1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Adware: browser hijack + unable to start most programs

Discussion in 'Virus & Other Malware Removal' started by mgoblue22, Jul 18, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. mgoblue22

    mgoblue22 Thread Starter

    Joined:
    Sep 8, 2009
    Messages:
    40
    Hi, my friend downloaded a virus onto my computer. The name of the offensive program is "Antivir Solution Pro." It currently has a couple pop-up window opens and has a fake windows security alert. I am unable to use IE (hijacked) or chrome (can't open). Thank goodness for FireFox.

    When I realized what had happened, I restarted in safe mode and ran malware bytes then HJT. I posted my logs below, MWB first. Please let me know next steps including whether they should/ can be done in safe mode since everything I try to open (inlcuding the notepad just now) has a pop-up saying that the software is infected and asks if I want to run the AV software.

    Thanks!

    MALWAREBYTES:

    Malwarebytes' Anti-Malware 1.41
    Database version: 2974
    Windows 5.1.2600 Service Pack 3 (Safe Mode)

    7/17/2010 04:41:28 PM
    mbam-log-2010-07-17 (16-41-28).txt

    Scan type: Quick Scan
    Objects scanned: 126221
    Time elapsed: 9 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Downloader) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\mrnxsawceo.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.
    HiJack This:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 04:45:38 PM, on 7/17/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
    O2 - BHO: Street-Ads Browser Enhancer zajip - {2268B3BC-0738-4E9A-B412-C2EE2713AB62} - C:\WINDOWS\system32\zajip.dll
    O2 - BHO: Sky-Banners Browser Enhancer dajip - {3C431CF4-8E37-4694-9544-4F24A6C2CB7F} - C:\WINDOWS\system32\dajip.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.99\npchrome_frame.dll
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ewrgetuj] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\geurge.exe
    O4 - HKLM\..\Run: [sta] rundll32 "dajip.dll",,Run
    O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\qajip.exe
    O4 - HKLM\..\Run: [evwlbbbw] C:\Documents and Settings\Administrator\Local Settings\Application Data\mjoucesjj\qvawkhytssd.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [Xxobu] rundll32.exe "C:\WINDOWS\smodgsp.dll",Startup
    O4 - HKCU\..\Run: [evwlbbbw] C:\Documents and Settings\Administrator\Local Settings\Application Data\mjoucesjj\qvawkhytssd.exe
    O4 - HKCU\..\Run: [JDK5SWFMZY] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Bdb.exe
    O4 - Global Startup: Acrobat Assistant.lnk.disabled
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/32.67/uploader2.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1188777044902
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.99\npchrome_frame.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/html - {ba4116be-1a9e-4451-843c-4b97a88bf3fe} - C:\WINDOWS\msvideo.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --

    End of file - 9475 bytes
     
  2. mgoblue22

    mgoblue22 Thread Starter

    Joined:
    Sep 8, 2009
    Messages:
    40
    Task manager, regedit, msconfig all disabled.. computer very laggy. please help soon - not sure how long firefox will last! :(
     
  3. SweetTech

    SweetTech Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Hello,

    My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

    If you have already received help elsewhere please inform me so that this topic can be closed.

    If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

    • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
    • Please make sure to carefully read any instruction that I give you.
      Reading too lightly will cause you to miss important steps, which could have destructive effects.
    • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
    • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
    • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
    • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
    • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
    • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
      Because of this, you must reply within three days
      failure to reply will result in the topic being closed!
    • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message on here. ;)
    • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
      Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
    ____________________________________________________


    OTL Custom Scan
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      drivers32 /all
      %SYSTEMDRIVE%\*.*
      %systemroot%\system32\*.wt
      %systemroot%\system32\*.ruy
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
      %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\user32.dll /md5
      %systemroot%\system32\ws2_32.dll /md5
      %systemroot%\system32\ws2help.dll /md5
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.


    NEXT:



    Scanning with GMER

    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

      [​IMG]
    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
    -- If you encounter any problems, try running GMER in safe mode.
    -- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
    .



    NEXT:



    Please make sure you include the following items in your next post:
    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
    2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
    3. The log that was produced after running GMER
    4. An update on how your computer is currently running.
    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
     
  4. mgoblue22

    mgoblue22 Thread Starter

    Joined:
    Sep 8, 2009
    Messages:
    40
    SweetTech, thank you for your response! I've downloaded both programs and saved the files to my desktop. I can't run OTL as is due to the virus - it says the file is infected. Is it okay to run in safe mode? Just want to make sure before I get started. Thanks again for your help!
     
  5. SweetTech

    SweetTech Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Yep, that is okay.
     
  6. mgoblue22

    mgoblue22 Thread Starter

    Joined:
    Sep 8, 2009
    Messages:
    40
  7. mgoblue22

    mgoblue22 Thread Starter

    Joined:
    Sep 8, 2009
    Messages:
    40
    Hi SweetTech, thanks for the quick reply! I followed your steps and posted my logs below. They are in three posts since I am having trouble posting the reply.. Thanks again, I really appreciate your help and time. I'll look forward to hearing next steps.

    1. No questions currently.


    2. OTL Logs are as follows; posed in two posts

    OTL.Txt:

    OTL logfile created on: 7/18/2010 05:13:25 PM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,006.00 Mb Total Physical Memory | 760.00 Mb Available Physical Memory | 75.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 18.34 Gb Free Space | 24.61% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: CLUB-GWENDOLINE
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: SafeMode
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Google\Chrome Frame\Application\chrome.exe (Google Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
    SRV - (6to4) -- C:\WINDOWS\System32\6to4v32.dll File not found
    SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (WLANKEEPER) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
    SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
    SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
    SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (UIUSys) -- C:\WINDOWS\System32\drivers\UIUSys.sys File not found
    DRV - (RimUsb) -- C:\WINDOWS\System32\Drivers\RimUsb.sys File not found
    DRV - (PalmUSBD) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys File not found
    DRV - (HTCAND32) -- C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys File not found
    DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
    DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
    DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
    DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
    DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
    DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
    DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
    DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
    DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
    DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
    DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
    DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
    DRV - (IWCA) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation)
    DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (tifm) -- C:\WINDOWS\system32\drivers\tifm.sys (Texas Instruments)
    DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI)
    DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI)
    DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI)
    DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)
    DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Dictionary.com"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}:2.026
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 44
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
    FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.5
    FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.0.0.0
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/07 20:14:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 21:37:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/12 18:29:24 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/12 18:29:24 | 000,000,000 | ---D | M]

    [2008/09/02 19:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2010/07/17 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\extensions
    [2008/11/29 01:46:22 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2009/09/07 15:30:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2008/07/30 01:24:15 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2008/09/02 19:06:48 | 000,000,000 | ---D | M] (Abduction!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
    [2009/09/17 08:44:23 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2008/05/26 18:50:05 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\searchplugins\dictionary.xml
    [2008/06/20 21:54:25 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\searchplugins\IMDB.xml
    [2010/07/11 23:18:04 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\searchplugins\weather.xml
    [2008/06/20 21:54:25 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\searchplugins\wikipedia.xml
    [2010/07/17 21:13:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/26 21:52:57 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    [2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
    [2005/04/27 18:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

    O1 HOSTS File: ([2009/10/17 03:38:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (moigh Object) - {2268B3BC-0738-4E9A-B412-C2EE2713AB62} - C:\WINDOWS\system32\zajip.dll ()
    O2 - BHO: (adShotHlpr Object) - {3C431CF4-8E37-4694-9544-4F24A6C2CB7F} - C:\WINDOWS\system32\dajip.dll ()
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.99\npchrome_frame.dll (Google Inc.)
    O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [evwlbbbw] C:\Documents and Settings\Administrator\Local Settings\Application Data\mjoucesjj\qvawkhytssd.exe (Iuqizb Mowfpzwr)
    O4 - HKLM..\Run: [ewrgetuj] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\geurge.exe File not found
    O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\qajip.exe ()
    O4 - HKLM..\Run: [sta] C:\WINDOWS\System32\dajip.dll ()
    O4 - HKCU..\Run: [evwlbbbw] C:\Documents and Settings\Administrator\Local Settings\Application Data\mjoucesjj\qvawkhytssd.exe (Iuqizb Mowfpzwr)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [JDK5SWFMZY] C:\Documents and Settings\Administrator\Local Settings\Temp\Bdb.exe (Electronic Arts)
    O4 - HKCU..\Run: [Xxobu] C:\WINDOWS\smodgsp.DLL (CyberLink Corp.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk.disabled ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk.disabled ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
    O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/32.67/uploader2.cab (UploadListView Class)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1188777044902 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.182.32.35 65.182.32.146
    O18 - Protocol\Handler\cf - No CLSID value found
    O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.99\npchrome_frame.dll (Google Inc.)
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/01/27 11:42:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - C:\WINDOWS\System32\6to4v32.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Error starting restore point: The function was called in safe mode.
    Error closing restore point: The sequence number is invalid.

