Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Security 2012 Removal left no internet connection


  • This topic is locked This topic is locked
15 replies to this topic

#1 kloiga

kloiga

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 08 October 2011 - 07:17 PM

Hi,

I was recently infected with something referred to as XP Security 2012. After finding good information here I believe I was able to remove it, fix the registry and remove the root kit. However, I am still unable to connect to the internet via a Netgear WG111 wireless adapter.

I have tried several things based on information here to take care of this. The Windows firewall ICS service cannot be started - Error 10050 - A socket operation encountered a dead network. I have no problem connecting to the network with any other computer.

Any help would be greatly appreciated. Following the Preparation Guide, here are the necessary log files:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.0.0
Run by Owner at 14:59:17 on 2011-10-08
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2551.1969 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\sesinetd.exe
C:\WINDOWS\system32\hserver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Java\jre7\bin\jqs.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.webcrawler.com/
uSearch Page =
mLocal Page = hxxp://www.webcrawler.com/
mStart Page =
mDefault_Page_URL = hxxp://www.webcrawler.com/
mDefault_Search_URL =
mSearch Page =
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
mSearchAssistant =
mCustomizeSearch = hxxp://ie.search.msn.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {fb8fbfde-8bad-4170-ada2-43d983a111f8} - c:\windows\system32\bfggc.dll
EB: LeftFrame Class: {000d2cc0-2f6f-4fcf-a839-0921bcc7aa04} - c:\windows\enhtb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TimeCalendar] "c:\program files\timecalendarle\TCLE.exe" auto
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [iTunesHelper] "c:\video\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [EPSON Stylus Photo RX680 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_faticja.exe /fu "c:\windows\temp\E_S4.tmp" /EF "HKCU"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartw~1.lnk - c:\program files\netgear\wg111 configuration utility\WG111CFG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wg111v~1.lnk - c:\program files\netgear\wg111v2 configuration utility\RtlWake.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/LSSupCtl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} -
Handler: bt2 - {1730B77B-F429-498f-9B15-4514D83C8294} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\sqlbbkk.dll bijotozu.dll c:\windows\system32\jefosodi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: beropemub - {3ce8b097-ab61-4dc4-ad07-37552f4e4f83} - c:\windows\system32\jefosodi.dll
STS: mujuzedij: {3ce8b097-ab61-4dc4-ad07-37552f4e4f83} - c:\windows\system32\jefosodi.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\internet\email\eudora tir na nog\EuShlExt.dll
LSA: Notification Packages = scecli zafifiwo.dll
Hosts: 91.212.65.122 browser-security.microsoft.com
Hosts: 91.212.65.122 spyware-protector-2009.com
Hosts: 91.212.65.122 www.spyware-protector-2009.com
Hosts: 91.212.65.122 secure.spyware-protector-2009.com
Hosts: 91.212.65.122 knocker
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\4xw0c9j5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-9-8 66048]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-21 136176]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-21 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-9-3 24576]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-9-8 167808]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2007-9-8 13532]
S4 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S4 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
.
=============== Created Last 30 ================
.
2011-10-08 18:13:19 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-05 03:51:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-05 03:51:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-04 19:09:33 -------- d-----w- c:\documents and settings\owner\application data\HhTXwjUCeItPyAi
2011-10-04 19:09:32 -------- d-----w- c:\documents and settings\owner\application data\z2ibD3pnGaHdKfL
2011-10-04 17:20:07 -------- d-----w- c:\documents and settings\owner\application data\PkkUUVrlOBtx0uS
2011-10-04 17:20:06 -------- d-----w- c:\documents and settings\owner\application data\tQJJ77dEK8gRqhX
2011-10-04 17:19:17 -------- d-----w- c:\documents and settings\owner\application data\F2oobFF4p
.
==================== Find3M ====================
.
2011-10-08 18:12:58 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-22 00:56:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
============= FINISH: 15:00:17.46 ===============

Attached Files

  • Attached File  dds.txt   9.94KB   1 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:43 PM

Posted 13 October 2011 - 07:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422558 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 kloiga

kloiga
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 15 October 2011 - 12:32 AM

Hi,

As requested by HelpBot, I am restating my issue and re-posting my logs.

I was recently infected with something referred to as XP Security 2012. After finding good information here I believe I was able to remove it, fix the registry and remove the root kit. However, I am still unable to connect to the internet via a Netgear WG111 wireless adapter.

I have tried several things based on information here to take care of this. The Windows firewall ICS service cannot be started - Error 10050 - A socket operation encountered a dead network. I have no problem connecting to the network with any other computer.

I do not have an original Windows CD/DVD available.

Any help would be greatly appreciated. Following the Preparation Guide, here are the necessary log files:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.0.0
Run by Owner at 19:47:13 on 2011-10-14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2551.2026 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\sesinetd.exe
C:\WINDOWS\system32\hserver.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.webcrawler.com/
uSearch Page =
mLocal Page = hxxp://www.webcrawler.com/
mStart Page =
mDefault_Page_URL = hxxp://www.webcrawler.com/
mDefault_Search_URL =
mSearch Page =
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
mSearchAssistant =
mCustomizeSearch = hxxp://ie.search.msn.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {fb8fbfde-8bad-4170-ada2-43d983a111f8} - c:\windows\system32\bfggc.dll
EB: LeftFrame Class: {000d2cc0-2f6f-4fcf-a839-0921bcc7aa04} - c:\windows\enhtb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TimeCalendar] "c:\program files\timecalendarle\TCLE.exe" auto
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [iTunesHelper] "c:\video\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [EPSON Stylus Photo RX680 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_faticja.exe /fu "c:\windows\temp\E_S4.tmp" /EF "HKCU"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartw~1.lnk - c:\program files\netgear\wg111 configuration utility\WG111CFG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wg111v~1.lnk - c:\program files\netgear\wg111v2 configuration utility\RtlWake.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/LSSupCtl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} -
Handler: bt2 - {1730B77B-F429-498f-9B15-4514D83C8294} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\sqlbbkk.dll bijotozu.dll c:\windows\system32\jefosodi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: beropemub - {3ce8b097-ab61-4dc4-ad07-37552f4e4f83} - c:\windows\system32\jefosodi.dll
STS: mujuzedij: {3ce8b097-ab61-4dc4-ad07-37552f4e4f83} - c:\windows\system32\jefosodi.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\internet\email\eudora tir na nog\EuShlExt.dll
LSA: Notification Packages = scecli zafifiwo.dll
Hosts: 91.212.65.122 browser-security.microsoft.com
Hosts: 91.212.65.122 spyware-protector-2009.com
Hosts: 91.212.65.122 www.spyware-protector-2009.com
Hosts: 91.212.65.122 secure.spyware-protector-2009.com
Hosts: 91.212.65.122 knocker
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\4xw0c9j5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-9-8 66048]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-21 136176]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-21 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-9-3 24576]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-9-8 167808]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2007-9-8 13532]
S4 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S4 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
.
=============== Created Last 30 ================
.
2011-10-10 00:34:55 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2011-10-08 18:13:19 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-05 03:51:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-05 03:51:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-04 19:09:33 -------- d-----w- c:\documents and settings\owner\application data\HhTXwjUCeItPyAi
2011-10-04 19:09:32 -------- d-----w- c:\documents and settings\owner\application data\z2ibD3pnGaHdKfL
2011-10-04 17:20:07 -------- d-----w- c:\documents and settings\owner\application data\PkkUUVrlOBtx0uS
2011-10-04 17:20:06 -------- d-----w- c:\documents and settings\owner\application data\tQJJ77dEK8gRqhX
2011-10-04 17:19:17 -------- d-----w- c:\documents and settings\owner\application data\F2oobFF4p
.
==================== Find3M ====================
.
2011-10-08 18:12:58 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-22 00:56:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 19:48:42.23 ===============



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-15 01:45:24
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SV1204H rev.RK100-09
Running: ohw1iq9v G-M-E_R - detects rootkits - filename randomly generated to fool malware .exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ugldapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB37259$\1562456917 0 bytes
File C:\WINDOWS\$NtUninstallKB37259$\1562456917\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB37259$\1562456917\bckfg.tmp 823 bytes
File C:\WINDOWS\$NtUninstallKB37259$\1562456917\cfg.ini 198 bytes
File C:\WINDOWS\$NtUninstallKB37259$\1562456917\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB37259$\1562456917\keywords 14 bytes
File C:\WINDOWS\$NtUninstallKB37259$\1562456917\kwrd.dll 208896 bytes
File C:\WINDOWS\$NtUninstallKB37259$\1562456917\L 0 bytes
File C:\WINDOWS\$NtUninstallKB37259$\1562456917\L\mtrhtpie 138368 bytes
File C:\WINDOWS\$NtUninstallKB37259$\1562456917\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB37259$\1562456917\U 0 bytes
File C:\WINDOWS\$NtUninstallKB37259$\1562456917\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB37259$\1562456917\U\00000002.@ 209920 bytes
File C:\WINDOWS\$NtUninstallKB37259$\1562456917\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB37259$\1562456917\U\80000032.@ 71168 bytes
File C:\WINDOWS\$NtUninstallKB37259$\219424909 0 bytes

---- EOF - GMER 1.0.15 ----

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:43 AM

Posted 15 October 2011 - 07:53 AM

Hello kloiga and welcome to BC. :)

After finding good information here I believe I was able to remove it, fix the registry and remove the root kit.

The computer is still infected. Can you please tell me the things that you did or tools that you have run, if any.


:step1: Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.


:step2: Download OTL by OldTimer from one of the links below:

Link 1
Link 2

  • Save it to your desktop.
  • Close all open windows on the Task Bar.
  • Double click the OTL icon to run the program (run as Administrator for Windows Vista/7).
  • Put a check mark on Scan All Users.
  • Click the Run Scan button and let it run uninterrupted.
  • It will create two reports namely OTL.txt (will be opened) and Extras.txt (will be minimized).
  • Post the contents of both reports when you reply.
  • Exit OTL.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 kloiga

kloiga
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 15 October 2011 - 10:08 AM

Hi sempei and thanks for the assistance!

The computer is still infected. Can you please tell me the things that you did or tools that you have run, if any.


I do not remember everything I did as much of it seemed to be troubleshooting. I do know that TDSKiller was ran after troubleshooting and Malwarebytes was ran twice after that, once in safe mode and once in normal mode.

Also, because I have no connection on the infected computer, I've been using a laptop and jumpdrive to move tools back and forth to run. As per your instructions, I am now running TDSKiller and OTL after re-downloading and moving to the desktop. I don't know if it's possible for me to infect my laptop via the jumpdrive, so any insight you have on that would be much appreciated.

The newest TDSKiller log is below. OTL caused a Windows prompt titled "Windows - No Disk" with the message "Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c" with the option to Cancel, Try Again, or Continue. At first, all three buttons simply caused the prompt to reappear, but after about 2 minutes I hit Continue and it worked.

