Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

programs won't run, no ie or firefox after uninstalling battlezone1.com


  • This topic is locked This topic is locked
22 replies to this topic

#1 msmithr99

msmithr99

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 28 October 2012 - 10:18 PM

first thanks for any help.

I no longer have programs that run or access to the internet via ie or firefox after I uninstalled battlezone1.com

So take it from me, do not download anything from this site.

I have run combofix with the hope it would fix it. It fixed a few items but the computer functionality is still not working.

Any help is appreciated.

Thank You.

UPDATE: Can open run programs as long as I right click the icon and choose open. Also, the quick start menu bar was deselected. Running AVG scan showed nothing, running AMB (Anti Malwarebytes) to see if it fixes.

Any ideas would be great. Thanks!

ComboFix 12-10-26.05 - owner 10/28/2012 21:56:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2632 [GMT -5:00]
Running from: c:\documents and settings\owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\SET91.tmp
c:\windows\system32\SET93.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SET9F.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))
.
.
2012-10-19 21:17 . 2012-10-19 21:17 -------- d-----w- c:\documents and settings\owner\Application Data\IObit
2012-10-19 21:17 . 2012-10-19 21:17 -------- d-----w- c:\program files\IObit
2012-10-19 03:16 . 2012-10-19 03:16 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2012-10-19 01:25 . 2012-10-19 01:26 -------- d--h--w- c:\windows\msdownld.tmp
2012-10-19 01:25 . 2012-10-19 01:25 -------- d-----w- c:\windows\Logs
2012-10-19 01:23 . 2012-10-19 01:31 -------- d-----w- c:\program files\Battlezone 1.5
2012-10-19 01:14 . 2012-10-19 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-10-19 01:13 . 2012-10-19 01:15 -------- d-----w- c:\documents and settings\owner\Application Data\Yahoo!
2012-10-19 01:13 . 2012-10-19 01:15 -------- d-----w- c:\program files\Yahoo!
2012-10-08 21:50 . 2012-10-08 21:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-10-05 12:06 . 2012-10-05 12:06 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Mozilla
2012-10-05 12:06 . 2012-10-05 12:06 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 22:50 . 2012-06-02 14:04 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 22:50 . 2012-06-02 14:04 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 15:14 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 20:43 . 2012-03-19 10:17 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 13:53 . 2004-08-04 10:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2005-03-30 01:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-09-06 01:27 . 2012-10-05 12:06 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gStart"="c:\program files\Garmin\Training Center\gStart.exe" [2008-08-13 1891416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-26 335872]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-07-07 53248]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HostManager"="c:\program files\Common Files\AOL\1339277786\ee\AOLSoftware.exe" [2010-03-08 41800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-06-20 421888]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1339277786\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301920]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [10/19/2012 4:17 PM 821592]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [10/19/2012 4:17 PM 246816]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [10/19/2012 4:17 PM 30368]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [10/19/2012 4:17 PM 16208]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/2/2012 9:04 AM 250808]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/27/2012 10:17 PM 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [10/5/2012 7:06 AM 114144]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [1/4/2012 9:28 AM 16128]
S3 VFWDLF;VFWDLF;c:\docume~1\owner\LOCALS~1\Temp\VFWDLF.exe --> c:\docume~1\owner\LOCALS~1\Temp\VFWDLF.exe [?]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/27/2012 10:17 PM 655944]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 22:50]
.
2012-10-21 c:\windows\Tasks\User_Feed_Synchronization-{B83F3855-FAC0-491F-AFB8-0C931EDE0192}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://support.dell.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-28 22:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-10-28 22:02:15
ComboFix-quarantined-files.txt 2012-10-29 03:02
.
Pre-Run: 470,140,055,552 bytes free
Post-Run: 470,146,957,312 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 558A2E6984E3290D3963BCE7083B1987

Edited by hamluis, 29 October 2012 - 05:29 PM.
Added CF log, moved from XP to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:17 PM

Posted 30 October 2012 - 05:46 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 msmithr99

msmithr99
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 30 October 2012 - 06:10 PM

Thanks for your help. Looking forward to the steps to fix this.

