtml[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\X0I9JZTB\statstracker[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\X0I9JZTB\v=4;m=3;l=15729;c=158830;b=1457659;ts=20110713124332[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\VG30KLKN\11310557394@Frame1[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\VG30KLKN\v=4;m=3;l=15727;c=157591;b=1449164;ts=20110713124313[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\SQFJKTU1\;ord=1304783507[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\SQFJKTU1\afr[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\SQFJKTU1\news-18-hottest-links-week[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\R3WHW1X6\1[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\R3WHW1X6\3[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\NCYAT56U\generatehtml[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\NCYAT56U\iframescript[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\NCYAT56U\if[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\NCYAT56U\v=4%3Bm=2%3Bl=15727%3Bc=158830%3Bb=1457655%3Bts=1310557415%3Bdct=;ord=1310557415[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\NCYAT56U\v=4%3Bm=2%3Bl=15728%3Bc=157591%3Bb=1449166%3Bts=1310557403%3Bdct=;ord=1310557403[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\NCYAT56U\v=4%3Bm=2%3Bl=15729%3Bc=158830%3Bb=1457659%3Bts=1310557413%3Bdct=;ord=1310557413[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\I1GWIUVE\17752bc84ea@Frame1[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\I1GWIUVE\v=4;m=3;l=15727;c=158830;b=1457655;ts=20110713124335[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\HCTG72W3\sandbox[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\EZ5VIWRE\click[2].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\EZ5VIWRE\kim-kardashian-khloe-28[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\9H06EQ1S\v=4%3Bm=2%3Bl=15727%3Bc=157591%3Bb=1449164%3Bts=1310557394%3Bdct=;ord=1310557394[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\9H06EQ1S\v=4;m=3;l=15729;c=156294;b=1441154;ts=20110713124324[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\7B3KYLIM\ck[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\7B3KYLIM\iframe_v92_cim_11_10_4[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\42IMPKYA\afr[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\42IMPKYA\fan[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\42IMPKYA\login_status[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\16WH9LF3\11310557403@Frame1[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\Content.IE5\16WH9LF3\v[1].htm moved successfully.
C:\Documents and Settings\Vikki\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...


Scan Log:

OTL logfile created on: 13/07/2011 12:53:35 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Vikki\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1011.88 Mb Total Physical Memory | 223.72 Mb Available Physical Memory | 22.11% Memory free
2.37 Gb Paging File | 1.66 Gb Available in Paging File | 70.15% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.05 Gb Total Space | 48.89 Gb Free Space | 34.66% Space Free | Partition Type: NTFS

Computer Name: BABYCAKES | User Name: Vikki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/13 12:44:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vikki\My Documents\Downloads\OTL(1).exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/16 05:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/04 18:58:48 | 001,099,136 | ---- | M] (mSpot) -- C:\Program Files\mSpot\mSpot\mSpot.exe
PRC - [2011/03/22 19:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/02/03 14:57:56 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/01/25 18:11:40 | 000,224,352 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\YouCam\YouCam.exe
PRC - [2010/01/25 18:11:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe
PRC - [2009/12/11 15:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/11/19 17:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/09/29 13:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
PRC - [2009/09/29 13:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009/09/29 13:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009/09/29 12:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009/06/03 10:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009/04/14 13:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/01/10 20:24:38 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2008/11/27 12:00:58 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/09/12 15:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/25 17:06:30 | 002,027,792 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/07/25 17:02:54 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/07/25 17:02:32 | 000,403,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/07/20 01:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/07/20 01:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2005/08/01 08:05:04 | 000,094,208 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2300 Series\ezprint.exe
PRC - [2005/07/25 15:25:18 | 000,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcgcoms.exe
PRC - [2005/07/21 02:07:22 | 000,200,704 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 2300 Series\lxcgmon.exe