If I'm typing too much, forgive me, this is my first time doing this sort of thing on a forum and I don't want to frustrate you with too much or too little information! :)


10:57:16.0093 1436 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
10:57:16.0109 1436 ============================================================
10:57:16.0109 1436 Current date / time: 2011/10/15 10:57:16.0109
10:57:16.0109 1436 SystemInfo:
10:57:16.0109 1436
10:57:16.0109 1436 OS Version: 5.1.2600 ServicePack: 2.0
10:57:16.0109 1436 Product type: Workstation
10:57:16.0109 1436 ComputerName: PICKLE
10:57:16.0109 1436 UserName: Owner
10:57:16.0109 1436 Windows directory: C:\WINDOWS
10:57:16.0109 1436 System windows directory: C:\WINDOWS
10:57:16.0109 1436 Processor architecture: Intel x86
10:57:16.0109 1436 Number of processors: 2
10:57:16.0109 1436 Page size: 0x1000
10:57:16.0109 1436 Boot type: Normal boot
10:57:16.0109 1436 ============================================================
10:57:17.0671 1436 Initialize success
10:57:51.0500 0776 ============================================================
10:57:51.0500 0776 Scan started
10:57:51.0500 0776 Mode: Manual;
10:57:51.0500 0776 ============================================================
10:57:51.0859 0776 Abiosdsk - ok
10:57:51.0953 0776 abp480n5 - ok
10:57:52.0046 0776 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:57:52.0062 0776 ACPI - ok
10:57:52.0171 0776 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:57:52.0171 0776 ACPIEC - ok
10:57:52.0265 0776 adpu160m - ok
10:57:52.0390 0776 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
10:57:52.0406 0776 aec - ok
10:57:52.0515 0776 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:57:52.0515 0776 AegisP - ok
10:57:52.0625 0776 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
10:57:52.0640 0776 Afc - ok
10:57:52.0750 0776 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:57:52.0750 0776 agp440 - ok
10:57:52.0828 0776 Aha154x - ok
10:57:52.0906 0776 aic78u2 - ok
10:57:52.0984 0776 aic78xx - ok
10:57:53.0125 0776 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
10:57:53.0187 0776 ALCXSENS - ok
10:57:53.0390 0776 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
10:57:53.0453 0776 ALCXWDM - ok
10:57:53.0546 0776 AliIde - ok
10:57:53.0656 0776 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
10:57:53.0671 0776 AmdK7 - ok
10:57:53.0750 0776 amsint - ok
10:57:53.0843 0776 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:57:53.0859 0776 Arp1394 - ok
10:57:53.0937 0776 asc - ok
10:57:54.0015 0776 asc3350p - ok
10:57:54.0093 0776 asc3550 - ok
10:57:54.0218 0776 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:57:54.0234 0776 AsyncMac - ok
10:57:54.0343 0776 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:57:54.0343 0776 atapi - ok
10:57:54.0421 0776 Atdisk - ok
10:57:54.0546 0776 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:57:54.0546 0776 Atmarpc - ok
10:57:54.0656 0776 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:57:54.0671 0776 audstub - ok
10:57:54.0781 0776 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
10:57:54.0796 0776 AVGIDSDriver - ok
10:57:54.0890 0776 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
10:57:54.0906 0776 AVGIDSEH - ok
10:57:55.0000 0776 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
10:57:55.0000 0776 AVGIDSFilter - ok
10:57:55.0109 0776 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
10:57:55.0125 0776 AVGIDSShim - ok
10:57:55.0218 0776 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
10:57:55.0234 0776 Avgldx86 - ok
10:57:55.0453 0776 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
10:57:55.0468 0776 Avgmfx86 - ok
10:57:55.0562 0776 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
10:57:55.0578 0776 Avgrkx86 - ok
10:57:55.0687 0776 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
10:57:55.0703 0776 Avgtdix - ok
10:57:55.0796 0776 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:57:55.0812 0776 Beep - ok
10:57:55.0921 0776 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:57:55.0921 0776 cbidf2k - ok
10:57:56.0015 0776 cd20xrnt - ok
10:57:56.0109 0776 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:57:56.0125 0776 Cdaudio - ok
10:57:56.0250 0776 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
10:57:56.0265 0776 Cdfs - ok
10:57:56.0375 0776 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:57:56.0390 0776 Cdrom - ok
10:57:56.0453 0776 Changer - ok
10:57:56.0546 0776 CmdIde - ok
10:57:56.0640 0776 Cpqarray - ok
10:57:56.0718 0776 dac2w2k - ok
10:57:56.0796 0776 dac960nt - ok
10:57:56.0906 0776 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
10:57:56.0921 0776 Disk - ok
10:57:57.0062 0776 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
10:57:57.0171 0776 dmboot - ok
10:57:57.0265 0776 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
10:57:57.0281 0776 dmio - ok
10:57:57.0375 0776 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:57:57.0390 0776 dmload - ok
10:57:57.0500 0776 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
10:57:57.0515 0776 DMusic - ok
10:57:57.0578 0776 dpti2o - ok
10:57:57.0671 0776 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
10:57:57.0687 0776 drmkaud - ok
10:57:57.0796 0776 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
10:57:57.0812 0776 EAPPkt - ok
10:57:57.0937 0776 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
10:57:57.0953 0776 Fastfat - ok
10:57:58.0031 0776 fasttx2k (c3901c5b9e491daa8c96d4219f691ef5) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
10:57:58.0046 0776 fasttx2k - ok
10:57:58.0156 0776 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:57:58.0156 0776 Fdc - ok
10:57:58.0234 0776 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
10:57:58.0250 0776 Fips - ok
10:57:58.0343 0776 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:57:58.0343 0776 Flpydisk - ok
10:57:58.0453 0776 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
10:57:58.0500 0776 FltMgr - ok
10:57:58.0578 0776 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:57:58.0593 0776 Fs_Rec - ok
10:57:58.0671 0776 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:57:58.0687 0776 Ftdisk - ok
10:57:58.0812 0776 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\drivers\gearaspiwdm.sys
10:57:58.0828 0776 GearAspiWDM - ok
10:57:58.0921 0776 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:57:58.0921 0776 Gpc - ok
10:57:59.0062 0776 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:57:59.0078 0776 HidUsb - ok
10:57:59.0156 0776 hpn - ok
10:57:59.0281 0776 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:57:59.0296 0776 HPZid412 - ok
10:57:59.0421 0776 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:57:59.0421 0776 HPZipr12 - ok
10:57:59.0562 0776 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:57:59.0578 0776 HPZius12 - ok
10:57:59.0718 0776 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
10:57:59.0718 0776 HTCAND32 - ok
10:57:59.0859 0776 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
10:57:59.0890 0776 HTTP - ok
10:57:59.0984 0776 i2omgmt - ok
10:58:00.0078 0776 i2omp - ok
10:58:00.0171 0776 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:58:00.0187 0776 i8042prt - ok
10:58:00.0312 0776 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:58:00.0375 0776 ialm - ok
10:58:00.0468 0776 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:58:00.0484 0776 Imapi - ok
10:58:00.0578 0776 ini910u - ok
10:58:00.0671 0776 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys
10:58:00.0687 0776 IntelIde - ok
10:58:00.0921 0776 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:58:00.0937 0776 intelppm - ok
10:58:01.0046 0776 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
10:58:01.0062 0776 ip6fw - ok
10:58:01.0156 0776 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:58:01.0171 0776 IpFilterDriver - ok
10:58:01.0265 0776 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:58:01.0265 0776 IpInIp - ok
10:58:01.0375 0776 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:58:01.0390 0776 IpNat - ok
10:58:01.0468 0776 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:58:01.0484 0776 IPSec - ok
10:58:01.0578 0776 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:58:01.0578 0776 IRENUM - ok
10:58:01.0671 0776 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:58:01.0687 0776 isapnp - ok
10:58:01.0781 0776 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:58:01.0796 0776 Kbdclass - ok
10:58:01.0890 0776 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
10:58:01.0906 0776 kmixer - ok
10:58:02.0015 0776 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
10:58:02.0046 0776 KSecDD - ok
10:58:02.0125 0776 lbrtfdc - ok
10:58:02.0281 0776 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
10:58:02.0296 0776 ltmodem5 - ok
10:58:02.0359 0776 MBAMSwissArmy - ok
10:58:02.0484 0776 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
10:58:02.0500 0776 MDC8021X - ok
10:58:02.0578 0776 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:58:02.0593 0776 mnmdd - ok
10:58:02.0687 0776 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
10:58:02.0703 0776 Modem - ok
10:58:02.0781 0776 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:58:02.0796 0776 Mouclass - ok
10:58:02.0921 0776 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:58:02.0921 0776 mouhid - ok
10:58:03.0015 0776 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
10:58:03.0031 0776 MountMgr - ok
10:58:03.0109 0776 mraid35x - ok
10:58:03.0234 0776 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:58:03.0265 0776 MRxDAV - ok
10:58:03.0375 0776 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
10:58:03.0390 0776 Msfs - ok
10:58:03.0468 0776 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:58:03.0484 0776 MSKSSRV - ok
10:58:03.0578 0776 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:58:03.0578 0776 MSPCLOCK - ok
10:58:03.0687 0776 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
10:58:03.0687 0776 MSPQM - ok
10:58:03.0812 0776 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:58:03.0812 0776 mssmbios - ok
10:58:03.0906 0776 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
10:58:03.0921 0776 Mup - ok
10:58:04.0015 0776 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
10:58:04.0031 0776 NDIS - ok
10:58:04.0109 0776 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:58:04.0125 0776 NdisTapi - ok
10:58:04.0218 0776 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:58:04.0218 0776 Ndisuio - ok
10:58:04.0312 0776 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:58:04.0328 0776 NdisWan - ok
10:58:04.0421 0776 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
10:58:04.0421 0776 NDProxy - ok
10:58:04.0531 0776 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:58:04.0546 0776 NetBT - ok
10:58:04.0656 0776 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:58:04.0671 0776 NIC1394 - ok
10:58:04.0796 0776 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
10:58:04.0812 0776 nm - ok
10:58:04.0890 0776 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
10:58:04.0906 0776 Npfs - ok
10:58:05.0015 0776 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
10:58:05.0062 0776 Ntfs - ok
10:58:05.0140 0776 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:58:05.0156 0776 Null - ok
10:58:05.0328 0776 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:58:05.0453 0776 nv - ok
10:58:05.0546 0776 nv_agp (db36442c20793c53b4128eb85f9a3d32) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
10:58:05.0562 0776 nv_agp - ok
10:58:05.0656 0776 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:58:05.0656 0776 NwlnkFlt - ok
10:58:05.0765 0776 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:58:05.0781 0776 NwlnkFwd - ok
10:58:05.0859 0776 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:58:05.0875 0776 ohci1394 - ok
10:58:05.0968 0776 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
10:58:05.0984 0776 Parport - ok
10:58:06.0062 0776 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
10:58:06.0062 0776 PartMgr - ok
10:58:06.0156 0776 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:58:06.0156 0776 ParVdm - ok
10:58:06.0250 0776 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
10:58:06.0265 0776 PCI - ok
10:58:06.0343 0776 PCIDump - ok
10:58:06.0421 0776 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:58:06.0437 0776 PCIIde - ok
10:58:06.0531 0776 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:58:06.0546 0776 Pcmcia - ok
10:58:06.0609 0776 PDCOMP - ok
10:58:06.0687 0776 PDFRAME - ok
10:58:06.0765 0776 PDRELI - ok
10:58:06.0843 0776 PDRFRAME - ok
10:58:06.0921 0776 perc2 - ok
10:58:07.0000 0776 perc2hib - ok
10:58:07.0109 0776 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys
10:58:07.0125 0776 pfc - ok
10:58:07.0218 0776 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:58:07.0234 0776 PptpMiniport - ok
10:58:07.0328 0776 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
10:58:07.0343 0776 Processor - ok
10:58:07.0437 0776 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
10:58:07.0453 0776 Ps2 - ok
10:58:07.0531 0776 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
10:58:07.0546 0776 PSched - ok
10:58:07.0640 0776 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:58:07.0656 0776 Ptilink - ok
10:58:07.0718 0776 ql1080 - ok
10:58:07.0796 0776 Ql10wnt - ok
10:58:07.0875 0776 ql12160 - ok
10:58:07.0953 0776 ql1240 - ok
10:58:08.0031 0776 ql1280 - ok
10:58:08.0125 0776 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:58:08.0140 0776 RasAcd - ok
10:58:08.0218 0776 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:58:08.0234 0776 Rasl2tp - ok
10:58:08.0343 0776 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:58:08.0343 0776 RasPppoe - ok
10:58:08.0437 0776 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:58:08.0453 0776 Raspti - ok
10:58:08.0546 0776 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:58:08.0546 0776 RDPCDD - ok
10:58:08.0671 0776 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
10:58:08.0687 0776 RDPWD - ok
10:58:08.0812 0776 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:58:08.0828 0776 redbook - ok
10:58:08.0921 0776 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:58:08.0937 0776 rtl8139 - ok
10:58:09.0062 0776 RTL8187B (de4635e8b7975d2b5d961299469a7462) C:\WINDOWS\system32\DRIVERS\wg111v3.sys
10:58:09.0093 0776 RTL8187B - ok
10:58:09.0218 0776 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
10:58:09.0234 0776 RTLWUSB - ok
10:58:09.0375 0776 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
10:58:09.0390 0776 S3Psddr - ok
10:58:09.0531 0776 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:58:09.0546 0776 Secdrv - ok
10:58:09.0640 0776 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:58:09.0656 0776 Serenum - ok
10:58:09.0750 0776 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
10:58:09.0765 0776 Serial - ok
10:58:09.0875 0776 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:58:09.0890 0776 Sfloppy - ok
10:58:09.0968 0776 Simbad - ok
10:58:10.0078 0776 SiS315 (3b37b6cdd8ccc24f294b9914cc54dba0) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
10:58:10.0093 0776 SiS315 - ok
10:58:10.0187 0776 SISAGP (8dfbc5aa688caa1b7eebc704250fc06e) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
10:58:10.0187 0776 SISAGP - ok
10:58:10.0312 0776 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
10:58:10.0328 0776 SjyPkt - ok
10:58:10.0515 0776 Sparrow - ok
10:58:10.0609 0776 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
10:58:10.0625 0776 splitter - ok
10:58:10.0718 0776 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\System32\DRIVERS\sr.sys
10:58:10.0734 0776 sr - ok
10:58:10.0875 0776 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
10:58:10.0906 0776 Srv - ok
10:58:11.0015 0776 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:58:11.0015 0776 swenum - ok
10:58:11.0109 0776 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
10:58:11.0125 0776 swmidi - ok
10:58:11.0218 0776 symc810 - ok
10:58:11.0296 0776 symc8xx - ok
10:58:11.0375 0776 sym_hi - ok
10:58:11.0453 0776 sym_u3 - ok
10:58:11.0531 0776 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
10:58:11.0546 0776 sysaudio - ok
10:58:11.0687 0776 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:58:11.0718 0776 Tcpip - ok
10:58:11.0828 0776 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:58:11.0843 0776 TDPIPE - ok
10:58:11.0953 0776 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
10:58:11.0968 0776 TDTCP - ok
10:58:12.0062 0776 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:58:12.0093 0776 TermDD - ok
10:58:12.0171 0776 TosIde - ok
10:58:12.0296 0776 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
10:58:12.0312 0776 Udfs - ok
10:58:12.0406 0776 ultra - ok
10:58:12.0500 0776 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
10:58:12.0531 0776 Update - ok
10:58:12.0656 0776 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:58:12.0656 0776 USBAAPL - ok
10:58:12.0781 0776 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:58:12.0796 0776 usbccgp - ok
10:58:12.0906 0776 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:58:12.0921 0776 usbehci - ok
10:58:13.0015 0776 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:58:13.0015 0776 usbhub - ok
10:58:13.0109 0776 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:58:13.0125 0776 usbohci - ok
10:58:13.0265 0776 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:58:13.0281 0776 usbprint - ok
10:58:13.0390 0776 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:58:13.0406 0776 usbscan - ok
10:58:13.0859 0776 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:58:13.0859 0776 USBSTOR - ok
10:58:13.0937 0776 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:58:13.0953 0776 usbuhci - ok
10:58:14.0046 0776 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
10:58:14.0062 0776 VgaSave - ok
10:58:14.0156 0776 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
10:58:14.0171 0776 viaagp1 - ok
10:58:14.0281 0776 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
10:58:14.0296 0776 ViaIde - ok
10:58:14.0406 0776 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
10:58:14.0406 0776 VolSnap - ok
10:58:14.0546 0776 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:58:14.0562 0776 Wanarp - ok
10:58:14.0703 0776 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:58:14.0750 0776 Wdf01000 - ok
10:58:14.0828 0776 WDICA - ok
10:58:14.0953 0776 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
10:58:14.0968 0776 wdmaud - ok
10:58:15.0140 0776 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:58:15.0156 0776 WpdUsb - ok
10:58:15.0281 0776 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:58:15.0281 0776 WS2IFSL - ok
10:58:15.0406 0776 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:58:15.0421 0776 WudfPf - ok
10:58:15.0531 0776 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:58:15.0546 0776 WudfRd - ok
10:58:15.0781 0776 {6080A529-897E-4629-A488-ABA0C29B635E} (3ee36328e860fbf102b54608a055c6be) C:\WINDOWS\system32\drivers\ialmsbw.sys
10:58:15.0796 0776 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
10:58:15.0984 0776 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (17f39a1916733ed228eb46ad67c35426) C:\WINDOWS\system32\drivers\ialmkchw.sys
10:58:16.0000 0776 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
10:58:16.0046 0776 MBR (0x1B8) (b716b775fcbdabf0e2ddff76f15c6790) \Device\Harddisk0\DR0
10:58:16.0046 0776 \Device\Harddisk0\DR0 - ok
10:58:16.0062 0776 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
10:58:16.0078 0776 \Device\Harddisk1\DR3 - ok
10:58:16.0093 0776 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR9
10:58:16.0093 0776 \Device\Harddisk2\DR9 - ok
10:58:16.0109 0776 Boot (0x1200) (a439fa729399519be4362b8e8c6fa3fe) \Device\Harddisk0\DR0\Partition0
10:58:16.0109 0776 \Device\Harddisk0\DR0\Partition0 - ok
10:58:16.0125 0776 Boot (0x1200) (bdcce21e7707a859a030cfba1bb4b809) \Device\Harddisk0\DR0\Partition1
10:58:16.0140 0776 \Device\Harddisk0\DR0\Partition1 - ok
10:58:16.0140 0776 Boot (0x1200) (b92d4b411708ff0f3397d98ed7e1c609) \Device\Harddisk1\DR3\Partition0
10:58:16.0140 0776 \Device\Harddisk1\DR3\Partition0 - ok
10:58:16.0156 0776 Boot (0x1200) (b43e494c5ee4da67d24b151685dacaa8) \Device\Harddisk2\DR9\Partition0
10:58:16.0156 0776 \Device\Harddisk2\DR9\Partition0 - ok
10:58:16.0156 0776 ============================================================
10:58:16.0156 0776 Scan finished
10:58:16.0156 0776 ============================================================
10:58:16.0171 0276 Detected object count: 0
10:58:16.0171 0276 Actual detected object count: 0



