Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus [Closed]

Started by hirsty09 , Sep 15 2009 01:07 PM

  • This topic is locked This topic is locked

#1
hirsty09
Posted 15 September 2009 - 01:07 PM

hirsty09

    Member

  • Member
  • PipPip
  • 12 posts
Hi

could one of you guys help me remove this virus please

thanks

plus i cant read the malware guide because it redirects me

Edited by hirsty09, 15 September 2009 - 01:09 PM.

  • 0

Advertisements

#2
NeonFx
Posted 15 September 2009 - 02:36 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Hello there :) Welcome to the GeeksToGo forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me. I am still a student here, and as such I will have to have all my responses checked by a malware removal expert before I post them here.

Please note the following:
  • The fixes are specific to your problem and should only be used on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
  • It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Note: Disabling any security programs you have running will significantly decrease the time it takes to run most of the programs I ask you run. Please disable them before performing any of my steps. For instructions, if needed, see HERE

Step 1

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new Window should appear.
  • Make sure Scan all drives is selected and click on the Start button.
    (Unless you have a floppy drive. In this case, please use "Scan Root Drive Only" and press Start)
  • When it is complete a new Window will appear to indicate that the scan is finished.
  • The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

Step 2

Download AVZ and save it to your Desktop by right clicking HERE , selecting "Save Link As" or "Save Target As" and browsing to your desktop on the window that pops up before you click on the Save button.

Right click on avz4.zip and select "Extract All..." from the selection. Extract it to a new folder on your desktop and open this folder. If you used the default settings, this folder will be called "avz4."

  • Double click on AVZ.exe
  • Click File > Custom scripts
  • Copy & paste the contents of the following codebox into the new "Run A Script" window that opened up. (start with begin and end with end.)
    To copy and paste you need to click and drag your mouse to select all the text, right click on it and select "Copy". Then right click where you wish to paste it and select "Paste"

    begin
 if ExecuteAVUpdate then 
  AddLineToTxtFile(GetAVZDirectory + '\LOG\History.txt', DateTimeToStr(Now)+': Update Completed')
 else 
  AddLineToTxtFile(GetAVZDirectory + '\LOG\History.txt', DateTimeToStr(Now)+': Error Updating');
 if ExecuteStdScr(3) then
  AddLineToTxtFile(GetAVZDirectory + '\LOG\History.txt', DateTimeToStr(Now)+': System Analysis with MRM enabled was run successfully');
 SetAVZPMStatus(True);
 RebootWindows(true);
end.
  • Click the "Check Syntax" button
  • If you get an error when clicking "Check Syntax" make sure you copy and pasted the entire code over correctly.
  • If it says "Syntax is Correct" with a green check, click on the Run button to start the script.
    Note: When you run the script, your PC will be restarted.

STEP 3
After your computer Restarts:

  • Double click on AVZ.exe
  • Click File > Custom scripts
  • Copy & paste the contents of the following codebox into the new "Run A Script" window that opened up. (start with begin and end with end.)
    To copy and paste you need to click and drag your mouse to select all the text, right click on it and select "Copy". Then right click where you wish to paste it and select "Paste"

    begin
 if GetAVZPMStatus then
  AddLineToTxtFile(GetAVZDirectory + '\LOG\History.txt', DateTimeToStr(Now)+': AVZPM is active')
 else
  AddLineToTxtFile(GetAVZDirectory + '\LOG\History.txt', DateTimeToStr(Now)+': AVZPM is not active');
 if ExecuteStdScr(2) then
  AddLineToTxtFile(GetAVZDirectory + '\LOG\History.txt', DateTimeToStr(Now)+': System Analysis was run successfully');
 RebootWindows(true);
end.
  • Click the "Check Syntax" button
  • If you get an error when clicking "Check Syntax" make sure you copy and pasted the entire code over correctly.
  • If it says "Syntax is Correct" with a green check, click on the Run button to start the script.
    Note: When you run the script, your PC will be restarted.

AVZ saves its logs as .zip files in the LOG folder within the AVZ4 folder from which AVZ.exe was run.
Please attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

In the LOG folder you will also see a file called "History.txt". Please double click on it to open it in Notepad, and copy and paste the contents of that file here.