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/07/18 16:15:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/07/17 17:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2010/07/17 17:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/07/17 17:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/07/17 16:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sky-Banners
    [2010/07/17 16:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Street-Ads
    [2010/07/17 16:11:57 | 000,195,072 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Bvugya.exe
    [2010/07/17 16:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\mjoucesjj
    [2010/07/16 09:40:07 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/07/13 23:23:38 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
    [2010/07/08 19:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Shared
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/07/18 17:10:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/07/18 17:08:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/07/18 17:06:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/07/18 17:06:02 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
    [2010/07/18 17:06:01 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
    [2010/07/18 16:55:07 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\c0f65kxt.exe
    [2010/07/18 16:54:03 | 000,104,181 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\936487-adware-browser-hijack-unable-start.html
    [2010/07/18 16:49:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-113007714-1343024091-500UA.job
    [2010/07/18 16:46:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/07/18 16:22:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
    [2010/07/18 16:20:26 | 000,002,811 | ---- | M] () -- C:\WINDOWS\amufecujofuloh.dll
    [2010/07/18 16:15:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/07/18 14:17:25 | 000,002,811 | ---- | M] () -- C:\WINDOWS\iwazewuj.dll
    [2010/07/18 12:24:33 | 062,124,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/07/18 12:15:25 | 000,002,811 | ---- | M] () -- C:\WINDOWS\ucikevasuqeruzo.dll
    [2010/07/18 10:13:25 | 000,002,811 | ---- | M] () -- C:\WINDOWS\ejexabibid.dll
    [2010/07/18 08:10:23 | 000,002,811 | ---- | M] () -- C:\WINDOWS\emivoqububukuk.dll
    [2010/07/18 06:08:23 | 000,002,811 | ---- | M] () -- C:\WINDOWS\uyezagovag.dll
    [2010/07/18 04:06:24 | 000,002,811 | ---- | M] () -- C:\WINDOWS\egasucefuheli.dll
    [2010/07/18 03:55:05 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\syssvc.exe
    [2010/07/18 02:04:23 | 000,002,811 | ---- | M] () -- C:\WINDOWS\ohifolif.dll
    [2010/07/18 00:01:18 | 000,002,811 | ---- | M] () -- C:\WINDOWS\uyusuloroma.dll
    [2010/07/17 22:49:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-113007714-1343024091-500Core.job
    [2010/07/17 21:59:18 | 000,002,811 | ---- | M] () -- C:\WINDOWS\efeboyorad.dll
    [2010/07/17 19:57:17 | 000,002,811 | ---- | M] () -- C:\WINDOWS\axiyaxuk.dll
    [2010/07/17 19:47:02 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2010/07/17 17:55:18 | 000,002,811 | ---- | M] () -- C:\WINDOWS\iqarewerilup.dll
    [2010/07/17 17:54:07 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
    [2010/07/17 17:54:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/07/17 16:56:43 | 000,002,811 | ---- | M] () -- C:\WINDOWS\oxufojufane.dll
    [2010/07/17 16:28:00 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/17 16:17:34 | 700,924,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Exchange Backup.pst
    [2010/07/17 16:11:43 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
    [2010/07/17 16:11:36 | 000,195,072 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Bvugya.exe
    [2010/07/17 14:57:20 | 000,022,812 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UM resume June.docx
    [2010/07/17 14:48:41 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$ resume June.docx
    [2010/07/16 09:40:12 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/07/16 09:40:07 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/07/16 09:39:14 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2010/07/14 21:02:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/07/13 21:40:18 | 000,246,272 | ---- | M] () -- C:\WINDOWS\System32\zajip.dll
    [2010/07/13 21:40:02 | 000,294,912 | ---- | M] () -- C:\WINDOWS\System32\dajip.dll
    [2010/07/13 20:43:22 | 000,040,581 | ---- | M] () -- C:\WINDOWS\System32\qajip.exe
    [2010/07/11 21:23:29 | 000,020,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Chalam CL May10(2).docx
    [2010/07/11 21:21:07 | 000,011,773 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\info.docx
    [2010/07/03 20:59:45 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iTunes.lnk
    [2010/07/03 13:38:50 | 000,144,909 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Impact-of-Reimbursement-Changes-for-ESAs_Poster.pdf
    [2010/07/02 14:57:56 | 000,057,588 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/06/24 03:07:09 | 000,534,968 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/24 03:07:09 | 000,465,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/24 03:07:09 | 000,079,302 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/18 19:53:33 | 000,017,129 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CL both.docx
    [2010/06/18 19:49:13 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$alam CL May10.docx
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/07/18 16:55:05 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\c0f65kxt.exe
    [2010/07/18 16:54:02 | 000,104,181 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\936487-adware-browser-hijack-unable-start.html
    [2010/07/18 16:20:26 | 000,002,811 | ---- | C] () -- C:\WINDOWS\amufecujofuloh.dll
    [2010/07/18 14:17:25 | 000,002,811 | ---- | C] () -- C:\WINDOWS\iwazewuj.dll
    [2010/07/18 12:15:25 | 000,002,811 | ---- | C] () -- C:\WINDOWS\ucikevasuqeruzo.dll
    [2010/07/18 10:13:25 | 000,002,811 | ---- | C] () -- C:\WINDOWS\ejexabibid.dll
    [2010/07/18 08:10:23 | 000,002,811 | ---- | C] () -- C:\WINDOWS\emivoqububukuk.dll
    [2010/07/18 06:08:23 | 000,002,811 | ---- | C] () -- C:\WINDOWS\uyezagovag.dll
    [2010/07/18 04:06:23 | 000,002,811 | ---- | C] () -- C:\WINDOWS\egasucefuheli.dll
    [2010/07/18 03:55:05 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\syssvc.exe
    [2010/07/18 02:04:22 | 000,002,811 | ---- | C] () -- C:\WINDOWS\ohifolif.dll
    [2010/07/18 00:01:17 | 000,002,811 | ---- | C] () -- C:\WINDOWS\uyusuloroma.dll
    [2010/07/17 21:59:17 | 000,002,811 | ---- | C] () -- C:\WINDOWS\efeboyorad.dll
    [2010/07/17 19:57:17 | 000,002,811 | ---- | C] () -- C:\WINDOWS\axiyaxuk.dll
    [2010/07/17 17:55:18 | 000,002,811 | ---- | C] () -- C:\WINDOWS\iqarewerilup.dll
    [2010/07/17 16:56:43 | 000,002,811 | ---- | C] () -- C:\WINDOWS\oxufojufane.dll
    [2010/07/17 16:12:17 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
    [2010/07/17 16:11:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2010/07/17 16:11:40 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
    [2010/07/17 14:48:41 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$ resume June.docx
    [2010/07/13 21:40:18 | 000,246,272 | ---- | C] () -- C:\WINDOWS\System32\zajip.dll
    [2010/07/13 21:40:02 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dajip.dll
    [2010/07/13 20:43:22 | 000,040,581 | ---- | C] () -- C:\WINDOWS\System32\qajip.exe
    [2010/07/11 21:23:47 | 000,022,812 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\UM resume June.docx
    [2010/07/11 21:23:28 | 000,020,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Chalam CL May10(2).docx
    [2010/07/11 21:21:05 | 000,011,773 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\info.docx
    [2010/07/03 20:59:45 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iTunes.lnk
    [2010/07/03 13:38:50 | 000,144,909 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Impact-of-Reimbursement-Changes-for-ESAs_Poster.pdf
    [2010/07/02 14:57:56 | 000,057,588 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/06/18 19:53:35 | 000,017,129 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CL both.docx
    [2010/06/18 19:49:13 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$alam CL May10.docx
    [2010/01/08 16:34:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
    [2009/08/20 18:26:57 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
    [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2008/11/19 15:25:09 | 000,000,043 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/07/28 23:41:57 | 000,002,797 | ---- | C] () -- C:\WINDOWS\TLMPRO.INI
    [2008/07/28 23:41:55 | 000,001,002 | ---- | C] () -- C:\WINDOWS\SSCE.INI
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/05/06 11:57:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
    [2006/11/30 10:36:32 | 000,001,760 | ---- | C] () -- C:\WINDOWS\krb5.ini
    [2006/11/05 22:09:09 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2006/08/13 21:54:19 | 000,000,998 | ---- | C] () -- C:\WINDOWS\opera.ini
    [2006/01/28 15:28:42 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
    [2006/01/27 14:31:12 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2006/01/27 14:31:11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2006/01/27 13:56:06 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
    [2006/01/27 12:39:48 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
    [2006/01/27 12:39:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
    [2006/01/27 11:59:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/05/23 14:57:22 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\krb524.dll
    [2004/07/09 10:31:18 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
    [2003/02/19 16:20:16 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
    [2002/04/16 11:14:42 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
    [2002/04/16 11:14:00 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll
    [2002/04/16 11:14:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
    [2001/08/23 08:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL

    ========== LOP Check ==========

    [2010/07/17 16:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
    [2008/03/13 13:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent DNA
    [2007/11/18 21:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ContentGuard
    [2006/11/05 21:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\COWON
    [2006/12/17 15:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Cyrusoft
    [2007/05/05 01:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HotSync
    [2009/01/21 16:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IIBD
    [2006/01/27 12:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
    [2007/01/02 02:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
    [2007/09/28 10:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
    [2008/07/28 23:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Progeny
    [2010/07/17 16:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sky-Banners
    [2007/10/08 13:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish
    [2010/07/17 16:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Street-Ads
    [2009/07/12 00:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SuperNZB
    [2010/01/08 16:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Teleca
    [2009/07/23 16:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
    [2008/09/14 18:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
    [2008/09/21 19:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
    [2009/11/30 02:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/08/20 18:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
    [2007/05/05 01:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
    [2008/11/09 20:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LocalCache
    [2009/08/21 19:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
    [2009/03/11 12:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/02/07 11:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/07/17 17:54:07 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
    [2010/07/17 19:47:02 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2010/07/18 16:22:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/05/05 01:29:33 | 000,003,283 | ---- | M] () -- C:\additdiag.txt
    [2006/01/27 11:42:23 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/07/30 11:56:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/03/09 18:44:35 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2006/01/27 11:42:23 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/01/27 11:42:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2006/01/27 11:42:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/03/11 12:43:00 | 000,001,098 | ---- | M] () -- C:\net_save.dna
    [2006/01/27 15:29:24 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/28 17:42:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/07/16 11:27:20 | 000,003,515 | ---- | M] () -- C:\output.log
    [2010/07/18 17:07:57 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys
    [2007/01/20 12:11:35 | 000,000,516 | ---- | M] () -- C:\Settings.ini
    [2010/07/17 16:11:43 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/01/27 11:42:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2007/06/29 12:14:00 | 000,045,568 | ---- | M] (Xerox Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\xpdpp.dll
    [2007/06/29 12:14:00 | 000,006,144 | ---- | M] (Xerox Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\xpdprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2006/12/14 19:17:10 | 000,001,618 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2006/01/27 06:23:21 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/01/27 06:23:21 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/01/27 06:23:21 | 000,401,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
    [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
    [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
    [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
    < End of report >
     
  8. mgoblue22

    mgoblue22 Thread Starter

    Joined:
    Sep 8, 2009
    Messages:
    40
    Extras.Txt

    OTL Extras logfile created on: 7/18/2010 05:13:25 PM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,006.00 Mb Total Physical Memory | 760.00 Mb Available Physical Memory | 75.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 18.34 Gb Free Space | 24.61% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: CLUB-GWENDOLINE
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: SafeMode
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent_DNA\dna.exe" = C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA -- ()
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
    "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
    "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{1485ABFA-12D7-4107-9148-54EE30CDBA67}" = Samsung USB Driver (MCCI 4.16)
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
    "{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
    "{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
    "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
    "{31228E31-2BFF-11D2-8866-00805F0D9D40}" = QPST
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
    "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
    "{6F30B469-5ED7-4734-8252-B9BC962A2AB3}" = PCIxx20
    "{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7CD7A451-7224-49C8-95EF-9A1859C66607}" = mZConfig
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
    "{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
    "{AD2A8CEE-72AA-4FFC-82AD-F305AECE1749}" = RSB Virtual Lab Client
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype&#8482; 4.2
    "{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{F6BA4000-C659-4C49-98E1-1D2E9D57C808}" = DecisionTools Suite 5.0, Industrial Edition
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FD7F028C-497B-4786-BB55-E419331F7001}" = Kerberos Authentication
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "AudibleDownloadManager" = Audible Download Manager
    "AVG9Uninstall" = AVG Free 9.0
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "Focus MP3 Recorder Pro_is1" = Focus MP3 Recorder Pro 3.1.1
    "Google Chrome Frame" = Google Chrome Frame
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{1485ABFA-12D7-4107-9148-54EE30CDBA67}" = Samsung USB Driver (MCCI 4.16)
    "InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
    "InstallShield_{6F30B469-5ED7-4734-8252-B9BC962A2AB3}" = Texas Instruments PCIxx20 drivers.
    "InstallShield_{FD7F028C-497B-4786-BB55-E419331F7001}" = Kerberos Authentication
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSN Music Assistant" = MSN Music Assistant
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PDF-XChange 3_is1" = PDF-XChange 3.5
    "Picasa 3" = Picasa 3
    "ProInst" = Intel(R) PROSet/Wireless Software
    "SuperNZB_is1" = SuperNZB v3.2.1
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "WMS" = Windows NT Messaging
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Zinio Reader" = Zinio Reader

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "a599b6183875182d" = Album Downloader
    "BitTorrent" = BitTorrent
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 7/17/2010 09:58:31 PM | Computer Name = CLUB-GWENDOLINE | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/17/2010 09:58:31 PM | Computer Name = CLUB-GWENDOLINE | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/17/2010 09:58:31 PM | Computer Name = CLUB-GWENDOLINE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 7/17/2010 09:58:32 PM | Computer Name = CLUB-GWENDOLINE | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/17/2010 09:58:32 PM | Computer Name = CLUB-GWENDOLINE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 7/18/2010 08:46:14 AM | Computer Name = CLUB-GWENDOLINE | Source = Google Update | ID = 20
    Description =

    Error - 7/18/2010 09:46:14 AM | Computer Name = CLUB-GWENDOLINE | Source = Google Update | ID = 20
    Description =

    Error - 7/18/2010 10:46:14 AM | Computer Name = CLUB-GWENDOLINE | Source = Google Update | ID = 20
    Description =

    Error - 7/18/2010 11:46:14 AM | Computer Name = CLUB-GWENDOLINE | Source = Google Update | ID = 20
    Description =

    Error - 7/18/2010 05:13:41 PM | Computer Name = CLUB-GWENDOLINE | Source = Application Error | ID = 1000
    Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
    chrome.dll, version 5.0.375.99, fault address 0x0039cd07.

    [ OSession Events ]
    Error - 11/18/2008 05:28:34 PM | Computer Name = CLUB-GWENDOLINE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 3866
    seconds with 3060 seconds of active time. This session ended with a crash.

    Error - 12/5/2008 10:12:02 AM | Computer Name = CLUB-GWENDOLINE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 158905
    seconds with 10500 seconds of active time. This session ended with a crash.