OTL logfile created on: 10/15/2011 11:00:17 AM - Run 1
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 81.54% Memory free
3.08 Gb Paging File | 2.81 Gb Available in Paging File | 91.17% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.56 Gb Total Space | 35.47 Gb Free Space | 32.98% Space Free | Partition Type: NTFS
Drive D: | 4.24 Gb Total Space | 0.69 Gb Free Space | 16.33% Space Free | Partition Type: FAT32
Drive G: | 465.76 Gb Total Space | 465.10 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive H: | 7.47 Gb Total Space | 6.95 Gb Free Space | 93.03% Space Free | Partition Type: FAT32

Computer Name: PICKLE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/15 10:39:00 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/10/08 13:12:58 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity

Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/12/23 11:45:16 | 002,330,624 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/06 20:19:28 | 000,745,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
PRC - [2005/08/07 01:23:04 | 000,856,064 | ---- | M] (Side Effects Software Inc.) -- C:\WINDOWS\system32\sesinetd.exe
PRC - [2005/08/07 01:21:10 | 000,892,928 | ---- | M] (Side Effects Software Inc.) -- C:\WINDOWS\system32\hserver.exe
PRC - [2004/10/04 17:05:04 | 001,044,577 | ---- | M] () -- C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
PRC - [2002/09/02 07:51:40 | 000,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe


========== Modules (No Company Name) ==========

MOD - [2009/12/23 11:45:16 | 002,330,624 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
MOD - [2009/12/23 10:56:34 | 000,053,248 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WlanDll.dll
MOD - [2009/07/14 17:31:30 | 000,335,872 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.dll
MOD - [2007/12/15 01:30:54 | 001,167,360 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\acAuth.dll
MOD - [2007/09/14 10:27:14 | 000,024,576 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\CheckSessions.dll
MOD - [2007/05/11 00:50:00 | 000,017,024 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll
MOD - [2006/04/06 20:19:28 | 000,745,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
MOD - [2004/10/04 17:05:04 | 001,044,577 | ---- | M] () -- C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
MOD - [2004/07/23 18:52:16 | 000,224,768 | ---- | M] () -- C:\WINDOWS\system32\B4FM.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/08 13:12:58 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe --

(JavaQuickStarterService)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\Identity

Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program

Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2005/08/07 01:23:04 | 000,856,064 | ---- | M] (Side Effects Software Inc.) [Auto | Running] -- C:\WINDOWS\system32\sesinetd.exe --

(HoudiniLicenseServer)
SRV - [2005/08/07 01:21:10 | 000,892,928 | ---- | M] (Side Effects Software Inc.) [Auto | Running] -- C:\WINDOWS\system32\hserver.exe -- (HoudiniServer)
SRV - [2004/01/05 02:30:14 | 000,065,795 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/02 07:51:40 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys --

(Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys --

(Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys --

(AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32

\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

-- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32

\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32

\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32

\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009/07/31 15:12:18 | 000,341,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] --

C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009/06/10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys --

(HTCAND32)
DRV - [2006/03/27 17:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/04 16:57:12 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys

-- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/10/01 09:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS

-- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 00:59:50 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32

\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 00:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys --

(S3Psddr)
DRV - [2004/02/17 05:49:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/03/31 13:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/26 21:19:50 | 000,260,736 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32

\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/02/22 21:55:26 | 000,141,824 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys --

(fasttx2k)
DRV - [2002/12/27 13:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys --

(viaagp1)
DRV - [2002/12/25 00:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32

\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/02 08:57:12 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SjyPkt.sys

-- (SjyPkt)
DRV - [2002/10/01 08:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/06 20:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/07/29 23:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.webcrawler.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.webcrawler.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Assistant = http://www.seekseek.com/quicksearch.asp?keyphrase=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.webcrawler.com/
IE - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Config = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 49 45 BA F9

FE DE 71 3C 18 BA 8A C6 15 C8 FE F2 6F 7E 50 2E 2B CF 12 01 9E 7D 91 E9 EE CA 67 BD FC 1B 56 45 [binary data]
IE - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003\SOFTWARE\Microsoft\Internet Explorer\Search,GUID = 94 FD 1C 6D 6D 6A C4 01 30 C6 2C CD 73 94 C4 01 EC