========== Modules (SafeList) ==========

MOD - [2011/07/13 12:44:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vikki\My Documents\Downloads\OTL(1).exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/07/20 01:40:36 | 000,113,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2008/11/27 12:00:58 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/09/12 15:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/07/20 01:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/07/20 01:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/07/20 01:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2005/07/25 15:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/06/13 20:50:48 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/25 18:12:40 | 000,027,504 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\clwvd.sys -- (clwvd)
DRV - [2009/09/15 21:04:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/06/10 17:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/02/24 04:22:48 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2009/02/03 07:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/01/20 11:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/30 04:02:32 | 001,346,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2007/10/01 14:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/08/08 11:12:40 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/07/20 01:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/20 01:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/07/19 01:44:22 | 003,599,000 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2007/07/19 01:44:22 | 000,022,296 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007/07/19 01:44:00 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/19 01:42:29 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/07/18 18:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0909&m=ao531h


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101806&l=dis
IE - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.toodledo.com/views/index.php#"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: wikilook@testpilot:2.5.5
FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:3.3.51
FF - prefs.js..network.proxy.backup.ftp: "69.178.68.212"
FF - prefs.js..network.proxy.backup.ftp_port: 27977
FF - prefs.js..network.proxy.backup.gopher: "69.178.68.212"
FF - prefs.js..network.proxy.backup.gopher_port: 27977
FF - prefs.js..network.proxy.backup.socks: "69.178.68.212"
FF - prefs.js..network.proxy.backup.socks_port: 27977
FF - prefs.js..network.proxy.backup.ssl: "69.178.68.212"
FF - prefs.js..network.proxy.backup.ssl_port: 27977
FF - prefs.js..network.proxy.ftp: "129.105.15.38"
FF - prefs.js..network.proxy.ftp_port: 3127
FF - prefs.js..network.proxy.gopher: "129.105.15.38"
FF - prefs.js..network.proxy.gopher_port: 3127
FF - prefs.js..network.proxy.http: "129.105.15.38"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "129.105.15.38"
FF - prefs.js..network.proxy.socks_port: 3127
FF - prefs.js..network.proxy.ssl: "129.105.15.38"
FF - prefs.js..network.proxy.ssl_port: 3127
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Vikki\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/21 12:57:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 15:52:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/10 23:44:16 | 000,000,000 | ---D | M]