Step 4

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under the Extra Registry box change it to Use SafeList if it is not selected.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.Txt. These are saved in the same location as OTL.exe.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


In your next reply, please include
  • The results from the SysProt scan
  • The two attached zip files from the AVZ scans
  • The contents of the History.txt file in AVZ's LOG folder.
  • The results from the OTL scans (OTL.txt , Extras.txt)

  • 0

#3
hirsty09
Posted 15 September 2009 - 03:31 PM

hirsty09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is the scan from the syspro

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 532
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 604
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 628
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 672
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 688
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 848
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 896
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 964
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1000
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PID: 1248
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PID: 1276
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PID: 1348
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PID: 1416
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PID: 1908
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1920
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 2024
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 388
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 304
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 420
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\CTSVCCDA.EXE
PID: 484
Hidden: No
Window Visible: No

Name: C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PID: 496
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
PID: 520
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 152
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 932
Hidden: No
Window Visible: No

Name: C:\Program Files\Yahoo!\NAV\IWP\NPFMNTOR.EXE
PID: 1208
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 1360
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1472
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1512
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 1616
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wscntfy.exe
PID: 2096
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2112
Hidden: No
Window Visible: No

Name: C:\Program Files\MSN Messenger\msnmsgr.exe
PID: 2840
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Messenger\msmsgs.exe
PID: 2872
Hidden: No
Window Visible: No

Name: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
PID: 2884
Hidden: No
Window Visible: No

Name: C:\Program Files\DAEMON Tools Lite\daemon.exe
PID: 2892
Hidden: No
Window Visible: No

Name: C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PID: 2900
Hidden: No
Window Visible: No

Name: C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PID: 3120
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PID: 3308
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 1340
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID: 3676
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
PID: 3536
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\Yahoo!\browser\ycommon.exe
PID: 3748
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Dan\Desktop\SysProt\SysProt.exe
PID: 204
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Dan\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: ED73C000
Module End: ED747000
Hidden: No

Module Name: \WINDOWS\system32\ntoskrnl.exe
Service Name: ---
Module Base: 804D7000
Module End: 806EB500
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806EC000
Module End: 8070C380
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7A2E000
Module End: F7A30000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F793E000
Module End: F7941000
Hidden: No

Module Name: spdj.sys
Service Name: ---
Module Base: F740D000
Module End: F750D000
Hidden: Yes

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: F7A30000
Module End: F7A32000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ---
Module Base: F73F5000
Module End: F740D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F73C7000
Module End: F73F5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F73B6000
Module End: F73C7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F752E000
Module End: F753D000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F753E000
Module End: F754B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F754E000
Module End: F7557000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7AF6000
Module End: F7AF7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F77AE000
Module End: F77B5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F755E000
Module End: F7569000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7397000
Module End: F73B6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F7A32000
Module End: F7A34000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F7371000
Module End: F7397000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F77B6000
Module End: F77BB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F756E000
Module End: F757B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F7359000
Module End: F7371000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F757E000
Module End: F7587000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F758E000
Module End: F759B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: F7339000
Module End: F7359000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7327000
Module End: F7339000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F7310000
Module End: F7327000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: F72FD000
Module End: F7310000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F7270000
Module End: F72FD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F7243000
Module End: F7270000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F7228000
Module End: F7243000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\gagp30kx.sys
Service Name: gagp30kx
Module Base: F759E000
Module End: F75AA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F75EE000
Module End: F75F7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: F6A80000
Module End: F6C50000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F6A6C000
Module End: F6A80000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: F75FE000
Module End: F760E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F760E000
Module End: F7619000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F761E000
Module End: F762B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F762E000
Module End: F763D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F6A49000
Module End: F6A6C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: F789E000
Module End: F78A5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: F78A6000
Module End: F78AB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F6A26000
Module End: F6A49000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\sisnic.sys
Service Name: SISNIC
Module Base: F78AE000
Module End: F78B6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\es1371mp.sys
Service Name: es1371
Module Base: F763E000
Module End: F7648000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F6A02000
Module End: F6A26000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F764E000
Module End: F765D000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\avslulnp.SYS
Service Name: ---
Module Base: F69C9000
Module End: F6A02000
Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F7916000
Module End: F791D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F765E000
Module End: F766E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: F71EC000
Module End: F71F0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F69B5000
Module End: F69C9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F766E000
Module End: F767B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F791E000
Module End: F7924000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Service Name: gameenum
Module Base: F71E8000
Module End: F71EB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\msmpu401.sys
Service Name: ms_mpu401
Module Base: F7B07000
Module End: F7B08000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7B08000
Module End: F7B09000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F767E000
Module End: F768B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F71E4000
Module End: F71E7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F699E000
Module End: F69B5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F768E000
Module End: F7699000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F769E000
Module End: F76AA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F7926000
Module End: F792B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F698D000
Module End: F699E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F76AE000
Module End: F76B7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F7936000
Module End: F793B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F77CE000
Module End: F77D3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\pcouffin.sys
Service Name: pcouffin
Module Base: F76BE000
Module End: F76CA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F695C000
Module End: F698D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F76CE000
Module End: F76D8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F77D6000
Module End: F77DC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7A60000
Module End: F7A62000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F6903000
Module End: F695C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F6D3D000
Module End: F6D41000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F76DE000
Module End: F76E8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F76EE000
Module End: F76FD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7A66000
Module End: F7A68000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: F77E6000
Module End: F77EB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7A68000
Module End: F7A6A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7BE6000
Module End: F7BE7000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7A6A000
Module End: F7A6C000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F77F6000
Module End: F77FC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7A6C000
Module End: F7A6E000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7A6E000
Module End: F7A70000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F77FE000
Module End: F7803000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F7806000
Module End: F780E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F79F6000
Module End: F79F9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: F5780000
Module End: F5793000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: F5728000
Module End: F5780000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Service Name: SYMTDI
Module Base: F56EF000
Module End: F5728000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: F56CE000
Module End: F56EF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F770E000
Module End: F7717000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Service Name: SymEvent
Module Base: F56AB000
Module End: F56CE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: F5692000
Module End: F56AB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: F771E000
Module End: F772D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: F566A000
Module End: F5692000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: F5648000
Module End: F566A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F772E000
Module End: F7737000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\StarOpen.SYS
Service Name: StarOpen
Module Base: F7816000
Module End: F781C000
Hidden: No