81 2B 96 2A 94 C4 01 [binary data]
IE - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.20926.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

(Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/14 02:28:45

| 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 14:15:08 |

000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/04 10:31:52 |

000,000,000 | ---D | M]

[2008/07/10 19:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/05/11 17:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application

Data\Mozilla\Firefox\Profiles\4xw0c9j5.default\extensions
[2010/06/27 19:27:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application

Data\Mozilla\Firefox\Profiles\4xw0c9j5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/13 20:17:44 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application

Data\Mozilla\Firefox\Profiles\4xw0c9j5.default\extensions\moveplayer@movenetworks.com
[2008/06/20 18:46:33 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Owner\Application

Data\Mozilla\Firefox\Profiles\4xw0c9j5.default\searchplugins\wikipedia.xml
[2011/10/08 13:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/08 13:13:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/10/04 14:15:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/08 13:12:58 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/10/07 16:40:23 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2011/10/04 14:15:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/03/23 10:39:34 | 000,000,242 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 www.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 secure.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 knocker
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

(Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Reg Error: Value error.) - {FB8FBFDE-8BAD-4170-ADA2-43D983A111F8} - C:\WINDOWS\system32\bfggc.dll File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [iTunesHelper] "C:\Video\Itunes\iTunesHelper.exe" File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKU\.DEFAULT..\Run: [EPSON Stylus Photo RX680 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICJA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-18..\Run: [EPSON Stylus Photo RX680 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICJA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003..\Run: [TimeCalendar] "C:\Program Files\TimeCalendarLE\TCLE.exe" auto File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

(Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111

Configuration Utility\WG111CFG.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2

Configuration Utility\RtlWake.exe ()
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2

Configuration Utility\RtlWake.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-3538741722-1687360974-3598075396-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab (iTunesDetector Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\bt2 {1730B77B-F429-498f-9B15-4514D83C8294} - C:\Audio Tools\BT2Net\bt2plugin.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/x-bt2 {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\Audio Tools\BT2Net\bt2plugin.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\System32\sqlbbkk.dll) - File not found
O20 - AppInit_DLLs: (bijotozu.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\jefosodi.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: beropemub - {3ce8b097-ab61-4dc4-ad07-37552f4e4f83} - c:\windows\system32\jefosodi.dll File not found
O22 - SharedTaskScheduler: {3ce8b097-ab61-4dc4-ad07-37552f4e4f83} - mujuzedij - c:\windows\system32\jefosodi.dll File not found
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Internet\Email\Eudora Tir na nOg\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 04:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2007/08/17 13:48:16 | 000,000,040 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{7dde260f-1725-11df-a36c-000ea60491ae}\Shell - "" = AutoRun
O33 - MountPoints2\{7dde260f-1725-11df-a36c-000ea60491ae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7dde260f-1725-11df-a36c-000ea60491ae}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 22:54:58 | 000,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/15 10:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2011/10/15 10:56:45 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/09 19:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
[2011/10/08 13:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/08 13:13:19 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/10/08 13:13:19 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/10/08 13:13:19 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/10/08 13:13:19 | 000,128,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/08 12:49:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/04 22:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/04 22:51:05 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/04 22:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/04 14:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2011/10/04 14:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HhTXwjUCeItPyAi
[2011/10/04 14:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\z2ibD3pnGaHdKfL
[2011/10/04 13:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/04 12:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Security Guard 2012
[2011/10/04 12:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PkkUUVrlOBtx0uS
[2011/10/04 12:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\tQJJ77dEK8gRqhX
[2011/10/04 12:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\F2oobFF4p
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[46 C:\*.tmp files -> C:\*.tmp -> ]
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/15 10:49:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/15 10:39:00 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/15 10:37:54 | 001,541,014 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/10/08 14:58:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/10/08 13:12:58 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/08 13:12:58 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/10/08 13:12:58 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/10/08 13:12:58 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/10/08 13:12:58 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/07 21:09:41 | 000,055,361 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/10/06 00:48:50 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2011/10/04 23:34:15 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes'

Anti-Malware.lnk
[2011/10/04 23:10:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1429414237
[2011/10/04 23:01:30 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/04 20:17:37 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/04 14:17:46 | 000,000,478 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/10/04 14:17:33 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/10/04 13:39:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/04 12:20:28 | 000,001,209 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\ldr.ini
[2011/10/03 08:51:42 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\Owner\webct_upload_applet.properties
[2011/10/01 18:33:02 | 000,026,954 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AZ-tickets.pdf
[2011/09/28 20:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/28 01:03:15 | 000,023,503 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1860738519-51806832-tickets.pdf
[2011/09/24 19:06:24 | 000,002,167 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\IDLE (Python

GUI).lnk
[2011/09/20 08:43:20 | 000,026,879 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Modern English tickets.pdf
[2011/09/15 13:18:25 | 000,001,492 | ---- | M] () -- C:\WINDOWS\goldwave.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[46 C:\*.tmp files -> C:\*.tmp -> ]
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\gubememe
[2011/10/15 10:56:31 | 001,541,014 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/10/08 14:58:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/10/05 08:44:49 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless

Setting.lnk
[2011/10/05 08:44:49 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk
[2011/10/04 23:34:15 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes'

Anti-Malware.lnk
[2011/10/04 22:51:10 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/04 22:27:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1429414237
[2011/10/04 12:20:07 | 000,001,209 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ldr.ini
[2011/10/01 18:33:01 | 000,026,954 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AZ-tickets.pdf
[2011/09/28 01:03:14 | 000,023,503 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1860738519-51806832-tickets.pdf
[2011/09/20 08:43:18 | 000,026,879 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Modern English tickets.pdf
[2011/06/24 16:43:45 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/09/12 18:15:21 | 000,055,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/21 23:02:44 | 000,011,518 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
[2009/08/31 08:04:30 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2009/08/31 08:04:29 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2009/08/31 08:04:25 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2009/08/31 08:04:24 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\office.exe
[2009/04/21 03:06:04 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/02 10:52:16 | 000,814,104 | ---- | C] () -- C:\WINDOWS\System32\rtdsk50.exe
[2009/04/02 10:52:16 | 000,292,376 | ---- | C] () -- C:\WINDOWS\System32\wl50ent.dll
[2009/04/02 10:52:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\PCGW32.DLL
[2009/04/02 10:52:15 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\dbisql.exe
[2009/04/02 10:52:15 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dbcon6.dll
[2009/04/02 10:52:15 | 000,102,936 | ---- | C] () -- C:\WINDOWS\System32\dbl50t.dll
[2009/04/02 10:52:15 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dbl50to.dll
[2009/04/02 10:52:14 | 000,262,168 | ---- | C] () -- C:\WINDOWS\System32\dbclient.exe
[2009/04/02 10:18:20 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2009/01/12 11:25:45 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/01/12 11:25:45 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/01/12 11:25:45 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/01/12 11:25:45 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/01/12 11:25:45 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/01/12 11:25:45 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/01/12 11:25:45 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/01/12 11:25:45 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/01/12 11:25:45 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/01/12 11:25:45 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/01/12 11:25:45 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/01/12 11:25:45 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/01/12 11:25:45 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/01/12 11:25:45 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/12 11:25:44 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/01/12 11:25:44 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/01/12 11:22:40 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EPSPRX680.ini
[2008/10/17 15:23:01 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/05/15 16:58:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/05/15 16:58:06 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/01/18 17:21:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2005/08/16 14:46:58 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Win9990.dat
[2005/08/16 14:46:58 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Win6661.dat
[2005/08/16 14:46:58 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Win1118.dat
[2005/08/12 14:21:55 | 000,004,473 | ---- | C] () -- C:\WINDOWS\System32\hserver.ini
[2005/05/09 16:16:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/04/22 18:08:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/22 18:08:48 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/04/22 18:08:34 | 000,004,459 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/28 18:30:43 | 000,000,457 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2005/03/05 04:57:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/04 03:06:57 | 000,145,738 | ---- | C] () -- C:\WINDOWS\dhdom1.bin
[2005/02/25 00:05:19 | 000,007,471 | ---- | C] () -- C:\WINDOWS\ljqqt.dat
[2005/02/24 07:00:45 | 000,006,592 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2005/02/24 07:00:44 | 008,412,754 | ---- | C] () -- C:\WINDOWS\salm_kyf.dat
[2005/02/16 11:20:57 | 000,007,471 | ---- | C] () -- C:\WINDOWS\System32\whfwf.dat
[2005/02/16 11:20:54 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/02/15 07:56:55 | 000,007,471 | ---- | C] () -- C:\WINDOWS\System32\helgb.dat
[2005/02/11 02:03:41 | 000,007,471 | ---- | C] () -- C:\WINDOWS\System32\nhkvu.dat
[2005/01/25 11:54:15 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/01/18 14:13:18 | 000,021,312 | ---- | C] () -- C:\WINDOWS\choice.exe
[2005/01/05 13:44:50 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Sskdmns.dll
[2004/12/31 15:58:49 | 001,847,104 | ---- | C] () -- C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE
[2004/12/28 16:36:30 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/12/28 15:58:12 | 000,000,333 | ---- | C] () -- C:\WINDOWS\salm_gdf.dat
[2004/12/28 15:58:04 | 000,318,050 | ---- | C] () -- C:\WINDOWS\salmau.dat
[2004/11/09 19:19:51 | 000,000,037 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll
[2004/11/02 16:13:43 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\wcpsvsu.exe
[2004/10/20 01:05:23 | 000,060,416 | ---- | C] () -- C:\WINDOWS\sxstall2.exe
[2004/10/17 18:54:40 | 000,106,528 | ---- | C] () -- C:\WINDOWS\u1230_32.dll
[2004/10/17 18:54:40 | 000,047,616 | ---- | C] () -- C:\WINDOWS\ucmsp_32.dll
[2004/10/16 07:08:36 | 001,865,736 | ---- | C] () -- C:\WINDOWS\System32\lmd.bin
[2004/10/12 06:37:49 | 000,000,113 | ---- | C] () -- C:\WINDOWS\jawa32vs.bin
[2004/08/22 14:49:23 | 000,081,972 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/08/09 21:07:00 | 000,001,067 | ---- | C] () -- C:\WINDOWS\dsearch1.bin
[2004/08/09 21:06:59 | 000,087,016 | ---- | C] () -- C:\WINDOWS\dhdomp1.bin
[2004/07/23 18:52:16 | 000,224,768 | ---- | C] () -- C:\WINDOWS\System32\B4FM.dll
[2004/07/22 21:48:26 | 000,000,045 | ---- | C] () -- C:\WINDOWS\BHJGJFJJ.ini
[2004/07/15 05:26:45 | 000,086,030 | ---- | C] () -- C:\WINDOWS\System32\msdjgk.dll
[2004/06/29 21:38:14 | 000,000,627 | ---- | C] () -- C:\WINDOWS\sepsd.bin
[2004/06/22 12:55:01 | 000,000,036 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/10 12:03:31 | 000,300,012 | ---- | C] () -- C:\WINDOWS\mxtarget.ini
[2004/05/27 00:19:49 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2004/05/25 14:47:21 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\cwmdtl50.dll
[2004/05/25 14:47:21 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\cwsmaf40.dll
[2004/04/26 20:28:08 | 000,112,640 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2004/01/15 09:00:26 | 000,000,033 | ---- | C] () -- C:\WINDOWS\quark.ini
[2004/01/13 14:25:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\sversion.ini
[2004/01/13 13:41:55 | 000,077,824 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2003/11/05 12:55:11 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\mm_dsmd.exe
[2003/11/05 12:46:48 | 000,000,708 | ---- | C] () -- C:\WINDOWS\System32\dxamph3.dll
[2003/11/02 17:53:53 | 000,001,492 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2003/11/02 17:47:59 | 000,022,016 | ---- | C] () -- C:\WINDOWS\exeshl.dll
[2003/11/02 17:47:59 | 000,000,049 | ---- | C] () -- C:\WINDOWS\netctrl.ini
[2003/11/02 17:43:47 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2003/11/02 17:43:47 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/09/16 19:35:47 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\anti_deb.dll
[2003/06/19 20:23:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\DelPiv.exe
[2003/06/07 23:44:19 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/06/07 16:11:40 | 000,000,024 | ---- | C] () -- C:\WINDOWS\MSCPX.ini
[2003/06/07 15:57:18 | 000,135,200 | ---- | C] () -- C:\WINDOWS\u1220_32.dll
[2003/06/07 15:57:18 | 000,068,608 | ---- | C] () -- C:\WINDOWS\vufile32.dll
[2003/06/07 15:57:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\u2200_32.dll
[2003/06/07 15:57:18 | 000,030,208 | ---- | C] () -- C:\WINDOWS\uxmail32.dll
[2003/06/07 15:57:11 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/06/07 15:57:11 | 000,027,584 | ---- | C] () -- C:\WINDOWS\PIDGEN.DLL
[2003/06/07 15:57:10 | 000,025,600 | ---- | C] () -- C:\WINDOWS\MEMBOOT.DLL
[2003/06/07 15:57:10 | 000,005,440 | R--- | C] () -- C:\WINDOWS\MMLIB.DLL
[2003/06/07 15:57:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\BurnQuickShx.dll
[2003/06/07 15:57:02 | 000,095,152 | R--- | C] () -- C:\WINDOWS\CARDLIB.DLL
[2003/05/31 22:11:00 | 000,000,516 | ---- | C] () -- C:\WINDOWS\EZPHOTO.INI
[2003/05/29 16:43:08 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/05/26 14:46:59 | 000,055,361 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/05/26 12:11:17 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\F29435.bin
[2003/05/26 12:11:02 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\e7462k.bin
[2003/05/26 10:38:41 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/05/26 09:12:18 | 000,000,690 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2003/05/25 16:35:39 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003/04/25 11:24:15 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/04/25 11:24:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/04/25 11:23:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/04/25 11:23:50 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/04/25 10:44:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/04/25 10:44:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/04/25 10:44:43 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/04/25 10:44:37 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/04/25 10:44:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/04/10 06:10:20 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/10 06:08:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/10 06:08:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/10 05:59:52 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/10 05:53:45 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 05:36:30 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/10 05:26:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/04/10 05:26:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/04/10 05:16:02 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/10 05:06:11 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/10 05:06:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/10 05:05:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/10 04:53:32 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/10 04:51:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/10 04:46:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/04/10 04:37:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 04:37:11 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/10 04:37:11 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/10 02:08:18 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 02:08:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/04/09 21:42:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/09 21:41:03 | 000,293,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/12/05 17:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2002/06/06 01:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2000/02/16 00:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\UniClear.exe
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 7471 bytes -> C:\WINDOWS\Q329048Uninst.log:pffbrk
@Alternate Data Stream - 7471 bytes -> C:\WINDOWS\IEPatchUninstall.log:mocdsl
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\gwpreset.ini:tojyya
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\ucmsp_32.dll:efxcn
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\u1230_32.dll:leeps
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\ST6UNST.EXE:irwkl
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\SNMPAPI.DLL:pqefr
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\jawa32vs.bin:wsoki