    Error - 12/20/2008 06:14:30 PM | Computer Name = CLUB-GWENDOLINE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 182
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 5/12/2009 09:42:38 PM | Computer Name = CLUB-GWENDOLINE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 376932
    seconds with 8340 seconds of active time. This session ended with a crash.

    Error - 5/22/2009 03:58:38 PM | Computer Name = CLUB-GWENDOLINE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 366564
    seconds with 18360 seconds of active time. This session ended with a crash.

    Error - 5/22/2009 04:47:34 PM | Computer Name = CLUB-GWENDOLINE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2917
    seconds with 360 seconds of active time. This session ended with a crash.

    Error - 5/22/2009 04:49:17 PM | Computer Name = CLUB-GWENDOLINE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 71
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 6/7/2009 08:37:45 PM | Computer Name = CLUB-GWENDOLINE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 891150
    seconds with 27240 seconds of active time. This session ended with a crash.

    Error - 6/10/2009 09:01:03 PM | Computer Name = CLUB-GWENDOLINE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 35505
    seconds with 780 seconds of active time. This session ended with a crash.

    Error - 6/12/2009 01:54:32 PM | Computer Name = CLUB-GWENDOLINE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 94967
    seconds with 180 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 7/18/2010 04:23:35 AM | Computer Name = CLUB-GWENDOLINE | Source = DCOM | ID = 10010
    Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
    with DCOM within the required timeout.

    Error - 7/18/2010 04:34:06 AM | Computer Name = CLUB-GWENDOLINE | Source = DCOM | ID = 10010
    Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
    with DCOM within the required timeout.

    Error - 7/18/2010 04:44:38 AM | Computer Name = CLUB-GWENDOLINE | Source = DCOM | ID = 10010
    Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
    with DCOM within the required timeout.

    Error - 7/18/2010 04:55:09 AM | Computer Name = CLUB-GWENDOLINE | Source = DCOM | ID = 10010
    Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
    with DCOM within the required timeout.

    Error - 7/18/2010 04:57:18 AM | Computer Name = CLUB-GWENDOLINE | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the Interface
    with IP address 10.5.50.82. The machine with the IP address 10.5.50.71 did not allow
    the name to be claimed by this machine.

    Error - 7/18/2010 05:05:41 AM | Computer Name = CLUB-GWENDOLINE | Source = DCOM | ID = 10010
    Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
    with DCOM within the required timeout.

    Error - 7/18/2010 05:16:14 AM | Computer Name = CLUB-GWENDOLINE | Source = DCOM | ID = 10010
    Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
    with DCOM within the required timeout.

    Error - 7/18/2010 05:26:45 AM | Computer Name = CLUB-GWENDOLINE | Source = DCOM | ID = 10010
    Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
    with DCOM within the required timeout.

    Error - 7/18/2010 05:37:16 AM | Computer Name = CLUB-GWENDOLINE | Source = DCOM | ID = 10010
    Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
    with DCOM within the required timeout.

    Error - 7/18/2010 12:29:37 PM | Computer Name = CLUB-GWENDOLINE | Source = DCOM | ID = 10010
    Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
    with DCOM within the required timeout.


    < End of report >
     
  9. mgoblue22

    mgoblue22 Thread Starter

    Joined:
    Sep 8, 2009
    Messages:
    40
    3. gmer.log

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-07-18 22:10:30
    Windows 5.1.2600 Service Pack 3
    Running: c0f65kxt.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfeyifoc.sys

    ---- Kernel code sections - GMER 1.0.15 ----
    .rsrc C:\WINDOWS\system32\drivers\ACPIEC.sys entry point in ".rsrc" section [0xF7C91194]
    ---- User code sections - GMER 1.0.15 ----
    .text C:\WINDOWS\system32\svchost.exe[596] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
    .text C:\WINDOWS\system32\svchost.exe[596] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
    .text C:\WINDOWS\system32\svchost.exe[596] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
    .text C:\WINDOWS\system32\svchost.exe[596] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A
    .text C:\WINDOWS\system32\svchost.exe[596] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0097000A
    .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
    .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
    .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    Device -> \Driver\atapi \Device\Harddisk0\DR0 86ED3EC5
    ---- Files - GMER 1.0.15 ----
    File C:\WINDOWS\system32\drivers\ACPIEC.sys suspicious modification
    File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
    ---- EOF - GMER 1.0.15 ----

    4. Computer Status
    "Anitvir" popups still on screen. Still can't open most software except for IE which is still hijacked. I can't use the Run command. Firefox had been working smoothly until last night - I posted part #1 of the OTL log easily, and then I wasn't able to post the rest but was instead redirected to a site saying that my connection wasn't working. Also, I couldn't open the gmer.log at all (I opened the OTL ones with Firefox and copied and pasted; this wouldnt' work with the gmer.log).
     
  10. SweetTech

    SweetTech Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Hello,

    Lets see how things are working after doing the following:

    OTL Fix

    We need to run an OTL Fix
    1. Please reopen [​IMG] on your desktop.
    2. Copy and Paste the following code into the [​IMG] textbox. Do not include the word "Code"

      Code:
      :Services
      :OTL
      DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
      O2 - BHO: (moigh Object) - {2268B3BC-0738-4E9A-B412-C2EE2713AB62} - C:\WINDOWS\system32\zajip.dll ()
      O2 - BHO: (adShotHlpr Object) - {3C431CF4-8E37-4694-9544-4F24A6C2CB7F} - C:\WINDOWS\system32\dajip.dll ()
      O4 - HKLM..\Run: [evwlbbbw] C:\Documents and Settings\Administrator\Local Settings\Application Data\mjoucesjj\qvawkhytssd.exe (Iuqizb Mowfpzwr)
      O4 - HKLM..\Run: [ewrgetuj] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\geurge.exe File not found
      O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\qajip.exe ()
      O4 - HKLM..\Run: [sta] C:\WINDOWS\System32\dajip.dll ()
      O4 - HKCU..\Run: [evwlbbbw] C:\Documents and Settings\Administrator\Local Settings\Application Data\mjoucesjj\qvawkhytssd.exe (Iuqizb Mowfpzwr)
      O4 - HKCU..\Run: [JDK5SWFMZY] C:\Documents and Settings\Administrator\Local Settings\Temp\Bdb.exe (Electronic Arts)
      O4 - HKCU..\Run: [Xxobu] C:\WINDOWS\smodgsp.DLL (CyberLink Corp.)
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk.disabled ()
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk.disabled ()
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O18 - Protocol\Handler\cf - No CLSID value found
      [2010/07/17 16:11:57 | 000,195,072 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Bvugya.exe
      [2010/07/17 16:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\mjoucesjj
      [2010/07/18 16:22:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
      [2010/07/18 16:20:26 | 000,002,811 | ---- | M] () -- C:\WINDOWS\amufecujofuloh.dll
      [2010/07/18 14:17:25 | 000,002,811 | ---- | M] () -- C:\WINDOWS\iwazewuj.dll
      [2010/07/18 12:15:25 | 000,002,811 | ---- | M] () -- C:\WINDOWS\ucikevasuqeruzo.dll
      [2010/07/18 10:13:25 | 000,002,811 | ---- | M] () -- C:\WINDOWS\ejexabibid.dll
      [2010/07/18 08:10:23 | 000,002,811 | ---- | M] () -- C:\WINDOWS\emivoqububukuk.dll
      [2010/07/18 06:08:23 | 000,002,811 | ---- | M] () -- C:\WINDOWS\uyezagovag.dll
      [2010/07/18 04:06:24 | 000,002,811 | ---- | M] () -- C:\WINDOWS\egasucefuheli.dll
      [2010/07/18 03:55:05 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\syssvc.exe
      [2010/07/18 02:04:23 | 000,002,811 | ---- | M] () -- C:\WINDOWS\ohifolif.dll
      [2010/07/18 00:01:18 | 000,002,811 | ---- | M] () -- C:\WINDOWS\uyusuloroma.dll
      [2010/07/17 21:59:18 | 000,002,811 | ---- | M] () -- C:\WINDOWS\efeboyorad.dll
      [2010/07/17 19:57:17 | 000,002,811 | ---- | M] () -- C:\WINDOWS\axiyaxuk.dll
      [2010/07/17 19:47:02 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
      [2010/07/17 17:55:18 | 000,002,811 | ---- | M] () -- C:\WINDOWS\iqarewerilup.dll
      [2010/07/17 16:56:43 | 000,002,811 | ---- | M] () -- C:\WINDOWS\oxufojufane.dll
      [2010/07/17 16:11:43 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
      [2010/07/17 16:11:36 | 000,195,072 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Bvugya.exe
      [2010/07/13 21:40:18 | 000,246,272 | ---- | M] () -- C:\WINDOWS\System32\zajip.dll
      [2010/07/13 21:40:02 | 000,294,912 | ---- | M] () -- C:\WINDOWS\System32\dajip.dll
      [2010/07/13 20:43:22 | 000,040,581 | ---- | M] () -- C:\WINDOWS\System32\qajip.exe
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [EMPTYFLASH]
      [start explorer]
      [Reboot]
    3. Push [​IMG]
    4. OTL may ask to reboot the machine. Please do so if asked.
    5. Click [​IMG].
    6. A report will open. Copy and Paste that report in your next reply.
    7. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


    NEXT:



    Running TDSSKiller


    Please Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below.