Thanks

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:17 PM

Posted 30 October 2012 - 07:46 PM

Okay, let's see what might be here.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 msmithr99

msmithr99
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 30 October 2012 - 09:13 PM

scan as requested

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-30 20:50:41
-----------------------------
20:50:41.078 OS Version: Windows 5.1.2600 Service Pack 3
20:50:41.078 Number of processors: 2 586 0x304
20:50:41.078 ComputerName: OWNER-1BD4E0DA7 UserName: owner
20:50:42.421 Initialize success
20:53:56.750 AVAST engine defs: 12103001
21:01:52.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:01:52.109 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
21:01:52.109 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
21:01:52.109 Disk 1 Vendor: Maxtor_6 YAR5 Size: 76293MB BusType: 3
21:01:52.125 Disk 0 MBR read successfully
21:01:52.125 Disk 0 MBR scan
21:01:52.171 Disk 0 Windows XP default MBR code
21:01:52.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 2048
21:01:52.203 Disk 0 scanning sectors +976769024
21:01:52.296 Disk 0 scanning C:\WINDOWS\system32\drivers
21:02:04.468 Service scanning
21:02:20.140 Modules scanning
21:02:23.375 Disk 0 trace - called modules:
21:02:23.390 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:02:23.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a1beab8]
21:02:23.390 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x89c92030]
21:02:24.609 AVAST engine scan C:\WINDOWS
21:02:31.921 AVAST engine scan C:\WINDOWS\system32
21:06:08.859 AVAST engine scan C:\WINDOWS\system32\drivers
21:06:37.468 AVAST engine scan C:\Documents and Settings\owner
21:11:06.812 AVAST engine scan C:\Documents and Settings\All Users
21:11:51.328 Scan finished successfully
21:12:37.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\owner\Desktop\MBR.dat"
21:12:37.296 The log file has been saved successfully to "C:\Documents and Settings\owner\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:17 PM

Posted 31 October 2012 - 06:54 PM

Please run OTL next, this is a scanner which we can use to remove items

  • Please download OTL
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.

Posted Image
m0le is a proud member of UNITE

#7 msmithr99

msmithr99
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 31 October 2012 - 08:27 PM

OTL Scan as requested:

OTL logfile created on: 10/31/2012 8:02:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 78.95% Memory free
4.84 Gb Paging File | 4.24 Gb Available in Paging File | 87.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 438.05 Gb Free Space | 94.05% Space Free | Partition Type: NTFS
Drive F: | 74.50 Gb Total Space | 74.42 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: OWNER-1BD4E0DA7 | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/31 20:01:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
PRC - [2012/09/05 20:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/05/09 16:28:52 | 004,464,472 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2008/08/13 15:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\Training Center\gStart.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/05 20:26:41 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/28 13:17:38 | 001,217,880 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\Scan.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/23 13:41:30 | 000,138,752 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
MOD - [2010/11/26 12:18:08 | 000,175,616 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\unrar.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\owner\LOCALS~1\Temp\VFWDLF.exe -- (VFWDLF)
SRV - [2012/10/08 17:50:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\owner\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/07/19 04:38:52 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/28 13:17:26 | 000,016,208 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2012/04/28 13:17:22 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/01/05 18:07:40 | 000,246,816 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2012/01/04 09:28:36 | 000,016,128 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2006/03/01 20:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/05/06 14:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 14:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 14:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/05/25 23:19:00 | 000,729,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/04/29 18:55:42 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2001/08/17 07:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-776561741-2139871995-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-776561741-2139871995-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-776561741-2139871995-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-776561741-2139871995-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-2139871995-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://blekko.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/10 16:35:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 17:08:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/05 07:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/05 07:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2012/10/29 16:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\jabl4p2z.default\extensions
[2012/10/05 07:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/31 19:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012/10/31 19:14:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/28 22:00:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-776561741-2139871995-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-2139871995-839522115-1003\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1339277786\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKU\S-1-5-21-776561741-2139871995-839522115-1003..\Run: [gStart] C:\Program Files\Garmin\Training Center\gStart.exe (GARMIN Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-2139871995-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-2139871995-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-776561741-2139871995-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-776561741-2139871995-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-776561741-2139871995-839522115-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343309754671 (MUWebControl Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A16ADABD-6925-4AD4-9A77-DF1854311182}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/31 22:08:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/31 20:01:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2012/10/30 20:49:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\owner\Desktop\aswMBR.exe
[2012/10/28 22:49:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\owner\Recent
[2012/10/28 22:49:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/10/28 22:02:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/10/28 21:54:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/10/28 21:53:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/28 21:53:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/28 21:53:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/28 21:53:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/28 21:52:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/28 21:52:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\owner\Start Menu\Programs\Administrative Tools
[2012/10/28 21:52:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/10/28 21:52:00 | 004,989,309 | R--- | C] (Swearware) -- C:\Documents and Settings\owner\Desktop\ComboFix.exe
[2012/10/19 16:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2012/10/19 16:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\IObit
[2012/10/19 16:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/10/18 22:16:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\owner\IECompatCache
[2012/10/18 20:27:29 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2012/10/18 20:27:29 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2012/10/18 20:27:29 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2012/10/18 20:27:29 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2012/10/18 20:27:29 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2012/10/18 20:27:28 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2012/10/18 20:27:28 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2012/10/18 20:27:28 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2012/10/18 20:27:27 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2012/10/18 20:27:27 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2012/10/18 20:27:26 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2012/10/18 20:27:26 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2012/10/18 20:27:26 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2012/10/18 20:27:25 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2012/10/18 20:27:25 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2012/10/18 20:27:24 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2012/10/18 20:27:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2012/10/18 20:27:24 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2012/10/18 20:27:23 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2012/10/18 20:27:23 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2012/10/18 20:27:23 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2012/10/18 20:27:23 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2012/10/18 20:27:22 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2012/10/18 20:27:22 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2012/10/18 20:27:22 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2012/10/18 20:27:22 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2012/10/18 20:27:21 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2012/10/18 20:27:21 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2012/10/18 20:27:21 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2012/10/18 20:27:21 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2012/10/18 20:27:21 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2012/10/18 20:27:20 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2012/10/18 20:27:20 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2012/10/18 20:27:20 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2012/10/18 20:27:20 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2012/10/18 20:27:19 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2012/10/18 20:27:19 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2012/10/18 20:27:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2012/10/18 20:27:19 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2012/10/18 20:27:18 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2012/10/18 20:27:18 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2012/10/18 20:27:18 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2012/10/18 20:27:18 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2012/10/18 20:27:17 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2012/10/18 20:27:17 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2012/10/18 20:27:17 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2012/10/18 20:27:16 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2012/10/18 20:27:16 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2012/10/18 20:27:16 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2012/10/18 20:27:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2012/10/18 20:27:16 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2012/10/18 20:27:15 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2012/10/18 20:27:15 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2012/10/18 20:27:15 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2012/10/18 20:27:15 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2012/10/18 20:27:14 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2012/10/18 20:27:14 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2012/10/18 20:27:13 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2012/10/18 20:27:13 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2012/10/18 20:27:13 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2012/10/18 20:27:13 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2012/10/18 20:27:13 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2012/10/18 20:27:12 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2012/10/18 20:27:12 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2012/10/18 20:27:12 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2012/10/18 20:27:12 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2012/10/18 20:27:11 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2012/10/18 20:27:11 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2012/10/18 20:27:11 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2012/10/18 20:27:11 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2012/10/18 20:27:10 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2012/10/18 20:27:10 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2012/10/18 20:27:09 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2012/10/18 20:27:09 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2012/10/18 20:27:09 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2012/10/18 20:27:09 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2012/10/18 20:27:08 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2012/10/18 20:27:08 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2012/10/18 20:27:08 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2012/10/18 20:27:08 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2012/10/18 20:27:07 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2012/10/18 20:27:05 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2012/10/18 20:27:05 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2012/10/18 20:27:05 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2012/10/18 20:27:05 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2012/10/18 20:27:04 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2012/10/18 20:27:04 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2012/10/18 20:27:04 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2012/10/18 20:27:04 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2012/10/18 20:27:03 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2012/10/18 20:27:03 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2012/10/18 20:25:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2012/10/18 20:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Battlezone 1.5
[2012/10/18 20:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/10/18 20:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/10/18 20:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Yahoo!
[2012/10/05 19:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\xterra
[2012/10/05 19:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\Downloads
[2012/10/05 07:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Mozilla
[2012/10/05 07:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Mozilla
[2012/10/05 07:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/10/05 07:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/10/05 07:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/31 20:01:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2012/10/31 19:50:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/31 17:47:34 | 099,046,039 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/10/30 21:12:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\MBR.dat
[2012/10/30 20:49:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\owner\Desktop\aswMBR.exe
[2012/10/30 20:48:22 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B83F3855-FAC0-491F-AFB8-0C931EDE0192}.job
[2012/10/30 20:48:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/30 20:47:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/28 22:50:21 | 000,009,698 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\cc_20121028_225016.reg
[2012/10/28 22:00:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/28 21:54:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/10/28 20:28:00 | 004,989,309 | R--- | M] (Swearware) -- C:\Documents and Settings\owner\Desktop\ComboFix.exe
[2012/10/08 17:50:10 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/08 17:50:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/05 07:06:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/05 07:06:43 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/30 21:12:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\MBR.dat
[2012/10/28 22:50:19 | 000,009,698 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\cc_20121028_225016.reg
[2012/10/28 21:54:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/10/28 21:54:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/10/28 21:53:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/28 21:53:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/28 21:53:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/28 21:53:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/28 21:53:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/05 19:24:49 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/05 07:06:43 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/05 07:06:43 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/08/13 12:41:41 | 000,249,182 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-776561741-2139871995-839522115-1003-0.dat
[2012/08/13 12:41:40 | 000,083,246 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/06/17 09:00:32 | 000,013,132 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/06/11 22:42:23 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2012/06/11 22:41:19 | 000,000,734 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2012/06/11 22:39:39 | 000,110,390 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2012/06/11 22:39:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2012/06/11 22:39:28 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2012/06/09 15:38:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/06/09 00:41:48 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/01 16:56:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/01 16:48:28 | 000,034,814 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\dt.dat
[2012/05/31 22:35:31 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/05/31 22:35:08 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2012/05/31 22:35:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2012/05/31 22:10:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/05/31 22:05:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/05/31 16:56:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/05/31 16:54:53 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/08/12 15:09:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/02/28 13:50:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:17 PM