< End of report >

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:43 AM

Posted 15 October 2011 - 12:09 PM

Hi,

If I'm typing too much, forgive me, this is my first time doing this sort of thing on a forum and I don't want to frustrate you with too much or too little information!


No it's OK, the more info you can provide the better.

I don't know if it's possible for me to infect my laptop via the jumpdrive, so any insight you have on that would be much appreciated.

Yes, it is possible to infect the laptop. What is the OS of the laptop? 32bit or 64 bit?


OTL produces two reports, can you also please post the result of Extras.txt.


=================================


Let's first install the recovery console for us to have a back up plan if something goes wrong during the clean up. We will also run Combofix at the same time. Please follow the instructions below.


Download ComboFix from one of these locations:

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



Posted Image


  • Download the file & save it as it's originally named.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image

  • At the next prompt, click Yes to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 kloiga

kloiga
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 15 October 2011 - 01:55 PM

sempai,

The laptop has Vista 32 bit installed. Sorry about Extras.txt, didn't even see it.




OTL Extras logfile created on: 10/15/2011 11:00:17 AM - Run 1
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 81.54% Memory free
3.08 Gb Paging File | 2.81 Gb Available in Paging File | 91.17% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.56 Gb Total Space | 35.47 Gb Free Space | 32.98% Space Free | Partition Type: NTFS
Drive D: | 4.24 Gb Total Space | 0.69 Gb Free Space | 16.33% Space Free | Partition Type: FAT32
Drive G: | 465.76 Gb Total Space | 465.10 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive H: | 7.47 Gb Total Space | 6.95 Gb Free Space | 93.03% Space Free | Partition Type: FAT32

Computer Name: PICKLE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.scr [@ = scrfile] -- "%1" /s

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" /S
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /s
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX680 Series Scanner Driver Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}" = NETGEAR WG111 Software
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C25A2D7-65CD-11D6-9FC7-0010A40FC0A0}" = Iconoplasm!
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{60E80B13-8649-4A69-85E2-1AE99E061F43}" = ShowBiz DVD
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{BA0821DE-B731-4B5D-A20D-0142D1E235FE}" = avi.NET v2.5.1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC4174D1-7970-40E6-AC57-F095F961FB08}" = HTC Sync
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D14B153D-46D8-4A6F-A9A0-D15ACBC4F2A8}" = The Noteable Music Flashcards
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = WG111v2 Configuration Utility
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{f719d8a6-46fc-4d71-94c6-ffd17a8c9f35}" = Python 3.1.3
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F868C16D-75F8-4EE8-BCBF-422D0833415D}_is1" = Open PLS in Windows Media Player 1.0.2
"{FA89A7AC-EABF-4D73-B19F-0C3D858D24EF}" = Kazaa Media Desktop 2.1.1
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acoustica CD Label Maker" = Acoustica CD Label Maker
"Acoustica MP3 Audio Mixer" = Acoustica MP3 Audio Mixer
"Acoustica MP3 CD Burner" = Acoustica MP3 CD Burner
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AMP Font Viewer" = AMP Font Viewer
"AppInventor Extras" = AppInventor Extras
"AsUninst.exe" = Anvil Studio
"AVG" = AVG 2011
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 1.0.3.0
"CDisplayEx_is1" = CDisplayEx 1.8
"DupDetector" = Dup Detector
"DVD Collector_is1" = DVD Collector 1.0.2
"EasyPhoto Software" = EasyPhoto Software
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Free Guitar Tools - E-Tuner" = Free Guitar Tools - E-Tuner
"Game Maker 6.1" = Game Maker 6.1
"GoldWave v4.26" = GoldWave v4.26
"Guitar and Bass_is1" = Guitar and Bass
"Guitar Power_is1" = Guitar Power 1.1.7
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.72 Standard
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"Movies" = Movies
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MusicReading" = MusicReading
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"office Convert Pdf to Image Free_is1" = office Convert Pdf to Image Free 6.2
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"Shockwave" = Shockwave
"Sight Reading Challenge" = Sight Reading Challenge
"Silent Package Run-Time Sample" = EPSON RX680 User's Guide
"ST5UNST #1" = Anvil Studio
"VPython for Python 3.1_is1" = VPython 5.71
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3538741722-1687360974-3598075396-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Draw 4 App" = Draw 4 App

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/5/2011 9:36:42 AM | Computer Name = PICKLE | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/5/2011 9:46:18 AM | Computer Name = PICKLE | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/6/2011 1:50:33 AM | Computer Name = PICKLE | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/6/2011 2:00:30 AM | Computer Name = PICKLE | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/6/2011 2:15:27 AM | Computer Name = PICKLE | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/8/2011 1:46:44 PM | Computer Name = PICKLE | Source = MsiInstaller | ID = 11905
Description = Product: PhotoGallery -- Error 1905.Module C:\Program Files\Common
Files\HP\Memories Disc\2.0\LeadTools\LTStlImgRd.dll failed to unregister. HRESULT
. Contact your support personnel.

Error - 10/8/2011 2:13:20 PM | Computer Name = PICKLE | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/9/2011 8:26:02 PM | Computer Name = PICKLE | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/10/2011 3:23:27 AM | Computer Name = PICKLE | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/15/2011 11:49:29 AM | Computer Name = PICKLE | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 10/15/2011 11:50:55 AM | Computer Name = PICKLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/15/2011 11:50:56 AM | Computer Name = PICKLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/15/2011 11:51:00 AM | Computer Name = PICKLE | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 10/15/2011 11:53:21 AM | Computer Name = PICKLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/15/2011 11:55:49 AM | Computer Name = PICKLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/15/2011 11:56:07 AM | Computer Name = PICKLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/15/2011 11:57:09 AM | Computer Name = PICKLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/15/2011 11:57:11 AM | Computer Name = PICKLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/15/2011 11:59:20 AM | Computer Name = PICKLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/15/2011 12:02:10 PM | Computer Name = PICKLE | Source = Service Control Manager | ID = 7003
Description = The Network Location Awareness (NLA) service depends on the following
nonexistent service: Afd