[2009/09/18 16:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vikki\Application Data\Mozilla\Extensions
[2011/06/10 23:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vikki\Application Data\Mozilla\Firefox\Profiles\cm5bh7xb.default\extensions
[2010/04/30 09:32:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Vikki\Application Data\Mozilla\Firefox\Profiles\cm5bh7xb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/08 19:58:38 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Documents and Settings\Vikki\Application Data\Mozilla\Firefox\Profiles\cm5bh7xb.default\extensions\facepad@lazyrussian.com
[2011/06/01 17:50:18 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Documents and Settings\Vikki\Application Data\Mozilla\Firefox\Profiles\cm5bh7xb.default\extensions\video.downloader.plugin@ffpimp.com
[2010/06/24 14:03:40 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Vikki\Application Data\Mozilla\Firefox\Profiles\cm5bh7xb.default\searchplugins\imdb.xml
[2010/06/24 14:04:51 | 000,001,180 | ---- | M] () -- C:\Documents and Settings\Vikki\Application Data\Mozilla\Firefox\Profiles\cm5bh7xb.default\searchplugins\urban-dictionary.xml
[2011/07/01 15:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\VIKKI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CM5BH7XB.DEFAULT\EXTENSIONS\WIKILOOK@TESTPILOT.XPI
[2010/01/21 19:49:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/16 05:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/06/15 22:14:35 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/12 20:55:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [LXCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [lxcgmon.exe] C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [mSpot] C:\Program Files\mSpot\mSpot\mSpot.exe (mSpot)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4087772427-1690550294-72185382-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Vikki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vikki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/26 19:35:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/13 12:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/07/13 12:45:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/13 12:43:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/12 21:17:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/12 13:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 9.0
[2011/07/12 12:54:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/12 12:48:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/12 12:48:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/12 12:48:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/12 12:48:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/12 12:46:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/11 10:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BitTorrent
[2011/07/11 10:27:12 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Vikki\Desktop\aswMBR.exe
[2011/07/01 17:41:20 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Vikki\Desktop\dds.scr
[2011/07/01 15:49:07 | 013,683,064 | ---- | C] (Mozilla) -- C:\Documents and Settings\Vikki\Desktop\Firefox Setup 5.0.exe
[2011/07/01 11:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/07/01 11:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/07/01 11:12:24 | 006,284,664 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Vikki\Desktop\Silverlight.exe
[2011/06/30 23:29:43 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\Vikki\Desktop\fsbl.exe
[2011/06/30 22:52:38 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Vikki\Desktop\RootRepeal.exe
[2011/06/30 22:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vikki\Desktop\RootRepeal
[2011/06/29 22:37:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vikki\Start Menu\Programs\Administrative Tools
[2011/06/29 22:36:23 | 004,129,550 | R--- | C] (Swearware) -- C:\Documents and Settings\Vikki\Desktop\ComboFix.exe
[2011/06/29 22:35:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/29 22:10:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/29 21:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vikki\Desktop\iexplorer
[2011/06/29 18:24:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vikki\Recent
[2011/06/29 16:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iexplorer
[2011/06/22 18:01:26 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/06/21 18:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vikki\Application Data\Frogwares
[2011/06/21 15:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dracula - Love Kills Collector's Edition
[2011/06/21 14:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/06/21 14:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/06/21 14:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011/06/21 14:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2011/06/21 14:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2011/06/21 13:50:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Mystery Legends Sleepy Hollow
[2011/06/21 13:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vikki\Application Data\DDMSettings
[2011/06/20 21:18:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/06/16 23:45:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/06/11 17:02:03 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
[2010/06/11 17:02:03 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll
[2010/06/11 17:02:03 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
[2010/06/11 17:02:03 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcoms.exe
[2010/06/11 17:02:03 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
[2010/06/11 17:02:03 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
[2010/06/11 17:02:03 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgih.exe
[2010/06/11 17:02:03 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
[2010/06/11 17:02:03 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
[2009/06/24 06:42:00 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/06/24 06:41:58 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/02/27 03:19:16 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/07/13 12:48:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/13 12:48:37 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/12 20:55:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/12 12:54:48 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/12 12:19:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vikki\Local Settings\Application Data\prvlcl.dat
[2011/07/12 12:07:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/11 10:38:12 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\MBR.dat
[2011/07/11 10:28:23 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Vikki\Desktop\aswMBR.exe
[2011/07/11 10:27:00 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\unhide.exe
[2011/07/11 01:35:32 | 000,118,272 | ---- | M] () -- C:\Documents and Settings\Vikki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/01 17:41:35 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Vikki\Desktop\dds.scr
[2011/07/01 15:49:07 | 013,683,064 | ---- | M] (Mozilla) -- C:\Documents and Settings\Vikki\Desktop\Firefox Setup 5.0.exe
[2011/07/01 13:28:44 | 000,016,862 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\downloading.htm
[2011/07/01 11:12:24 | 006,284,664 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Vikki\Desktop\Silverlight.exe
[2011/06/30 23:29:48 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\Vikki\Desktop\fsbl.exe
[2011/06/30 22:52:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\settings.dat
[2011/06/30 22:52:11 | 000,465,298 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\RootRepeal.rar
[2011/06/30 10:55:25 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\RKUnhookerLE.EXE
[2011/06/30 10:21:55 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\Shortcut to mbam.exe.lnk