Module Name: \??\C:\Program Files\Yahoo!\NAV\SAVRTPEL.SYS
Service Name: SAVRTPEL
Module Base: F5594000
Module End: F55A8000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Service Name: SASKUTIL
Module Base: F5573000
Module End: F5594000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: F5548000
Module End: F5573000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: F54D9000
Module End: F5548000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F773E000
Module End: F7747000
Hidden: No

Module Name: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Service Name: eeCtrl
Module Base: F5477000
Module End: F54D9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: F782E000
Module End: F7834000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: F5426000
Module End: F5477000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: F783E000
Module End: F7845000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: hidusb
Module Base: F7A1E000
Module End: F7A21000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F775E000
Module End: F7767000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F7846000
Module End: F784D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: F7A22000
Module End: F7A25000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: F53DB000
Module End: F53FE000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F57D3000
Module End: F57D6000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F7876000
Module End: F787B000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7C2C000
Module End: F7C2D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: F40A7000
Module End: F40AB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: F33D6000
Module End: F33EB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: F3573000
Module End: F3582000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: F7AA0000
Module End: F7AA2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: F31AF000
Module End: F31F0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: F3135000
Module End: F3187000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F2D45000
Module End: F2D55000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: ECA51000
Module End: ECA7C000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwConnectPort
Address: 82D64DB0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateKey
Address: F740E0E0
Driver Base: F740D000
Driver End: F750D000
Driver Name: spdj.sys

Function Name: ZwEnumerateKey
Address: F742CCA2
Driver Base: F740D000
Driver End: F750D000
Driver Name: spdj.sys

Function Name: ZwEnumerateValueKey
Address: F742D030
Driver Base: F740D000
Driver End: F750D000
Driver Name: spdj.sys

Function Name: ZwOpenKey
Address: F740E0C0
Driver Base: F740D000
Driver End: F750D000
Driver Name: spdj.sys

Function Name: ZwQueryKey
Address: F742D108
Driver Base: F740D000
Driver End: F750D000
Driver Name: spdj.sys

Function Name: ZwQueryValueKey
Address: F742CF88
Driver Base: F740D000
Driver End: F750D000
Driver Name: spdj.sys