< End of report >



ComboFix 11-10-15.03 - Owner 10/15/2011 14:36:41.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2551.2099 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\Local Settings\Temporary Internet Files\Tvm.log
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\Owner\Application Data\HhTXwjUCeItPyAiSecurity Guard 2012.ico
c:\documents and settings\Owner\Application Data\ldr.ini
c:\documents and settings\Owner\Application Data\PkkUUVrlOBtx0uSSecurity Guard 2012.ico
c:\documents and settings\Owner\Application Data\Sskdmns.dll
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Ssk.log
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Tvm.log
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ZSearch.log
c:\documents and settings\Owner\My Documents\~WRD0001.tmp
c:\documents and settings\Owner\My Documents\~WRL0085.tmp
c:\documents and settings\Owner\My Documents\~WRL0157.tmp
c:\documents and settings\Owner\My Documents\~WRL1172.tmp
c:\documents and settings\Owner\Start Menu\Programs\Security Guard 2012
c:\documents and settings\Owner\Start Menu\Programs\Security Guard 2012\Security Guard 2012.lnk
c:\documents and settings\Owner\System
c:\documents and settings\Owner\System\win_qs8.jqx
c:\documents and settings\Owner\WINDOWS
C:\LOG15.tmp
C:\LOG172.tmp
C:\LOG1BE.tmp
C:\LOG1EE.tmp
C:\LOG2.tmp
C:\LOG25.tmp
C:\LOG27.tmp
C:\LOG292.tmp
C:\LOG2D.tmp
C:\LOG2DE.tmp
C:\LOG2E.tmp
C:\LOG2F9.tmp
C:\LOG3.tmp
C:\LOG32.tmp
C:\LOG3DD.tmp
C:\LOG3E8.tmp
C:\LOG4.tmp
C:\LOG44.tmp
C:\LOG48.tmp
C:\LOG5.tmp
C:\LOG50.tmp
C:\LOG54.tmp
C:\LOG56.tmp
C:\LOG58.tmp
C:\LOG59.tmp
C:\LOG6.tmp
C:\LOG60.tmp
C:\LOG62.tmp
C:\LOG66.tmp
C:\LOG67.tmp
C:\LOG6C.tmp
C:\LOG7.tmp
C:\LOG76.tmp
C:\LOG7A.tmp
C:\LOG7B.tmp
C:\LOGA.tmp
C:\LOGA7.tmp
C:\LOGA8.tmp
C:\LOGAE1.tmp
C:\LOGB7.tmp
C:\LOGB8.tmp
C:\LOGBD.tmp
C:\LOGC9.tmp
C:\LOGD1.tmp
C:\LOGD5.tmp
C:\LOGEF.tmp
c:\program files\Common Files\SLMSS
c:\program files\Common Files\SLMSS\acp1.dat
c:\program files\messenger\msmsgsin.exe
c:\windows\$NtUninstallKB37259$
c:\windows\$NtUninstallKB37259$\1562456917\@
c:\windows\$NtUninstallKB37259$\1562456917\bckfg.tmp
c:\windows\$NtUninstallKB37259$\1562456917\cfg.ini
c:\windows\$NtUninstallKB37259$\1562456917\Desktop.ini
c:\windows\$NtUninstallKB37259$\1562456917\keywords
c:\windows\$NtUninstallKB37259$\1562456917\kwrd.dll
c:\windows\$NtUninstallKB37259$\1562456917\L\mtrhtpie
c:\windows\$NtUninstallKB37259$\1562456917\lsflt7.ver
c:\windows\$NtUninstallKB37259$\1562456917\U\00000001.@
c:\windows\$NtUninstallKB37259$\1562456917\U\00000002.@
c:\windows\$NtUninstallKB37259$\1562456917\U\80000000.@
c:\windows\$NtUninstallKB37259$\1562456917\U\80000032.@
c:\windows\$NtUninstallKB37259$\219424909
c:\windows\dasetup.log
c:\windows\help\wmplayer.bak
c:\windows\PCGWIN32.LI5
c:\windows\Readme.txt
c:\windows\SNMPAPI.DLL
c:\windows\system\ATIR3D32.DLL
c:\windows\system\ATIR3D3D.DLL
c:\windows\system\ATIR3VPE.DLL
c:\windows\system\bwcc32.dll
c:\windows\system\ddraw.dll
c:\windows\system\dsound.dll
c:\windows\System\jgaw400.dll
c:\windows\system\msvbvm60.dll
c:\windows\system\olepro32.dll
c:\windows\system32\basexinfo.txt
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\office.exe
c:\windows\system32\psis80ex.ax
c:\windows\system32\Temp
c:\windows\system32\wcpsvsu.exe
D:\Autorun.inf
G:\Autorun.inf
G:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ZESOFT
.
.
((((((((((((((((((((((((( Files Created from 2011-09-15 to 2011-10-15 )))))))))))))))))))))))))))))))
.
.
2011-10-10 00:34 . 2011-10-10 00:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
2011-10-08 18:44 . 2011-10-08 18:44 -------- d-----w- c:\program files\Common Files\Java
2011-10-08 18:13 . 2011-10-08 18:12 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-05 03:51 . 2011-10-05 04:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-05 03:51 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-05 02:25 . 2011-10-05 02:25 -------- d-----w- c:\documents and settings\Administrator
2011-10-04 19:09 . 2011-10-04 19:09 -------- d-----w- c:\documents and settings\Owner\Application Data\HhTXwjUCeItPyAi
2011-10-04 19:09 . 2011-10-04 19:09 -------- d-----w- c:\documents and settings\Owner\Application Data\z2ibD3pnGaHdKfL
2011-10-04 18:33 . 2011-10-04 18:33 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-10-04 17:20 . 2011-10-04 17:20 -------- d-----w- c:\documents and settings\Owner\Application Data\PkkUUVrlOBtx0uS
2011-10-04 17:20 . 2011-10-04 17:20 -------- d-----w- c:\documents and settings\Owner\Application Data\tQJJ77dEK8gRqhX
2011-10-04 17:19 . 2011-10-04 17:19 -------- d-----w- c:\documents and settings\Owner\Application Data\F2oobFF4p
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-08 18:12 . 2010-09-03 22:10 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-22 00:56 . 2011-06-29 06:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 19:15 . 2011-05-11 22:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-08-20 118784]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 176128]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-01-07 2747744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-9-8 745472]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-12-23 2330624]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2008-5-15 1044577]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-9-8 745472]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\internet\Email\Eudora Tir na nOg\EuShlExt.dll" [2002-09-30 86016]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]
2007-10-09 21:21 169328 ----a-w- c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-11-19 22:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"ACDaemon"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"WebClient"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"Schedule"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"MSDTC"=3 (0x3)
"ImapiService"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 251728]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 299984]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/8/2007 8:20 AM 66048]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [7/31/2009 3:12 PM 341504]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/21/2010 8:35 PM 136176]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 26192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/21/2010 8:35 PM 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [9/3/2010 6:10 PM 24576]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [9/8/2007 8:20 AM 167808]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [9/8/2007 8:20 AM 13532]
S4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/6/2011 3:23 PM 6128720]
S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [10/22/2010 4:58 AM 265400]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 01:35]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 01:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.webcrawler.com/
mLocal Page = hxxp://www.webcrawler.com/
mStart Page =
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4xw0c9j5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FB8FBFDE-8BAD-4170-ADA2-43D983A111F8} - c:\windows\system32\bfggc.dll
HKCU-Run-TimeCalendar - c:\program files\TimeCalendarLE\TCLE.exe
HKLM-Run-iTunesHelper - c:\video\Itunes\iTunesHelper.exe
HKLM-Run-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
SharedTaskScheduler-{3ce8b097-ab61-4dc4-ad07-37552f4e4f83} - c:\windows\system32\jefosodi.dll
SSODL-beropemub-{3ce8b097-ab61-4dc4-ad07-37552f4e4f83} - c:\windows\system32\jefosodi.dll
SafeBoot-56380856.sys
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd.exe
MSConfigStartUp-MimBoot - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
MSConfigStartUp-XqqqhYCCwkVrlNx8234A - c:\windows\system32\YmmHH5sQJ7dE8.exe
MSConfigStartUp-zSPGuard - c:\documents and settings\owner\desktop\hijack help\spguard\spguard.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-15 14:55
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(484)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\windows\system32\sesinetd.exe
c:\windows\system32\hserver.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\ALCXMNTR.EXE
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2011-10-15 15:07:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-15 20:07
.
Pre-Run: 38,418,894,848 bytes free
Post-Run: 38,682,103,808 bytes free
.
- - End Of File - - E9C58454EBDCD76FB7F75F53886226B2

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:43 AM

Posted 16 October 2011 - 08:12 AM

That's a good start.


P2P Warning:

Azureus

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


===============================================


:step1: Please run Flash_Disinfector to your laptop to prevent it from getting infected.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.




:step2: We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

ClearJavaCache:: 

Folder::
c:\documents and settings\Owner\Application Data\HhTXwjUCeItPyAi
c:\documents and settings\Owner\Application Data\z2ibD3pnGaHdKfL
c:\documents and settings\Owner\Application Data\PkkUUVrlOBtx0uS
c:\documents and settings\Owner\Application Data\tQJJ77dEK8gRqhX
c:\documents and settings\Owner\Application Data\F2oobFF4p

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
"FirewallOverride"=-

FileLook::
C:\WINDOWS\System32\F29435.bin
C:\WINDOWS\System32\e7462k.bin

DirLook::
c:\documents and settings\NetworkService\UserData

4. Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




:step3: Please run OTL and click the "Quick Scan" button, post the new report for my review.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 kloiga

kloiga
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 16 October 2011 - 12:40 PM

sempai,

Azureus

I am unable to uninstall this through Control Panel's Add/Remove Programs. I get 'cannot load main class.' Should I delete the folders and will that be enough or will that leave littered remains?

:step1: Please run Flash_Disinfector to your laptop to prevent it from getting infected.

I attempted to install this. My flash drive was already plugged in. The first time I received a dialogue box stating that the program didn't install properly and asking me if I wanted to try again recommended settings. I clicked yes, then nothing happened. I tried again, nothing happened. On the third attempt, I removed my flash drive first. Again, nothing happened. I ran this from my laptop. I did receive prompts asking me if it was okay to run the .exe even though it was an unknown publisher etc. I received no prompts and no hidden folder was created on my flash drive.

I did not reboot afterward since it doesn't appear to have installed. I re-downloaded it and tried again with the same results.

:step2: We need to execute a ComboFix script.

AVG Free gives me no option in the system tray icon to exit or disable. I terminated all processes beginning with avg, but not sure if that properly shut it down before running the ComboFix script.

ComboFix 11-10-15.03 - Owner 10/16/2011 13:07:21.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2551.2028 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\F2oobFF4p
c:\documents and settings\Owner\Application Data\HhTXwjUCeItPyAi
c:\documents and settings\Owner\Application Data\PkkUUVrlOBtx0uS
c:\documents and settings\Owner\Application Data\tQJJ77dEK8gRqhX
c:\documents and settings\Owner\Application Data\z2ibD3pnGaHdKfL
c:\windows\system\DSCVR.DLL
c:\windows\system\FRAMEBUF.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-09-16 to 2011-10-16 )))))))))))))))))))))))))))))))
.
.
2011-10-10 00:34 . 2011-10-10 00:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
2011-10-08 18:44 . 2011-10-08 18:44 -------- d-----w- c:\program files\Common Files\Java
2011-10-08 18:13 . 2011-10-08 18:12 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-05 03:51 . 2011-10-05 04:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-05 03:51 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-05 02:25 . 2011-10-05 02:25 -------- d-----w- c:\documents and settings\Administrator
2011-10-04 18:33 . 2011-10-04 18:33 -------- d-s---w- c:\documents and settings\NetworkService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-08 18:12 . 2010-09-03 22:10 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-22 00:56 . 2011-06-29 06:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 19:15 . 2011-05-11 22:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\System32\e7462k.bin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 8
Created time: 2003-05-26 17:11
Modified time: 2003-05-26 17:11
MD5: E094BD8C688D73D4B90780CB8BB5E970
SHA1: ADBDAC4CDA50D02FF7024BED4548F99C0F9D64C2
.
.
--- c:\windows\System32\F29435.bin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 8
Created time: 2003-05-26 17:11
Modified time: 2003-08-24 00:38
MD5: 61D12C0A806B64D96A06102C51098A04
SHA1: 748689303FC2FECA99A21DAEB0556CB25FB388C5
.
---- Directory of c:\documents and settings\NetworkService\UserData ----
.
2011-10-04 19:17 . 2011-10-04 19:17 40 ----a-w- c:\documents and settings\NetworkService\UserData\45U9WB2B\pmocntr2[1].xml
2011-10-04 18:33 . 2011-10-04 19:17 32768 ----a-w- c:\documents and settings\NetworkService\UserData\index.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-08-20 118784]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 176128]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-01-07 2747744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-9-8 745472]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-12-23 2330624]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2008-5-15 1044577]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-9-8 745472]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\internet\Email\Eudora Tir na nOg\EuShlExt.dll" [2002-09-30 86016]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]
2007-10-09 21:21 169328 ----a-w- c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-11-19 22:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"ACDaemon"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"WebClient"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"Schedule"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"MSDTC"=3 (0x3)
"ImapiService"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 251728]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 299984]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/8/2007 8:20 AM 66048]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [7/31/2009 3:12 PM 341504]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/21/2010 8:35 PM 136176]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 26192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/21/2010 8:35 PM 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [9/3/2010 6:10 PM 24576]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [9/8/2007 8:20 AM 167808]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [9/8/2007 8:20 AM 13532]
S4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/6/2011 3:23 PM 6128720]
S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [10/22/2010 4:58 AM 265400]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 01:35]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 01:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.webcrawler.com/
mLocal Page = hxxp://www.webcrawler.com/
mStart Page =
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4xw0c9j5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-16 13:19
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(736)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\windows\system32\sesinetd.exe
c:\windows\system32\hserver.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\ALCXMNTR.EXE
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2011-10-16 13:27:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-16 18:27
ComboFix2.txt 2011-10-15 20:07
.
Pre-Run: 38,694,866,944 bytes free
Post-Run: 38,704,111,616 bytes free
.
- - End Of File - - BE9FE85D26BE3B3C66EB43259459A461