    Download TDSSKiller from one of the links below:

    Zipped Version or Executable (Not Zipped) Version


    Note: If you download the TDSSKiller.zip version you will first need to unzip (extract) the file to your computer before running it.


    Please ensure that you save the TDSSKiller file to you desktop.


    If TDSSKiller asks you to close all programs please allow it to do so.


    If you see the following:
    To finalize removal of infection and avoid loosing of data program will reboot your PC now.
    Close all programs and choose Y to restart or N to continue.


    Please enter Y and allow TDSSKiller to reboot your computer.


    Once completed it will create a log in your C:\ drive. An example of a log file is: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.


    Please post the content of the TDSSKiller log.



    NEXT:



    Running ComboFix
    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
     
  11. mgoblue22

    mgoblue22 Thread Starter

    Joined:
    Sep 8, 2009
    Messages:
    40
    Hi SweetTech - I followed your instructions, and my logs are below. So far, it seems as if everything is running again. With the first restart, AVG's alert window popped up saying I had several trojans, but after that and with each subsequent restart, it didn't... which I hope is a good sign. I don't have any popups for Antivir, and I can open all programs and use the run menu! Thank you so much for getting my computer usable! I'll look forward to hearing next steps. Thanks again, g

    OTL:

    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found not found.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2268B3BC-0738-4E9A-B412-C2EE2713AB62}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2268B3BC-0738-4E9A-B412-C2EE2713AB62}\ deleted successfully.
    C:\WINDOWS\system32\zajip.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C431CF4-8E37-4694-9544-4F24A6C2CB7F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C431CF4-8E37-4694-9544-4F24A6C2CB7F}\ deleted successfully.
    C:\WINDOWS\system32\dajip.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\evwlbbbw deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Application Data\mjoucesjj\qvawkhytssd.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ewrgetuj deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MChk deleted successfully.
    C:\WINDOWS\system32\qajip.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sta deleted successfully.
    File C:\WINDOWS\System32\dajip.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\evwlbbbw deleted successfully.
    File C:\Documents and Settings\Administrator\Local Settings\Application Data\mjoucesjj\qvawkhytssd.exe not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JDK5SWFMZY deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\Bdb.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Xxobu deleted successfully.
    C:\WINDOWS\smodgsp.dll moved successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk.disabled moved successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk.disabled moved successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cf\ deleted successfully.
    File Protocol\Handler\cf - No CLSID value found not found.
    C:\WINDOWS\Bvugya.exe moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Application Data\mjoucesjj folder moved successfully.
    File C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job not found.
    C:\WINDOWS\amufecujofuloh.dll moved successfully.
    C:\WINDOWS\iwazewuj.dll moved successfully.
    C:\WINDOWS\ucikevasuqeruzo.dll moved successfully.
    C:\WINDOWS\ejexabibid.dll moved successfully.
    C:\WINDOWS\emivoqububukuk.dll moved successfully.
    C:\WINDOWS\uyezagovag.dll moved successfully.
    C:\WINDOWS\egasucefuheli.dll moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Application Data\syssvc.exe moved successfully.
    C:\WINDOWS\ohifolif.dll moved successfully.
    C:\WINDOWS\uyusuloroma.dll moved successfully.
    C:\WINDOWS\efeboyorad.dll moved successfully.
    C:\WINDOWS\axiyaxuk.dll moved successfully.
    C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
    C:\WINDOWS\iqarewerilup.dll moved successfully.
    C:\WINDOWS\oxufojufane.dll moved successfully.
    C:\zrpt.xml moved successfully.
    File C:\WINDOWS\Bvugya.exe not found.
    File C:\WINDOWS\System32\zajip.dll not found.
    File C:\WINDOWS\System32\dajip.dll not found.
    File C:\WINDOWS\System32\qajip.exe not found.
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 51905679 bytes
    ->Temporary Internet Files folder emptied: 31522142 bytes
    ->Java cache emptied: 34224303 bytes
    ->FireFox cache emptied: 46685670 bytes
    ->Google Chrome cache emptied: 126250518 bytes
    ->Flash cache emptied: 403679 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 24719324 bytes
    ->Flash cache emptied: 348 bytes

    User: Gwen
    ->Temp folder emptied: 2129510 bytes
    ->Temporary Internet Files folder emptied: 671900 bytes

    User: Gwendoline Chalam
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 5999322 bytes
    ->Flash cache emptied: 348 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 32969 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 13501444 bytes
    ->Java cache emptied: 13 bytes
    ->Flash cache emptied: 8947 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1138618 bytes
    %systemroot%\System32 .tmp files removed: 3890705 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 33531647 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 40760312 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 1771315 bytes

    Total Files Cleaned = 400.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Gwen

    User: Gwendoline Chalam
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.9.1 log created on 07192010_181626
    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF26B8.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF26ED.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2775.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2782.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF285B.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2868.tmp not found!
    Registry entries deleted on Reboot...


    TDSS:

    18:22:33:066 2852 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
    18:22:33:066 2852 ================================================================================
    18:22:33:066 2852 SystemInfo:
    18:22:33:066 2852 OS Version: 5.1.2600 ServicePack: 3.0
    18:22:33:066 2852 Product type: Workstation
    18:22:33:066 2852 ComputerName: CLUB-GWENDOLINE
    18:22:33:066 2852 UserName: Administrator
    18:22:33:066 2852 Windows directory: C:\WINDOWS
    18:22:33:066 2852 System windows directory: C:\WINDOWS
    18:22:33:066 2852 Processor architecture: Intel x86
    18:22:33:066 2852 Number of processors: 1
    18:22:33:066 2852 Page size: 0x1000
    18:22:33:066 2852 Boot type: Normal boot
    18:22:33:066 2852 ================================================================================
    18:22:34:879 2852 Initialize success
    18:22:34:879 2852
    18:22:34:879 2852 Scanning Services ...
    18:22:38:344 2852 Raw services enum returned 366 services
    18:22:38:364 2852
    18:22:38:364 2852 Scanning Drivers ...
    18:22:40:637 2852 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:22:40:967 2852 ACPIEC (d4267782d1862af5b17eec371984bbdb) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    18:22:40:967 2852 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPIEC.sys. Real md5: d4267782d1862af5b17eec371984bbdb, Fake md5: 9859c0f6936e723e4892d7141b1327d5
    18:22:40:967 2852 File "C:\WINDOWS\system32\DRIVERS\ACPIEC.sys" infected by TDSS rootkit ... 18:23:38:130 2852 Backup copy found, using it..
    18:23:38:921 2852 will be cured on next reboot
    18:23:39:772 2852 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    18:23:40:493 2852 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    18:23:41:174 2852 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    18:23:44:218 2852 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    18:23:49:386 2852 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:23:50:207 2852 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:23:51:299 2852 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:23:51:789 2852 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:23:52:130 2852 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
    18:23:52:400 2852 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
    18:23:52:580 2852 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
    18:23:53:011 2852 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    18:23:53:281 2852 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:23:53:512 2852 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:23:54:133 2852 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:23:54:263 2852 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:23:54:744 2852 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
    18:23:54:834 2852 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
    18:23:54:954 2852 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:23:55:094 2852 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
    18:23:55:435 2852 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    18:23:55:575 2852 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    18:23:55:845 2852 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:23:56:005 2852 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    18:23:56:306 2852 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    18:23:56:476 2852 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:23:56:606 2852 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    18:23:56:706 2852 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:23:56:816 2852 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
    18:23:56:877 2852 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:23:56:917 2852 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    18:23:56:957 2852 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    18:23:56:977 2852 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    18:23:57:047 2852 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    18:23:57:107 2852 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:23:57:137 2852 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:23:57:207 2852 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    18:23:57:277 2852 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:23:57:457 2852 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:23:57:518 2852 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    18:23:57:628 2852 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
    18:23:57:748 2852 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
    18:23:57:958 2852 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    18:23:58:509 2852 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    18:23:58:960 2852 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    18:24:00:271 2852 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:24:01:063 2852 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:24:01:153 2852 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    18:24:01:403 2852 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:24:01:613 2852 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:24:01:974 2852 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:24:02:054 2852 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:24:02:144 2852 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:24:02:254 2852 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:24:02:425 2852 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
    18:24:02:515 2852 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:24:02:545 2852 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    18:24:02:615 2852 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
    18:24:02:685 2852 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    18:24:02:735 2852 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    18:24:02:835 2852 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    18:24:02:895 2852 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
    18:24:02:965 2852 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    18:24:03:045 2852 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    18:24:03:166 2852 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:24:03:236 2852 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:24:03:316 2852 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    18:24:03:396 2852 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:24:03:546 2852 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:24:03:756 2852 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    18:24:03:877 2852 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:24:03:987 2852 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:24:04:037 2852 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    18:24:04:107 2852 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:24:04:167 2852 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    18:24:04:277 2852 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    18:24:04:347 2852 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:24:04:427 2852 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:24:04:457 2852 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:24:04:568 2852 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    18:24:04:618 2852 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:24:04:688 2852 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:24:04:758 2852 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    18:24:04:858 2852 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    18:24:05:018 2852 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:24:05:088 2852 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:24:05:179 2852 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:24:05:229 2852 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:24:05:329 2852 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    18:24:05:449 2852 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
    18:24:05:529 2852 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    18:24:05:579 2852 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:24:05:699 2852 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:24:05:779 2852 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:24:05:870 2852 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:24:05:920 2852 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    18:24:06:060 2852 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:24:06:100 2852 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    18:24:06:170 2852 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:24:06:230 2852 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:24:06:320 2852 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
    18:24:06:390 2852 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    18:24:06:470 2852 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:24:06:520 2852 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:24:06:581 2852 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:24:06:631 2852 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:24:06:731 2852 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:24:07:081 2852 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:24:07:131 2852 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    18:24:07:252 2852 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:24:07:422 2852 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:24:07:532 2852 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    18:24:07:602 2852 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    18:24:07:642 2852 s24trans (9c40cb317400f2cf643b8706147dd06d) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    18:24:07:732 2852 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:24:07:802 2852 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    18:24:07:822 2852 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:24:07:882 2852 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    18:24:07:912 2852 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:24:08:043 2852 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:24:08:103 2852 sscdbus (d3174663ffcff9061e6b8632dea088f1) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
    18:24:08:183 2852 sscdmdfl (23dbbcbff8f7527233fbf803b91f12ea) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
    18:24:08:383 2852 sscdmdm (685e8d5a19c33e7ace7371f119dffb1b) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
    18:24:08:503 2852 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
    18:24:08:533 2852 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:24:08:583 2852 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    18:24:08:714 2852 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    18:24:08:834 2852 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:24:08:924 2852 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:24:09:114 2852 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:24:09:164 2852 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:24:09:214 2852 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:24:09:365 2852 tifm (2ed3f87d603df22e776b0097c8c7fe3e) C:\WINDOWS\system32\drivers\tifm.sys
    18:24:09:475 2852 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
    18:24:10:166 2852 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    18:24:10:256 2852 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    18:24:10:396 2852 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
    18:24:10:476 2852 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:24:10:516 2852 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:24:10:606 2852 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:24:10:726 2852 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    18:24:10:857 2852 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:24:10:927 2852 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    18:24:10:977 2852 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
    18:24:11:047 2852 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    18:24:11:127 2852 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:24:11:488 2852 w29n51 (adb2f5af36155c9f1fbfd66a3acacbe6) C:\WINDOWS\system32\DRIVERS\w29n51.sys
    18:24:11:738 2852 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:24:11:838 2852 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
    18:24:11:988 2852 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:24:12:098 2852 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    18:24:12:399 2852 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    18:24:12:509 2852 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    18:24:12:559 2852 Reboot required for cure complete..
    18:24:13:090 2852 Cure on reboot scheduled successfully
    18:24:13:090 2852
    18:24:13:090 2852 Completed
    18:24:13:090 2852
    18:24:13:090 2852 Results:
    18:24:13:090 2852 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    18:24:13:090 2852 File objects infected / cured / cured on reboot: 1 / 0 / 1
    18:24:13:090 2852
    18:24:13:100 2852 KLMD(ARK) unloaded successfully

    ComboFix:

    ComboFix 10-07-19.01 - Administrator 07/19/2010 18:40:06.8.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.534 [GMT -4:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\Administrator\Application Data\Sky-Banners
    c:\documents and settings\Administrator\Application Data\Sky-Banners\skb\log.xml
    c:\documents and settings\Administrator\Application Data\Street-Ads
    c:\program files\Shared
    c:\windows\$NtUninstallMTF1011$
    c:\windows\$NtUninstallMTF1011$\apUninstall.exe
    c:\windows\$NtUninstallMTF1011$\zrpt.xml
    c:\windows\aqufirujiqigisoh.dll
    c:\windows\axuvumejabi.dll
    c:\windows\exudisayi.dll
    c:\windows\ezoliyunolifetah.dll
    c:\windows\ohawikisoxe.dll
    c:\windows\ovakipejoxi.dll
    c:\windows\ozupupike.dll
    c:\windows\uduwogij.dll
    c:\windows\ugocozofuqoq.dll
    c:\windows\utiwecedulo.dll
    c:\windows\xpsp1hfm.log
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_6TO4
    -------\Service_6to4