Function Name: ZwSetValueKey
Address: F742D19A
Driver Base: F740D000
Driver End: F750D000
Driver Name: spdj.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 82FDB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 82FDB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82FDB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82FDB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 82FDB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 82FDB1F8
Hooking Module: _unknown_

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F740E000
Hooking Module: spdj.sys

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 82F6E1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 82F6E1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_READ
Jump To: 82F6E1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 82F6E1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 82F6E1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82F6E1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82F6E1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 82F6E1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 82F6E1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 82F6E1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 82AED500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 82AED500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_READ
Jump To: 82AED500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_WRITE
Jump To: 82AED500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82AED500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82AED500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 82AED500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 82AED500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 82D971F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 82D971F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82D971F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82D971F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 82D971F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 82D971F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 82FDC1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 82FDC1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 82FDC1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 82FDC1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82FDC1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82FDC1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 82FDC1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 82FDC1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 82FDC1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 82FDC1F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\avslulnp.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 82D701F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\avslulnp.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 82D701F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\avslulnp.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82D701F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\avslulnp.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82D701F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\avslulnp.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 82D701F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\avslulnp.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 82D701F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 82D2F1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 82D2F1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82D2F1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82D2F1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 82D2F1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 82DBA1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 82DBA1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 82DBA1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 82DBA1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 82DBA1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82DBA1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82DBA1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 82DBA1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 82DBA1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 82DBA1F8
Hooking Module: _unknown_

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_CREATE
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_CLOSE
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_READ
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_WRITE
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_SET_EA
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_POWER
Jump To: F7415E1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F742A514
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F7451B1C
Hooking Module: spdj.sys

Hooked Module: \Driver\PCI_PNP7704
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F7451B1C
Hooking Module: spdj.sys

******************************************************************************************
******************************************************************************************
Ports:
Local Address: HIRST.HOME:3388
Remote Address: WW-IN-F138.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3386
Remote Address: WW-IN-F105.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3384
Remote Address: CHANNEL02.01.05.SF2P.FACEBOOK.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3378
Remote Address: 69.63.186.38:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3340
Remote Address: STATIC-IP-62-41.EURORINGS.NET:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3150
Remote Address: WW-IN-F164.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3148
Remote Address: WW-IN-F164.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3146
Remote Address: WW-IN-F157.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3142
Remote Address: WW-IN-F157.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3140
Remote Address: WW-IN-F157.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3121
Remote Address: EY-IN-F102.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3108
Remote Address: 213.120.161.186:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3107
Remote Address: 213.120.161.186:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3102
Remote Address: 213.120.161.147:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3100
Remote Address: 213.120.161.147:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3094
Remote Address: 213.120.161.147:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3092
Remote Address: 213.120.161.147:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3091
Remote Address: 213.120.161.147:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3088
Remote Address: 213.120.161.147:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:3074
Remote Address: WWW.11.06.ASH1.FACEBOOK.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST.HOME:1037
Remote Address: BY2MSG1010518.GATEWAY.EDGE.MESSENGER.LIVE.COM:1863
Type: TCP
Process: C:\Program Files\Messenger\msmsgs.exe
State: ESTABLISHED

Local Address: HIRST.HOME:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: HIRST:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: HIRST:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: HIRST:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: HIRST:10080
Remote Address: LOCALHOST:3387
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3385
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3383
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3377
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3339
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3149
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3147
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3145
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3141
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3139
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3120
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HIRST:10080
Remote Address: LOCALHOST:3119
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3117
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HIRST:10080
Remote Address: LOCALHOST:3114
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HIRST:10080
Remote Address: LOCALHOST:3113
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HIRST:10080
Remote Address: LOCALHOST:3109
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HIRST:10080
Remote Address: LOCALHOST:3106
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3105
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3101
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3099
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3093
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3090
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3089
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3087
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: LOCALHOST:3073
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: HIRST:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: HIRST:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: HIRST:3387
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
State: ESTABLISHED

Local Address: HIRST:3385
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
State: ESTABLISHED

Local Address: HIRST:3383
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3381
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HIRST:3379
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HIRST:3377
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3375
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HIRST:3339
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3149
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3147
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3145
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3141
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3139
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3119
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3106
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3105
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3101
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3099
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3093
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3090
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3089
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3087
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:3073
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:1094
Remote Address: LOCALHOST:1093
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:1093
Remote Address: LOCALHOST:1094
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:1090
Remote Address: LOCALHOST:1089
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:1089
Remote Address: LOCALHOST:1090
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HIRST:1027
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: HIRST:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: HIRST:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: HIRST.HOME:16147
Remote Address: NA
Type: UDP
Process: C:\Program Files\MSN Messenger\msnmsgr.exe
State: NA