OTL logfile created on: 10/16/2011 1:43:14 PM - Run 2
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 79.37% Memory free
3.08 Gb Paging File | 2.81 Gb Available in Paging File | 91.15% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.56 Gb Total Space | 36.08 Gb Free Space | 33.54% Space Free | Partition Type: NTFS
Drive D: | 4.24 Gb Total Space | 0.69 Gb Free Space | 16.33% Space Free | Partition Type: FAT32
Drive G: | 465.76 Gb Total Space | 465.10 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive H: | 7.47 Gb Total Space | 6.94 Gb Free Space | 92.90% Space Free | Partition Type: FAT32

Computer Name: PICKLE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/15 10:39:00 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/10/08 13:12:58 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/12/23 11:45:16 | 002,330,624 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/06 20:19:28 | 000,745,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
PRC - [2005/08/07 01:23:04 | 000,856,064 | ---- | M] (Side Effects Software Inc.) -- C:\WINDOWS\system32\sesinetd.exe
PRC - [2005/08/07 01:21:10 | 000,892,928 | ---- | M] (Side Effects Software Inc.) -- C:\WINDOWS\system32\hserver.exe
PRC - [2004/10/04 17:05:04 | 001,044,577 | ---- | M] () -- C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe


========== Modules (No Company Name) ==========

MOD - [2009/12/23 11:45:16 | 002,330,624 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
MOD - [2009/12/23 10:56:34 | 000,053,248 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WlanDll.dll
MOD - [2009/07/14 17:31:30 | 000,335,872 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.dll
MOD - [2007/12/15 01:30:54 | 001,167,360 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\acAuth.dll
MOD - [2007/09/14 10:27:14 | 000,024,576 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\CheckSessions.dll
MOD - [2006/04/06 20:19:28 | 000,745,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
MOD - [2004/10/04 17:05:04 | 001,044,577 | ---- | M] () -- C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/08 13:12:58 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2005/08/07 01:23:04 | 000,856,064 | ---- | M] (Side Effects Software Inc.) [Auto | Running] -- C:\WINDOWS\system32\sesinetd.exe -- (HoudiniLicenseServer)
SRV - [2005/08/07 01:21:10 | 000,892,928 | ---- | M] (Side Effects Software Inc.) [Auto | Running] -- C:\WINDOWS\system32\hserver.exe -- (HoudiniServer)
SRV - [2004/01/05 02:30:14 | 000,065,795 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/02 07:51:40 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Stopped] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009/07/31 15:12:18 | 000,341,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009/06/10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2006/03/27 17:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/04 16:57:12 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/10/01 09:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 00:59:50 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 00:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004/02/17 05:49:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/03/31 13:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/26 21:19:50 | 000,260,736 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/02/22 21:55:26 | 000,141,824 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2002/12/27 13:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/25 00:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/02 08:57:12 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)
DRV - [2002/10/01 08:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/06 20:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/07/29 23:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.webcrawler.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Assistant = http://www.seekseek.com/quicksearch.asp?keyphrase=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.webcrawler.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Config = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 49 45 BA F9 FE DE 71 3C 18 BA 8A C6 15 C8 FE F2 6F 7E 50 2E 2B CF 12 01 9E 7D 91 E9 EE CA 67 BD FC 1B 56 45 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,GUID = 94 FD 1C 6D 6D 6A C4 01 30 C6 2C CD 73 94 C4 01 EC 81 2B 96 2A 94 C4 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.20926.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/14 02:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 14:15:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/04 10:31:52 | 000,000,000 | ---D | M]

[2008/07/10 19:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/05/11 17:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4xw0c9j5.default\extensions
[2010/06/27 19:27:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4xw0c9j5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/13 20:17:44 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4xw0c9j5.default\extensions\moveplayer@movenetworks.com
[2008/06/20 18:46:33 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4xw0c9j5.default\searchplugins\wikipedia.xml
[2011/10/08 13:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/08 13:13:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/10/04 14:15:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/08 13:12:58 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/10/07 16:40:23 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2011/10/04 14:15:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/16 13:19:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab (iTunesDetector Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\bt2 {1730B77B-F429-498f-9B15-4514D83C8294} - C:\Audio Tools\BT2Net\bt2plugin.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/x-bt2 {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\Audio Tools\BT2Net\bt2plugin.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Internet\Email\Eudora Tir na nOg\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/15 14:25:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/15 14:25:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/15 14:25:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/15 14:25:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/15 14:25:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/15 14:25:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/15 14:23:49 | 004,261,901 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/10/15 10:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2011/10/15 10:56:45 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/09 19:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
[2011/10/08 13:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/08 12:49:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/10/04 22:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/04 22:51:05 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/04 22:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/04 14:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2011/10/04 13:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/16 13:19:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/16 13:17:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/15 14:03:20 | 004,261,901 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/10/15 10:39:00 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/15 10:37:54 | 001,541,014 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/10/08 14:58:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/10/07 21:09:41 | 000,055,361 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/10/06 00:48:50 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2011/10/04 23:34:15 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/04 23:10:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1429414237
[2011/10/04 23:01:30 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/04 20:17:37 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/04 14:17:46 | 000,000,478 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/10/04 14:17:33 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/10/04 13:39:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/03 08:51:42 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\Owner\webct_upload_applet.properties
[2011/10/01 18:33:02 | 000,026,954 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AZ-tickets.pdf
[2011/09/28 20:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/28 01:03:15 | 000,023,503 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1860738519-51806832-tickets.pdf
[2011/09/24 19:06:24 | 000,002,167 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\IDLE (Python GUI).lnk
[2011/09/20 08:43:20 | 000,026,879 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Modern English tickets.pdf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\gubememe
[2011/10/15 14:25:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/15 14:25:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/15 14:25:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/15 14:25:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/15 14:25:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/15 10:56:31 | 001,541,014 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/10/08 14:58:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/10/05 08:44:49 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk
[2011/10/05 08:44:49 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk
[2011/10/04 23:34:15 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/04 22:51:10 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/04 22:27:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1429414237
[2011/10/01 18:33:01 | 000,026,954 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AZ-tickets.pdf
[2011/09/28 01:03:14 | 000,023,503 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1860738519-51806832-tickets.pdf
[2011/09/20 08:43:18 | 000,026,879 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Modern English tickets.pdf
[2011/06/24 16:43:45 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/09/12 18:15:21 | 000,055,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/21 23:02:44 | 000,011,518 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
[2009/08/31 08:04:30 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2009/08/31 08:04:29 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2009/08/31 08:04:25 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2009/04/21 03:06:04 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/02 10:52:16 | 000,814,104 | ---- | C] () -- C:\WINDOWS\System32\rtdsk50.exe
[2009/04/02 10:52:16 | 000,292,376 | ---- | C] () -- C:\WINDOWS\System32\wl50ent.dll
[2009/04/02 10:52:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\PCGW32.DLL
[2009/04/02 10:52:15 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\dbisql.exe
[2009/04/02 10:52:15 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dbcon6.dll
[2009/04/02 10:52:15 | 000,102,936 | ---- | C] () -- C:\WINDOWS\System32\dbl50t.dll
[2009/04/02 10:52:15 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dbl50to.dll
[2009/04/02 10:52:14 | 000,262,168 | ---- | C] () -- C:\WINDOWS\System32\dbclient.exe
[2009/04/02 10:18:20 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2009/01/12 11:25:45 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/01/12 11:25:45 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/01/12 11:25:45 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/01/12 11:25:45 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/01/12 11:25:45 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/01/12 11:25:45 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/01/12 11:25:45 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/01/12 11:25:45 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/01/12 11:25:45 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/01/12 11:25:45 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/01/12 11:25:45 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/01/12 11:25:45 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/01/12 11:25:45 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/01/12 11:25:45 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/12 11:25:44 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/01/12 11:25:44 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/01/12 11:22:40 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EPSPRX680.ini
[2008/10/17 15:23:01 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/05/15 16:58:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/05/15 16:58:06 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/01/18 17:21:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2005/08/16 14:46:58 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Win9990.dat
[2005/08/16 14:46:58 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Win6661.dat
[2005/08/16 14:46:58 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Win1118.dat
[2005/08/12 14:21:55 | 000,004,473 | ---- | C] () -- C:\WINDOWS\System32\hserver.ini
[2005/05/09 16:16:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/04/22 18:08:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/22 18:08:48 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/04/22 18:08:34 | 000,004,459 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/28 18:30:43 | 000,000,457 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2005/03/05 04:57:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/04 03:06:57 | 000,145,738 | ---- | C] () -- C:\WINDOWS\dhdom1.bin
[2005/02/25 00:05:19 | 000,007,471 | ---- | C] () -- C:\WINDOWS\ljqqt.dat
[2005/02/24 07:00:45 | 000,006,592 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2005/02/24 07:00:44 | 008,412,754 | ---- | C] () -- C:\WINDOWS\salm_kyf.dat
[2005/02/16 11:20:57 | 000,007,471 | ---- | C] () -- C:\WINDOWS\System32\whfwf.dat
[2005/02/16 11:20:54 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/02/15 07:56:55 | 000,007,471 | ---- | C] () -- C:\WINDOWS\System32\helgb.dat
[2005/02/11 02:03:41 | 000,007,471 | ---- | C] () -- C:\WINDOWS\System32\nhkvu.dat
[2005/01/25 11:54:15 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/01/18 14:13:18 | 000,021,312 | ---- | C] () -- C:\WINDOWS\choice.exe
[2004/12/31 15:58:49 | 001,847,104 | ---- | C] () -- C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE
[2004/12/28 16:36:30 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/12/28 15:58:12 | 000,000,333 | ---- | C] () -- C:\WINDOWS\salm_gdf.dat
[2004/12/28 15:58:04 | 000,318,050 | ---- | C] () -- C:\WINDOWS\salmau.dat
[2004/11/09 19:19:51 | 000,000,037 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll
[2004/10/20 01:05:23 | 000,060,416 | ---- | C] () -- C:\WINDOWS\sxstall2.exe
[2004/10/17 18:54:40 | 000,106,528 | ---- | C] () -- C:\WINDOWS\u1230_32.dll
[2004/10/17 18:54:40 | 000,047,616 | ---- | C] () -- C:\WINDOWS\ucmsp_32.dll
[2004/10/16 07:08:36 | 001,865,736 | ---- | C] () -- C:\WINDOWS\System32\lmd.bin
[2004/10/12 06:37:49 | 000,000,113 | ---- | C] () -- C:\WINDOWS\jawa32vs.bin
[2004/08/22 14:49:23 | 000,081,972 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/08/09 21:07:00 | 000,001,067 | ---- | C] () -- C:\WINDOWS\dsearch1.bin
[2004/08/09 21:06:59 | 000,087,016 | ---- | C] () -- C:\WINDOWS\dhdomp1.bin
[2004/07/23 18:52:16 | 000,224,768 | ---- | C] () -- C:\WINDOWS\System32\B4FM.dll
[2004/07/22 21:48:26 | 000,000,045 | ---- | C] () -- C:\WINDOWS\BHJGJFJJ.ini
[2004/07/15 05:26:45 | 000,086,030 | ---- | C] () -- C:\WINDOWS\System32\msdjgk.dll
[2004/06/29 21:38:14 | 000,000,627 | ---- | C] () -- C:\WINDOWS\sepsd.bin
[2004/06/22 12:55:01 | 000,000,036 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/10 12:03:31 | 000,300,012 | ---- | C] () -- C:\WINDOWS\mxtarget.ini
[2004/05/27 00:19:49 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2004/05/25 14:47:21 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\cwmdtl50.dll
[2004/05/25 14:47:21 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\cwsmaf40.dll
[2004/04/26 20:28:08 | 000,112,640 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2004/01/15 09:00:26 | 000,000,033 | ---- | C] () -- C:\WINDOWS\quark.ini
[2004/01/13 14:25:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\sversion.ini
[2004/01/13 13:41:55 | 000,077,824 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2003/11/05 12:55:11 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\mm_dsmd.exe
[2003/11/05 12:46:48 | 000,000,708 | ---- | C] () -- C:\WINDOWS\System32\dxamph3.dll
[2003/11/02 17:53:53 | 000,001,492 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2003/11/02 17:47:59 | 000,022,016 | ---- | C] () -- C:\WINDOWS\exeshl.dll
[2003/11/02 17:47:59 | 000,000,049 | ---- | C] () -- C:\WINDOWS\netctrl.ini
[2003/11/02 17:43:47 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2003/11/02 17:43:47 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/09/16 19:35:47 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\anti_deb.dll
[2003/06/19 20:23:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\DelPiv.exe
[2003/06/07 23:44:19 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/06/07 16:11:40 | 000,000,024 | ---- | C] () -- C:\WINDOWS\MSCPX.ini
[2003/06/07 15:57:18 | 000,135,200 | ---- | C] () -- C:\WINDOWS\u1220_32.dll
[2003/06/07 15:57:18 | 000,068,608 | ---- | C] () -- C:\WINDOWS\vufile32.dll
[2003/06/07 15:57:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\u2200_32.dll
[2003/06/07 15:57:18 | 000,030,208 | ---- | C] () -- C:\WINDOWS\uxmail32.dll
[2003/06/07 15:57:11 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/06/07 15:57:11 | 000,027,584 | ---- | C] () -- C:\WINDOWS\PIDGEN.DLL
[2003/06/07 15:57:10 | 000,025,600 | ---- | C] () -- C:\WINDOWS\MEMBOOT.DLL
[2003/06/07 15:57:10 | 000,005,440 | R--- | C] () -- C:\WINDOWS\MMLIB.DLL
[2003/06/07 15:57:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\BurnQuickShx.dll
[2003/06/07 15:57:02 | 000,095,152 | R--- | C] () -- C:\WINDOWS\CARDLIB.DLL
[2003/05/31 22:11:00 | 000,000,516 | ---- | C] () -- C:\WINDOWS\EZPHOTO.INI
[2003/05/29 16:43:08 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/05/26 14:46:59 | 000,055,361 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/05/26 12:11:17 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\F29435.bin
[2003/05/26 12:11:02 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\e7462k.bin
[2003/05/26 10:38:41 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/05/26 09:12:18 | 000,000,690 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2003/05/25 16:35:39 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003/04/25 11:24:15 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/04/25 11:24:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/04/25 11:23:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/04/25 11:23:50 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/04/25 10:44:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/04/25 10:44:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/04/25 10:44:43 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/04/25 10:44:37 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/04/25 10:44:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/04/10 06:10:20 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/10 06:08:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/10 06:08:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/10 05:59:52 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/10 05:53:45 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 05:36:30 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/10 05:26:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/04/10 05:26:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/04/10 05:16:02 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/10 05:06:11 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/10 05:06:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/10 05:05:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/10 04:53:32 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/10 04:51:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/10 04:46:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/04/10 04:37:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 04:37:11 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/10 04:37:11 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/10 02:08:18 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 02:08:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/04/09 21:42:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/09 21:41:03 | 000,293,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/12/05 17:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2002/06/06 01:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2000/02/16 00:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\UniClear.exe
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/01/14 02:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/01/14 02:48:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2004/11/09 19:21:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Dpi
[2009/01/12 12:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/02/07 23:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar and Bass
[2010/09/03 18:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2011/03/20 15:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2011/01/14 02:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/10/01 18:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/01/14 11:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/09/03 18:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2011/10/04 22:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/11 18:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2005/07/08 17:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.bt2
[2010/03/04 09:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Anvil Studio
[2011/01/14 02:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2011/02/08 08:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2006/09/06 12:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2011/02/08 00:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CDisplayEx
[2003/12/10 11:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileMaker
[2007/08/03 16:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2004/04/13 11:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2003/04/10 05:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2003/05/25 16:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2009/01/12 11:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2004/07/06 09:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lycos
[2009/04/23 06:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Qualcomm
[2004/11/02 16:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\rawh
[2003/04/10 06:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007/06/26 19:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
[2009/06/08 16:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2010/09/03 18:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Teleca
[2004/04/27 13:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/09/03 07:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2003/05/26 14:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 7471 bytes -> C:\WINDOWS\Q329048Uninst.log:pffbrk
@Alternate Data Stream - 7471 bytes -> C:\WINDOWS\IEPatchUninstall.log:mocdsl
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\gwpreset.ini:tojyya
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\ucmsp_32.dll:efxcn
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\u1230_32.dll:leeps
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\ST6UNST.EXE:irwkl
@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\jawa32vs.bin:wsoki