    ((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
    .
    2010-07-19 22:16 . 2010-07-19 22:16 -------- d-----w- C:\_OTL
    2010-07-19 02:58 . 2010-07-19 02:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
    2010-07-19 02:57 . 2010-07-19 02:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-07-16 13:40 . 2010-07-16 13:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-07-14 03:23 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-02 18:57 . 2010-07-02 18:57 57588 ---ha-w- c:\windows\system32\mlfcache.dat
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-19 22:51 . 2009-11-18 01:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
    2010-07-19 22:25 . 2001-08-23 12:00 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
    2010-07-19 22:23 . 2009-11-18 01:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
    2010-07-19 02:28 . 2007-11-06 02:08 188152 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\FlashGot.exe
    2010-07-17 20:17 . 2007-10-08 20:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
    2010-07-16 13:40 . 2010-07-16 13:40 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2010-07-16 13:40 . 2010-07-16 13:40 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
    2010-07-16 13:40 . 2009-11-30 06:17 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-07-16 13:39 . 2009-11-30 06:17 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-07-16 13:38 . 2010-07-16 13:38 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
    2010-07-16 13:38 . 2010-07-16 13:38 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
    2010-07-16 13:38 . 2010-07-16 13:38 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
    2010-07-16 13:38 . 2010-07-16 13:38 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2010-07-14 07:03 . 2008-09-12 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-07-04 00:59 . 2010-02-07 15:52 -------- d-----w- c:\program files\iTunes
    2010-07-04 00:59 . 2006-03-13 00:08 -------- d-----w- c:\program files\iPod
    2010-07-01 22:36 . 2006-03-13 00:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
    2010-06-14 14:31 . 2006-01-27 15:40 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
    2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
    2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-06-02 13:08 . 2009-11-30 06:17 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-05-06 10:41 . 2004-01-08 20:23 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22 . 2001-08-23 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-22 23:54 . 2006-01-27 19:52 70312 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056]
    "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-03 135664]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-23 401408]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-23 385024]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
    "Broadcom Wireless Manager UI"="c:\windows\System32\WLTRAY.exe" [2005-12-19 1347584]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
    "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-1-27 110592]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-07-16 13:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2005-07-23 03:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Palm Registration.lnk]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Palm Registration.lnk
    backup=c:\windows\pss\Palm Registration.lnkStartup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
    backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-09-11 23:50 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "cisvc"=3 (0x3)
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\WINDOWS\\system32\\igfxsrvc.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\system32\\drivers\\svchost.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/30/2009 02:17 AM 216400]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/30/2009 02:17 AM 243024]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 09:40 AM 308136]
    S0 zcqnxx;zcqnxx; [x]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/3/2009 07:23 PM 135664]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6449166C-2951-4105-B1A9-481F56B5DAFA}]
    2007-02-21 20:30 125073 ----a-w- c:\windows\UMBS\IP Printer 6.2\PerUser.exe
    .
    Contents of the 'Scheduled Tasks' folder
    2010-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]
    2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 23:22]
    2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 23:22]
    2010-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-113007714-1343024091-500Core.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-04 23:22]
    2010-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-113007714-1343024091-500UA.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-04 23:22]
    2010-07-19 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: microsoft.com\office
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\
    FF - prefs.js: browser.search.selectedEngine - Dictionary.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -
    SafeBoot-klmdb.sys
    MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
    MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe
    AddRemove-KB913433 - c:\windows\system32\MacroMed\Flash\genuinst.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-19 18:49
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_USERS\S-1-5-21-1644491937-113007714-1343024091-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,17,75,ec,32,68,96,41,bd,a1,47,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,17,75,ec,32,68,96,41,bd,a1,47,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'winlogon.exe'(1044)
    c:\windows\System32\BCMLogon.dll
    c:\program files\Intel\Wireless\Bin\LgNotify.dll
    - - - - - - - > 'explorer.exe'(1296)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mslbui.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\Intel\Wireless\Bin\WLKeeper.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-07-19 18:56:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-19 22:55
    Pre-Run: 20,034,338,816 bytes free
    Post-Run: 19,934,203,904 bytes free
    - - End Of File - - 8C308954A97BFC0B0C89BF53FCBA7BB3
     
  12. SweetTech

    SweetTech Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Hello,


    Malwarebytes' Anti-Malware

    I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates
    • After the update have been completed, Select the Scanner tab.
    • Select Perform quick scan, then click on Scan
    • Leave the default options as it is and click on Start Scan
    • When done, you will be prompted. Click OK, then click on Show Results
    • Checked (ticked) all items and click on Remove Selected
    • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT:



    ESET Online Scanner
    I'd like us to scan your machine with ESET Online Scan

    Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the [​IMG] button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the [​IMG] icon on your desktop.
    4. Check [​IMG]
    5. Click the [​IMG] button.
    6. Accept any security warnings from your browser.
    7. Check [​IMG]
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push [​IMG]
    12. Push [​IMG], and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the [​IMG] button.
    14. Push [​IMG]


    NEXT:



    Security Check
    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



    NEXT:



    OTL Custom Scan

    We need to run an OTL Custom Scan
    1. Please reopen [​IMG] on your desktop.
    2. Copy and Paste the following bolded text into the [​IMG] textbox.


      netsvcs
      drivers32 /all
      %SYSTEMDRIVE%\*.*
      %systemroot%\system32\*.wt
      %systemroot%\system32\*.ruy
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
      %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\user32.dll /md5
      %systemroot%\system32\ws2_32.dll /md5
      %systemroot%\system32\ws2help.dll /md5
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    3. Push [​IMG]
    4. A report will open. Copy and Paste that report in your next reply.





    Please make sure you include the following items in your next post:
    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
    2. The log that is produced after running the MalwareBytes' Anti-Malware scan.
    3. The log that is produced after running the ESET Online Virus Scanner.
    4. The log that is produced after running the SecurityCheck scan.
    5. The log that is produced after running the OTL scan.
    6. An update on how your computer is currently running.
    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

    Cheers,
    SweetTech.
     
  13. mgoblue22

    mgoblue22 Thread Starter

    Joined:
    Sep 8, 2009
    Messages:
    40
    1.
    Thanks, logs below. No questions/ comments right now.

    2.
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 4052
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    7/19/2010 07:51:59 PM
    mbam-log-2010-07-19 (19-51-59).txt
    Scan type: Quick scan
    Objects scanned: 147116
    Time elapsed: 11 minute(s), 1 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)

    3.
    C:\System Volume Information\_restore{F39933E4-8F80-4124-AF33-F81702323217}\RP268\A0056772.dll Win32/Cimag.CK trojan
    C:\_OTL\MovedFiles\07192010_181626\C_Documents and Settings\Administrator\Local Settings\Application Data\mjoucesjj\qvawkhytssd.exe Win32/Adware.SpywareProtect2009 application
    C:\_OTL\MovedFiles\07192010_181626\C_Documents and Settings\Administrator\Local Settings\Temp\Bdb.exe a variant of Win32/Kryptik.FNK trojan
    C:\_OTL\MovedFiles\07192010_181626\C_WINDOWS\Bvugya.exe Win32/TrojanDownloader.FakeAlert.AQI trojan
    C:\_OTL\MovedFiles\07192010_181626\C_WINDOWS\smodgsp.dll a variant of Win32/Cimag.CW trojan

    4.
    Results of screen317's Security Check version 0.99.4
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG Free 9.0
    ESET Online Scanner v3
    Antivirus up to date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    Java(TM) 6 Update 16
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    Adobe Reader 7.0.9
    Adobe Reader 7.0.5 Language Support
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.0.19) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbam.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)
    ``````````End of Log````````````

    5.
    OTL logfile created on: 7/19/2010 10:42:00 PM - Run 2
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,006.00 Mb Total Physical Memory | 349.00 Mb Available Physical Memory | 35.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 18.46 Gb Free Space | 24.77% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: CLUB-GWENDOLINE
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
    PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
    PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
    PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
    SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (WLANKEEPER) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
    SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
    SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
    SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (UIUSys) -- C:\WINDOWS\System32\drivers\UIUSys.sys File not found
    DRV - (RimUsb) -- C:\WINDOWS\System32\Drivers\RimUsb.sys File not found
    DRV - (PalmUSBD) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys File not found
    DRV - (HTCAND32) -- C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys File not found
    DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
    DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
    DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
    DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
    DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
    DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
    DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
    DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
    DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
    DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
    DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
    DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
    DRV - (IWCA) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation)
    DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (tifm) -- C:\WINDOWS\system32\drivers\tifm.sys (Texas Instruments)
    DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI)
    DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI)
    DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI)
    DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)
    DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Dictionary.com"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}:2.026
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 44
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
    FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27
    FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/07 20:14:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 21:37:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/12 18:29:24 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/12 18:29:24 | 000,000,000 | ---D | M]

    [2008/09/02 19:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2010/07/18 22:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\extensions
    [2010/07/18 22:28:37 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2010/07/18 22:28:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/07/18 22:28:38 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2008/09/02 19:06:48 | 000,000,000 | ---D | M] (Abduction!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
    [2009/09/17 08:44:23 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/07/19 04:47:31 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\searchplugins\dictionary.xml
    [2008/06/20 21:54:25 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\searchplugins\IMDB.xml
    [2010/07/19 04:47:32 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\searchplugins\weather.xml
    [2008/06/20 21:54:25 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ewr3jx8j.default\searchplugins\wikipedia.xml
    [2010/07/18 22:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/26 21:52:57 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    [2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
    [2005/04/27 18:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