Local Address: HIRST.HOME:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: HIRST.HOME:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: HIRST.HOME:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: HIRST.HOME:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: HIRST.HOME:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: HIRST:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: HIRST:1811
Remote Address: NA
Type: UDP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: NA

Local Address: HIRST:1117
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
State: NA

Local Address: HIRST:1038
Remote Address: NA
Type: UDP
Process: C:\Program Files\Messenger\msmsgs.exe
State: NA

Local Address: HIRST:1033
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: HIRST:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: HIRST:1040
Remote Address: NA
Type: UDP
Process: C:\Program Files\MSN Messenger\msnmsgr.exe
State: NA

Local Address: HIRST:1026
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: HIRST:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{EFA24E58-F9ED-4B19-A3A7-42F9FA34E43F}
Status: Access denied




Attached File  virusinfo_syscure.zip   34.79KB   83 downloads

Attached File  virusinfo_syscheck.zip   30.89KB   77 downloads

15/09/2009 22:11:53: System Analysis with MRM enabled was run successfully
15/09/2009 22:17:07: AVZPM is active
15/09/2009 22:18:41: System Analysis was run successfully

OTL logfile created on: 15/09/2009 22:28:32 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Dan\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.49 Mb Total Physical Memory | 270.99 Mb Available Physical Memory | 35.31% Memory free
2.86 Gb Paging File | 2.43 Gb Available in Paging File | 85.08% Paging File free
Paging file location(s): C:\pagefile.sys 2200 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 75.61 Gb Free Space | 50.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.92 Gb Total Space | 0.91 Gb Free Space | 47.17% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HIRST
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe (Symantec Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe (Nokia Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Dan\My Documents\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler [Auto | Stopped]) -- File not found
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccISPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccProxy [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (CTDevice_Srv [Auto | Running]) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
SRV - (DJSNETCN [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (helpsvc [On_Demand | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- File not found
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (navapsvc [Auto | Stopped]) -- C:\Program Files\Yahoo!\NAV\navapsvc.exe (Symantec Corporation)
SRV - (NMIndexingService [Disabled | Stopped]) -- File not found
SRV - (NPFMntor [Auto | Running]) -- C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe (Symantec Corporation)
SRV - (NSCService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (Symantec Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (SAVScan [On_Demand | Stopped]) -- C:\Program Files\Yahoo!\NAV\SAVScan.exe (Symantec Corporation)
SRV - (ServiceLayer [On_Demand | Running]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (SNDSrvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YPCService [On_Demand | Stopped]) -- C:\WINDOWS\system32\YPcservice.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (alcan5wn [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys (THOMSON)
DRV - (alcaudsl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys (THOMSON)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (es1371 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (MRENDIS5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (Nokia USB Generic [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcdc.sys (Nokia)
DRV - (Nokia USB Modem [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Phone Parent [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (PID_0920 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LV532AV.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SAVRT [On_Demand | Stopped]) -- C:\Program Files\Yahoo!\NAV\SAVRT.SYS (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Yahoo!\NAV\SAVRTPEL.SYS (Symantec Corporation)
DRV - (se44bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\se44bus.sys (MCCI)
DRV - (se44mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\se44mdfl.sys (MCCI)
DRV - (se44mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\se44mdm.sys (MCCI)
DRV - (se44mgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\se44mgmt.sys (MCCI)
DRV - (se44nd5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\se44nd5.sys (MCCI)
DRV - (se44obex [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\se44obex.sys (MCCI)
DRV - (se44unic [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\se44unic.sys (MCCI)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SISNIC [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS Corporation)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ssm_bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ssm_bus.sys (MCCI)
DRV - (ssm_mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys (MCCI)
DRV - (ssm_mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys (MCCI)
DRV - (ss_bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys (MCCI)
DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys (MCCI)
DRV - (ss_mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys (MCCI)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (SYMDNS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20070612.005\SymIDSCo.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (uzexnjq5 [System | Running]) -- C:\WINDOWS\System32\Drivers\uzexnjq5.sys ()