< End of report >

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:43 AM

Posted 17 October 2011 - 08:16 AM

I am unable to uninstall this through Control Panel's Add/Remove Programs. I get 'cannot load main class.' Should I delete the folders and will that be enough or will that leave littered remains?

Let's work on this later.



Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\gubememe
    [2011/10/04 22:27:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1429414237
    [2010/03/21 23:02:44 | 000,011,518 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
    [2005/02/16 11:20:57 | 000,007,471 | ---- | C] () -- C:\WINDOWS\System32\whfwf.dat
    [2005/02/15 07:56:55 | 000,007,471 | ---- | C] () -- C:\WINDOWS\System32\helgb.dat
    [2005/02/11 02:03:41 | 000,007,471 | ---- | C] () -- C:\WINDOWS\System32\nhkvu.dat
    [2004/12/28 16:36:30 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
    [2004/12/28 15:58:12 | 000,000,333 | ---- | C] () -- C:\WINDOWS\salm_gdf.dat
    [2004/12/28 15:58:04 | 000,318,050 | ---- | C] () -- C:\WINDOWS\salmau.dat
    [2004/11/09 19:19:51 | 000,000,037 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll
    [2003/05/26 12:11:17 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\F29435.bin
    [2003/05/26 12:11:02 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\e7462k.bin
    @Alternate Data Stream - 7471 bytes -> C:\WINDOWS\Q329048Uninst.log:pffbrk
    @Alternate Data Stream - 7471 bytes -> C:\WINDOWS\IEPatchUninstall.log:mocdsl
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    @Alternate Data Stream - 11736 bytes -> C:\WINDOWS\gwpreset.ini:tojyya
    @Alternate Data Stream - 11591 bytes -> C:\WINDOWS\ucmsp_32.dll:efxcn
    @Alternate Data Stream - 11591 bytes -> C:\WINDOWS\u1230_32.dll:leeps
    @Alternate Data Stream - 11591 bytes -> C:\WINDOWS\ST6UNST.EXE:irwkl
    @Alternate Data Stream - 11591 bytes -> C:\WINDOWS\jawa32vs.bin:wsoki
    O18 - Protocol\Handler\bt2 {1730B77B-F429-498f-9B15-4514D83C8294} - C:\Audio Tools\BT2Net\bt2plugin.dll File not found
    O18 - Protocol\Filter\application/x-bt2 {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\Audio Tools\BT2Net\bt2plugin.dll File not found
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [RESETHOSTS]
    [EMPTYTEMP] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 kloiga

kloiga
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 18 October 2011 - 08:44 AM

sempai,

Here's the latest OTL log:

All processes killed
========== OTL ==========
C:\WINDOWS\system32\gubememe moved successfully.
C:\WINDOWS\1429414237 moved successfully.
C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo moved successfully.
C:\WINDOWS\system32\whfwf.dat moved successfully.
C:\WINDOWS\system32\helgb.dat moved successfully.
C:\WINDOWS\system32\nhkvu.dat moved successfully.
C:\WINDOWS\kwv2.dat moved successfully.
C:\WINDOWS\salm_gdf.dat moved successfully.
C:\WINDOWS\salmau.dat moved successfully.
C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll moved successfully.
C:\WINDOWS\system32\F29435.bin moved successfully.
C:\WINDOWS\system32\e7462k.bin moved successfully.
ADS C:\WINDOWS\Q329048Uninst.log:pffbrk deleted successfully.
ADS C:\WINDOWS\IEPatchUninstall.log:mocdsl deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
ADS C:\WINDOWS\gwpreset.ini:tojyya deleted successfully.
ADS C:\WINDOWS\ucmsp_32.dll:efxcn deleted successfully.
ADS C:\WINDOWS\u1230_32.dll:leeps deleted successfully.
ADS C:\WINDOWS\ST6UNST.EXE:irwkl deleted successfully.
ADS C:\WINDOWS\jawa32vs.bin:wsoki deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bt2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1730B77B-F429-498f-9B15-4514D83C8294}\ deleted successfully.
File {1730B77B-F429-498f-9B15-4514D83C8294} - C:\Audio Tools\BT2Net\bt2plugin.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-bt2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E1DDCE8-76BC-4390-9488-806E8FB1AD77}\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4943483 bytes
->Flash cache emptied: 1858 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 385 bytes

User: Owner
->Temp folder emptied: 5668393 bytes
->Temporary Internet Files folder emptied: 1648389 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54028622 bytes
->Flash cache emptied: 68175 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3207680 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 202221 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 67.00 mb


OTL by OldTimer - Version 3.2.30.0 log created on 10182011_095027

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:43 AM

Posted 18 October 2011 - 09:03 AM

How's the computer running?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 kloiga

kloiga
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 18 October 2011 - 09:11 AM

sempei,

It's running very smooth. Thank you for the virus and clean-up help! However, I still show 2 network connection icons in my system tray.

One seems to be provided by Netgear. It shows connected, but when I click it to open the Netgear connection dialogue, no IP address shows.

The other appears to be a Windows connection icon. Clicking on it to bring up the dialogue box, it shows connected but is stuck on 'acquiring network address.'

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:43 AM

Posted 18 October 2011 - 09:30 AM

First, try to uninstall-reinstall AVG. If this doesn't help... please do the same thing with NETGEAR WG111 Software.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:43 AM

Posted 22 October 2011 - 07:58 AM

Are you still with me?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users