[2011/06/30 09:57:14 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\SecurityCheck.exe
[2011/06/29 22:55:45 | 001,008,041 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\rkill.com
[2011/06/29 22:37:22 | 004,129,550 | R--- | M] (Swearware) -- C:\Documents and Settings\Vikki\Desktop\ComboFix.exe
[2011/06/29 19:12:00 | 001,317,103 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\iexplorer.zip
[2011/06/29 16:19:16 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\Vikki\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 11:15:11 | 000,437,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/25 11:15:11 | 000,069,650 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/23 11:57:29 | 000,013,725 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\untitled.JPG
[2011/06/23 11:50:31 | 000,082,766 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\untitled.bmp
[2011/06/22 19:04:10 | 000,000,534 | ---- | M] () -- C:\Documents and Settings\Vikki\Desktop\Shortcut to MSc.lnk
[2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/06/17 00:01:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/07/12 12:54:46 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/12 12:54:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/12 12:48:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/12 12:48:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/12 12:48:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/12 12:48:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/12 12:48:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/11 10:38:12 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\MBR.dat
[2011/07/11 10:36:22 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/11 10:36:22 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/07/11 10:36:21 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/11 10:36:21 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/11 10:36:18 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Vikki\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/11 10:36:18 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Vikki\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/11 10:36:18 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\Vikki\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/11 10:36:18 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Vikki\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/11 10:36:10 | 000,001,457 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
[2011/07/11 10:36:06 | 000,001,924 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/07/11 10:36:06 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2011/07/11 10:36:06 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/07/11 10:36:06 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/11 10:36:06 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/11 10:36:05 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/11 10:36:05 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/11 10:36:05 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2011/07/11 10:36:05 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/07/11 10:26:45 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\unhide.exe
[2011/07/01 18:44:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\gmer.exe
[2011/07/01 15:52:13 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\Vikki\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/01 15:52:13 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/01 15:52:13 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/01 13:28:49 | 000,016,862 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\downloading.htm
[2011/06/30 22:52:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\settings.dat
[2011/06/30 22:52:11 | 000,465,298 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\RootRepeal.rar
[2011/06/30 10:55:25 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\RKUnhookerLE.EXE
[2011/06/30 10:21:55 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\Shortcut to mbam.exe.lnk
[2011/06/30 09:57:14 | 000,879,028 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\SecurityCheck.exe
[2011/06/29 22:55:45 | 001,008,041 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\rkill.com
[2011/06/29 21:23:47 | 001,317,103 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\iexplorer.zip
[2011/06/23 11:55:26 | 000,013,725 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\untitled.JPG
[2011/06/23 11:50:30 | 000,082,766 | ---- | C] () -- C:\Documents and Settings\Vikki\Desktop\untitled.bmp
[2011/06/16 23:47:05 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/12/07 14:10:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2010/10/01 18:52:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/10/01 16:56:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Vikki\Local Settings\Application Data\prvlcl.dat
[2010/08/27 18:57:24 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\swk.ini
[2010/06/11 17:02:03 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2010/04/25 17:46:51 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Vikki\Application Data\setup_ldm.iss
[2010/03/25 17:16:43 | 000,058,163 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/03 21:02:07 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/26 21:53:22 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\Vikki\Application Data\wklnhst.dat
[2009/12/16 19:43:11 | 000,055,376 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/27 21:50:26 | 000,069,361 | ---- | C] () -- C:\WINDOWS\Huawei ModemsUninstall.exe
[2009/11/16 20:04:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/18 18:45:24 | 000,118,272 | ---- | C] () -- C:\Documents and Settings\Vikki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/18 16:42:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/24 06:42:00 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/06/24 06:42:00 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/06/24 06:42:00 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009/02/27 03:18:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/02/27 03:18:52 | 000,437,590 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/27 03:18:52 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/02/27 03:18:52 | 000,069,650 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/27 03:18:52 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/02/27 03:18:51 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/02/27 03:18:51 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/02/27 03:18:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/02/27 03:18:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/02/27 03:18:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/02/27 03:18:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/02/27 03:18:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/02/26 21:21:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/26 20:28:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/02/26 20:25:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/02/26 20:25:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/02/26 20:25:57 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/02/26 20:25:57 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/02/26 20:25:57 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/02/26 19:38:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/02/26 19:38:18 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/02/26 19:37:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/26 19:33:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/26 19:32:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/02/26 19:30:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/26 19:29:24 | 000,251,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/25 03:20:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2007/07/18 18:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >