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
IE - URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/09/15 21:04:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/09/15 21:04:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/15 17:40:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/15 17:40:28 | 00,000,000 | ---D | M]

[2008/12/27 16:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions
[2008/12/27 16:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/15 22:22:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\aatlx97k.default\extensions
[2009/01/28 15:41:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\aatlx97k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/15 17:40:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/15 17:40:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/15 17:40:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 21:17:45 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 21:17:45 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 21:17:45 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/24 20:10:36 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 20:10:36 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/15 21:11:10 | 00,001,498 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/08/24 20:10:36 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 20:10:36 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 20:10:36 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 20:10:36 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 20:10:36 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 20:10:36 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CInterceptor Object) - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll (Pando Networks)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll (Symantec Corporation)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] File not found
O4 - HKLM..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.co...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://express.foto....geUploader5.cab (Image Uploader Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yaho...mail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} http://webalbum.bonu...geUploader4.cab (Bonusprint Image Uploader Version 4.5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (secuload.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/16 14:16:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{08788114-2544-11de-bbf5-000c760b536a}\Shell\AutoRun\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{08788114-2544-11de-bbf5-000c760b536a}\Shell\open\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{289d1b20-a107-11dc-ba9a-000c760b536a}\Shell\AutoRun\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{289d1b20-a107-11dc-ba9a-000c760b536a}\Shell\open\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{332b2839-bea7-11db-b7de-0090d049091d}\Shell\AutoRun\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{332b2839-bea7-11db-b7de-0090d049091d}\Shell\open\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{9014956e-81a1-11dd-bb50-000c760b536a}\Shell\AutoRun\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{9014956e-81a1-11dd-bb50-000c760b536a}\Shell\open\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{bb6a4df0-de20-11db-b85d-0090d049091d}\Shell\AutoRun\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{bb6a4df0-de20-11db-b85d-0090d049091d}\Shell\open\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/09/15 22:27:00 | 00,216,064 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Here is the scan from the syspro.doc
[2009/09/15 22:11:53 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzexnjq5.sys
[2009/09/15 22:08:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\avz4
[2009/09/15 22:07:00 | 05,125,238 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\avz4.zip
[2009/09/15 21:58:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\SysProt
[2009/09/15 21:57:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\WinZip
[2009/09/15 21:28:13 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/09/15 21:11:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\AVG Security Toolbar
[2009/09/15 21:05:41 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/09/15 21:05:41 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/09/15 21:05:39 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/09/15 21:05:29 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/15 21:04:55 | 41,174,349 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/15 21:04:52 | 00,105,265 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/15 21:04:50 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/15 21:04:46 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/09/15 21:04:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/09/15 21:04:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/09/15 21:04:26 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/15 21:04:22 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/09/15 21:04:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/09/15 20:54:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\AVG8
[2009/09/15 20:36:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\Tools
[2009/09/15 20:35:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/15 17:40:34 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/15 17:40:28 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/09/15 17:26:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/09/15 16:33:19 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/15 16:30:27 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/09/15 16:04:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Opera
[2009/09/15 16:04:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Opera
[2009/09/15 16:04:01 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/09/15 16:03:11 | 06,875,440 | ---- | C] (Opera Software ASA ) -- C:\Documents and Settings\Dan\Desktop\Opera_1000_en_Setup.exe
[2009/09/15 15:44:07 | 00,016,664 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\cc_20090915_154402.reg
[2009/09/15 15:42:05 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/09/15 15:15:35 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/09/15 15:10:55 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/09/15 15:10:55 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/09/01 22:04:11 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Doc1.doc
[2009/08/26 13:09:02 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Irene Oxley born 18th July 1924.doc
[2009/08/26 11:18:47 | 73,392,7424 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Observe.and.Report.DVDSCR.XviD-DoNE.avi
[2009/08/25 19:09:16 | 02,598,109 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\I find Your Love.mp3
[2009/01/29 22:04:00 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2008/08/08 12:53:08 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2008/08/08 12:52:27 | 00,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2008/08/07 12:06:16 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/08/05 09:57:42 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/07/12 19:34:04 | 00,000,031 | ---- | C] () -- C:\WINDOWS\System32\Days5.ini
[2007/07/01 12:58:21 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/15 13:03:21 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/05/12 14:58:13 | 00,060,351 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/18 14:36:06 | 00,000,067 | ---- | C] () -- C:\WINDOWS\Easy Avi Divx Xvid to DVD Burner.INI