    O1 HOSTS File: ([2010/07/19 18:48:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.99\npchrome_frame.dll (Google Inc.)
    O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
    O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/32.67/uploader2.cab (UploadListView Class)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1188777044902 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.182.32.35 65.182.32.146
    O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.99\npchrome_frame.dll (Google Inc.)
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/01/27 11:42:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/07/19 19:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/07/19 19:00:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/07/19 18:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/07/19 18:36:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/07/19 18:36:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/07/19 18:36:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/07/19 18:36:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/07/19 18:36:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/07/19 18:16:26 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/07/19 18:07:27 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
    [2010/07/18 22:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
    [2010/07/18 22:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/07/18 22:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/07/18 16:15:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/07/17 17:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2010/07/17 17:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/07/17 17:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/07/16 09:40:07 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/07/13 23:23:38 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/07/19 22:38:31 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
    [2010/07/19 21:49:04 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-113007714-1343024091-500UA.job
    [2010/07/19 21:46:03 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/07/19 19:29:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/07/19 19:28:13 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
    [2010/07/19 19:28:08 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/07/19 19:28:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/07/19 19:27:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/07/19 19:26:38 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
    [2010/07/19 19:26:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
    [2010/07/19 18:49:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/07/19 18:48:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/07/19 18:09:05 | 062,215,657 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/07/19 18:08:22 | 003,738,829 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/07/19 18:07:37 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
    [2010/07/18 23:13:50 | 721,495,040 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Exchange Backup.pst
    [2010/07/18 22:49:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-113007714-1343024091-500Core.job
    [2010/07/18 16:55:07 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\c0f65kxt.exe
    [2010/07/18 16:15:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/07/17 16:28:00 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/17 14:57:20 | 000,022,812 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UM resume June.docx
    [2010/07/17 14:48:41 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$ resume June.docx
    [2010/07/16 09:40:12 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/07/16 09:40:07 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/07/16 09:39:14 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2010/07/14 21:02:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/07/11 21:23:29 | 000,020,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Chalam CL May10(2).docx
    [2010/07/11 21:21:07 | 000,011,773 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\info.docx
    [2010/07/03 20:59:45 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iTunes.lnk
    [2010/07/03 13:38:50 | 000,144,909 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Impact-of-Reimbursement-Changes-for-ESAs_Poster.pdf
    [2010/07/02 14:57:56 | 000,057,588 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/06/24 03:07:09 | 000,534,968 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/24 03:07:09 | 000,465,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/24 03:07:09 | 000,079,302 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/07/19 22:38:24 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
    [2010/07/19 18:36:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/07/19 18:36:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/07/19 18:36:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/07/19 18:36:53 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/07/19 18:36:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/07/19 18:08:14 | 003,738,829 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/07/18 16:55:05 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\c0f65kxt.exe
    [2010/07/17 14:48:41 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$ resume June.docx
    [2010/07/11 21:23:47 | 000,022,812 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\UM resume June.docx
    [2010/07/11 21:23:28 | 000,020,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Chalam CL May10(2).docx
    [2010/07/11 21:21:05 | 000,011,773 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\info.docx
    [2010/07/03 20:59:45 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iTunes.lnk
    [2010/07/03 13:38:50 | 000,144,909 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Impact-of-Reimbursement-Changes-for-ESAs_Poster.pdf
    [2010/07/02 14:57:56 | 000,057,588 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/01/08 16:34:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
    [2009/08/20 18:26:57 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
    [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2008/11/19 15:25:09 | 000,000,043 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/07/28 23:41:57 | 000,002,797 | ---- | C] () -- C:\WINDOWS\TLMPRO.INI
    [2008/07/28 23:41:55 | 000,001,002 | ---- | C] () -- C:\WINDOWS\SSCE.INI
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/05/06 11:57:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
    [2006/11/30 10:36:32 | 000,001,760 | ---- | C] () -- C:\WINDOWS\krb5.ini
    [2006/11/05 22:09:09 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2006/08/13 21:54:19 | 000,000,998 | ---- | C] () -- C:\WINDOWS\opera.ini
    [2006/01/28 15:28:42 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
    [2006/01/27 14:31:12 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2006/01/27 14:31:11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2006/01/27 13:56:06 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
    [2006/01/27 12:39:48 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
    [2006/01/27 12:39:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
    [2006/01/27 11:59:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/05/23 14:57:22 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\krb524.dll
    [2004/07/09 10:31:18 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
    [2003/02/19 16:20:16 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
    [2002/04/16 11:14:42 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
    [2002/04/16 11:14:00 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll
    [2002/04/16 11:14:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
    [2001/08/23 08:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/05/05 01:29:33 | 000,003,283 | ---- | M] () -- C:\additdiag.txt
    [2006/01/27 11:42:23 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/07/30 11:56:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/03/09 18:44:35 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/07/19 18:56:01 | 000,017,105 | ---- | M] () -- C:\ComboFix.txt
    [2006/01/27 11:42:23 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/01/27 11:42:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2006/01/27 11:42:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/03/11 12:43:00 | 000,001,098 | ---- | M] () -- C:\net_save.dna
    [2006/01/27 15:29:24 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/28 17:42:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/07/16 11:27:20 | 000,003,515 | ---- | M] () -- C:\output.log
    [2010/07/19 19:27:53 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys
    [2007/01/20 12:11:35 | 000,000,516 | ---- | M] () -- C:\Settings.ini
    [2010/07/19 18:24:13 | 000,037,468 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_19.07.2010_18.22.32_log.txt

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/01/27 11:42:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2007/06/29 12:14:00 | 000,045,568 | ---- | M] (Xerox Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\xpdpp.dll
    [2007/06/29 12:14:00 | 000,006,144 | ---- | M] (Xerox Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\xpdprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2006/12/14 19:17:10 | 000,001,618 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2006/01/27 06:23:21 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/01/27 06:23:21 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/01/27 06:23:21 | 000,401,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < >
    < End of report >

    6.
    My computer appears to running smoothly. I can open and use all programs. Now that I can get to the task manager, I see that My CPU usage is, for the most part, under 5%.
     
  14. SweetTech

    SweetTech Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Hello,


    Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



    NEXT:



    Clean-Up Time



    Time for some housekeeping
    The following will implement some cleanup procedures as well as reset System Restore points:

    Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



    NEXT:



    OTL Clean-Up
    Clean up with OTL:
    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.
    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.



    NEXT:



    Updates

    Java Outdated
    Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "JDK 6 Update 21 (JDK or JRE)".
    • Click the "Download JRE" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
    • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
    -- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


    Note:
    The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
    To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
    Click Ok and reboot your computer.


    NEXT



    Clean Java Cache & Temporary Files
    • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
      • On the General tab, under Temporary Internet Files, click the Settings button.
      • Next, click on the Delete Files button
      • There are two options in the window to clear the cache - Leave BOTH Checked
        • Applications and AppletsTrace and Log Files
      • Click OK on Delete Temporary Files Window

        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.


    NEXT:



    Update Adobe Reader
    Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
    • Go to Start > Control Panel > Add/Remove Programs
    • Remove ALL instances of Adobe Reader
    • Re-boot your computer as required.
    • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
    Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



    NEXT:



    Update FireFox
    You are currently using an outdated version of Firefox. The latest version of Firefox is 3.6.6

    You can get the latest version of Firefox by accessing the Help menu in Firefox and then selecting Check for Updates. Please make sure that you Check for Updates again after updating to the latest version to make sure that you have in fact received the latest version.


    NEXT:



    All Clean Speech

    ===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===
    Below I have included a number of recommendations for how to protect your computer against malware infections.
    • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
      Strong passwords: How to create and use them
      then consider a password keeper, to keep all your passwords safe.
    • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
      This will ensure your computer has always the latest security updates available installed on your computer.
    • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
    • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
    • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
    • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
      • Green to go
      • Yellow for caution
      • Red to stop
      WOT has an addon available for both Firefox and IE
    • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
      • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
        • NoScript - for blocking ads and other potential website attacks
    • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
    • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
    • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

    Thank you for your patience, and performing all of the procedures requested.

    Please respond one last time so we can consider the thread resolved and close it, thank-you.

    Cheers,
    SweetTech.
     
  15. mgoblue22

    mgoblue22 Thread Starter

    Joined:
    Sep 8, 2009
    Messages:
    40
    SweetTech, thank you so much for your help!! Everything is running smoothly from this end. I really appreciate you taking the time over the last couple days to review my logs and tell me how to get rid of the malware. Best, g
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/936487