MalwareBytes Report:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7112

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

13/07/2011 13:12:05
mbam-log-2011-07-13 (13-12-05).txt

Scan type: Quick scan
Objects scanned: 151532
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Upgrade seemed to go ok, and as you can see no malicious items were found, so I had nothing to delete.


Looks like good news?

Edited by Lenny Toucan, 13 July 2011 - 07:15 AM.


#10 Lenny Toucan

Lenny Toucan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 13 July 2011 - 07:49 AM

Thought I should add this as it worries me...

Left the computer on while I went to have lunch, when I came back just now, I had a pop up message saying 'Outlook is not set as your default email client, would you like to set it as your default client now?' (or words to that effect). I clicked no, as I never use outlook, and a new outlook window opened as if I was about to write a new email. Everything was blank except for the address, which had 'privacy@twitter.com' in it. I have got no idea how/why this window opened as I had not asked it to. Could my computer still be compromised?

Thanks

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 13 July 2011 - 05:39 PM

Hello, Lenny Toucan.

It is possible, although that is a legimate safe email address at Twitter..it sounds more like someone clicked on it on a webapge or something while you were away. To be safe, I want to re-run aswMBR. There was a likely false positive I wanted to investigate later, and later is now. :)

We need to run defogger first.



Step 1

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.



Step 2

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 Lenny Toucan

Lenny Toucan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 14 July 2011 - 03:20 AM

The defogger didn't ask me to reboot the computer, but maybe that's because I don't have a CD drive (it's a netbook), so I'm pretty sure I don't have a CD emulation drive. I appreciate that probably makes me look really stupid but oh well, I ran it anyway just to be sure!

Anyway, here's the log:

aswMBR version 0.9.7.707 Copyright© 2011 AVAST Software
Run date: 2011-07-14 08:51:23
-----------------------------
08:51:23.093 OS Version: Windows 5.1.2600 Service Pack 3
08:51:23.093 Number of processors: 2 586 0x1C02
08:51:23.093 ComputerName: BABYCAKES UserName: Vikki
08:51:24.562 Initialize success
08:51:57.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
08:51:57.203 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
08:51:57.218 Disk 0 MBR read successfully
08:51:57.218 Disk 0 MBR scan
08:51:57.218 Disk 0 unknown MBR code
08:51:57.234 Disk 0 MBR hidden
08:51:57.234 Disk 0 scanning sectors +312578048
08:51:57.281 Disk 0 scanning C:\WINDOWS\system32\drivers
08:52:16.281 Service scanning
08:52:18.203 Disk 0 trace - called modules:
08:52:18.265 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865f7f16]<<
08:52:18.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fcf9c0]
08:52:18.281 3 CLASSPNP.SYS[f77a7fd7] -> nt!IofCallDriver -> \Device\00000074[0x86fd05e0]
08:52:18.281 5 ACPI.sys[f771e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86f79028]
08:52:18.312 \Driver\iaStor[0x86f7d298] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x865f7f16
08:52:18.328 Scan finished successfully
09:20:18.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Vikki\Desktop\MBR.dat"
09:20:19.671 The log file has been saved successfully to "C:\Documents and Settings\Vikki\Desktop\aswMBR2.txt"

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 14 July 2011 - 06:00 PM

You don't sound stupid, don't worry! Most people don't know what they are. They can be quite handy. If you have an image of a CD, but not a CD drive, you can load the file and read it as if you did have a CD drive. It emulates as if you had inserted a CD, hence the name.

I'm still seeing the UNKNOWN entry, which is quite suspicious, but not definitively a virus. Do you have a blank flash drive? I would like to dump your MBR (the thing we're looking at with the log) and take a look at it to see if it is a virus or just a false positive.

Edited by etavares, 14 July 2011 - 06:00 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 Lenny Toucan

Lenny Toucan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 15 July 2011 - 05:43 AM

How big does the flashdrive have to be? I've got a 250mb one that I can clear, or my flatmate has an 8g one which I might be able to use, but obviously only if it's safe to do so and won't infect his computer or damage the drive.

Thanks

EDIT: Oh and also, everytime I start up Firefox I get a message saying it is not currently set as my default browser, and would I like to change it, and even though I always click yes, it still asks me, which seems a little fishy to me, so thought I'd mention it :)

Edited by Lenny Toucan, 15 July 2011 - 01:55 PM.


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 15 July 2011 - 04:01 PM

Hello, Lenny Toucan.


A 250MB one will work.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Copy/paste the following command and press enter:

    dd if=/dev/sda of=mbr.txt bs=512 count=1
  • When done a file, mbr.txt, will be created on your USB drive. Please attach that file to your reply.

Please note - all text entries are case sensitive



etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users