Posted 31 October 2012 - 08:40 PM

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\owner\LOCALS~1\Temp\VFWDLF.exe -- (VFWDLF)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-776561741-2139871995-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
    O3 - HKU\S-1-5-21-776561741-2139871995-839522115-1003\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
    O18 - Protocol\Handler\mhtml - No CLSID value found
    
    :commands
    [EmptyTemp]
    [Reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Please then run ESET's online scan

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#9 msmithr99

msmithr99
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 31 October 2012 - 09:26 PM

otl end log

All processes killed
========== OTL ==========
Service VFWDLF stopped successfully!
Service VFWDLF deleted successfully!
File C:\DOCUME~1\owner\LOCALS~1\Temp\VFWDLF.exe not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service bvrp_pci stopped successfully!
Service bvrp_pci deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-776561741-2139871995-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ not found.
Registry value HKEY_USERS\S-1-5-21-776561741-2139871995-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mhtml\ deleted successfully.
File Protocol\Handler\mhtml - No CLSID value found not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Flash cache emptied: 43 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: owner
->Temp folder emptied: 70810658 bytes
->Temporary Internet Files folder emptied: 69139644 bytes
->FireFox cache emptied: 66723453 bytes
->Flash cache emptied: 547 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 767 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 199.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10312012_204326

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


eset log

C:\Documents and Settings\owner\Desktop\gtk2121-setup.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{033119A4-F285-4D27-8B28-E41325F499DA}\RP102\A0017475.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{033119A4-F285-4D27-8B28-E41325F499DA}\RP105\A0017839.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{033119A4-F285-4D27-8B28-E41325F499DA}\RP105\A0017843.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:17 PM

Posted 01 November 2012 - 05:49 PM

That removes the lst of the malware.

Is there any change to the original symptoms after the clean up?
Posted Image
m0le is a proud member of UNITE

#11 msmithr99

msmithr99
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 01 November 2012 - 10:26 PM

symptoms continue as before "Can open run programs as long as I right click the icon and choose open. Also, the quick start menu bar was deselected."

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:17 PM

Posted 02 November 2012 - 08:21 PM

Please download and run this script. It should restore any changes the malware made

http://download.bleepingcomputer.com/grinler/fakehdd/winxp-pro-32bit-sm-reset.exe

Then please run Windows Repair

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Posted Image



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Posted Image


Go to Step 4 and under "System Restore" click on Create button:

Posted Image


Go to Start Repairs tab and click Start button.

Posted Image


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Posted Image

Click on box next to the Restart System when Finished. Then click on Start.


Let me know how that goes
Posted Image
m0le is a proud member of UNITE

#13 msmithr99

msmithr99
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 02 November 2012 - 10:01 PM

getting an error trying to install windows repair all in one "could not create uninstall shortcut:c:\documents and settings\
all users\start menu\programs\tweaking.com\windows repair (all in one)\uninstall tweaking.com - windows repair (all in one).ink" and the install does not continue.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:17 PM

Posted 03 November 2012 - 04:21 PM

This may be due to the default settings being set in the first link. You can remove the shortcut change

Visit this site, read the first part and then download, unzip and run number 9: To Remove or Restore "Shortcut"

Steps 11 to 16 explain the last part. In step 12 choose the remove reg file.
Posted Image
m0le is a proud member of UNITE

#15 msmithr99

msmithr99
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 04 November 2012 - 08:58 AM

Looks like this site is for windows 7, I am running xp. I still downloaded and ran the number 9. Does this work for xp machine as well?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users