[2007/03/02 02:42:46 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/02/19 17:17:37 | 00,015,387 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/02/19 17:17:03 | 00,000,504 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/02/17 16:59:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/16 15:20:39 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2007/02/16 14:41:23 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/02/16 14:34:02 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/12/07 11:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004/08/04 02:07:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/04 02:07:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 02:07:00 | 00,000,630 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 02:07:00 | 00,000,253 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/04/05 14:36:48 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/02/10 20:15:36 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/08/10 18:02:20 | 00,116,736 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1999/08/10 18:02:16 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/01/27 14:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[2009/09/15 22:27:00 | 00,216,064 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Here is the scan from the syspro.doc
[2009/09/15 22:21:11 | 00,000,430 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2009/09/15 22:21:11 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/09/15 22:20:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/15 22:20:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/15 22:20:33 | 80,483,9424 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/15 22:18:52 | 11,258,040 | -H-- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\IconCache.db
[2009/09/15 22:18:46 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/09/15 22:18:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/09/15 22:11:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/09/15 22:11:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/09/15 22:11:53 | 00,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uzexnjq5.sys
[2009/09/15 22:07:48 | 05,125,238 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\avz4.zip
[2009/09/15 21:44:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/15 21:22:25 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/09/15 21:06:13 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/09/15 21:06:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/09/15 21:05:41 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/09/15 21:05:41 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/09/15 21:05:40 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/09/15 21:05:29 | 41,174,349 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/15 21:05:29 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/15 21:04:55 | 00,105,265 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/15 21:04:52 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/15 21:04:50 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/09/15 21:04:26 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/15 20:40:10 | 00,000,384 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2009/09/15 19:39:41 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/09/15 19:39:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/09/15 17:54:55 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/15 17:40:34 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/15 16:51:29 | 00,000,578 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\My Sharing Folders.lnk
[2009/09/15 16:33:20 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/15 16:04:01 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/09/15 16:03:19 | 06,875,440 | ---- | M] (Opera Software ASA ) -- C:\Documents and Settings\Dan\Desktop\Opera_1000_en_Setup.exe
[2009/09/15 15:44:10 | 00,016,664 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\cc_20090915_154402.reg
[2009/09/15 15:31:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/09/15 15:31:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/09/15 15:16:34 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/09/15 15:16:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/09/15 15:16:03 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/15 15:10:55 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/09/15 14:57:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/09/15 14:57:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/09/15 14:29:24 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2009/09/14 17:40:42 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/13 21:18:10 | 00,043,520 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/12 21:05:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/10 22:32:57 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/10 22:32:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/10 21:34:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/09/10 21:34:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/09/10 20:38:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/09/10 20:38:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/07 14:54:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/09/07 14:54:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/09/06 10:20:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/09/06 10:20:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/09/05 10:16:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/09/05 10:16:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/09/04 14:14:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/09/04 14:14:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/09/03 23:12:27 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/09/03 23:12:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/09/03 18:00:20 | 00,014,119 | ---- | M] () -- C:\WINDOWS\System32\xma
[2009/09/03 06:43:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/09/03 06:43:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/09/01 22:04:40 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/09/01 22:04:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/09/01 22:04:11 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Doc1.doc
[2009/09/01 13:48:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/09/01 13:48:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/09/01 11:49:40 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/09/01 11:49:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/08/31 20:53:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/08/31 20:53:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/08/30 14:01:51 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\vso_ts_preview.xml
[2009/08/26 13:09:03 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Irene Oxley born 18th July 1924.doc
[2009/08/25 19:11:42 | 02,598,109 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\I find Your Love.mp3
[2009/08/19 18:04:53 | 00,013,733 | ---- | M] () -- C:\WINDOWS\System32\pemz

========== LOP Check ==========

[2009/09/15 21:05:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/15 17:54:52 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2007/05/01 18:33:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/09/15 21:10:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2007/05/28 19:46:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/06/22 18:55:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/04/18 19:24:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metacafe
[2007/06/20 20:24:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2008/12/21 20:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/03/27 21:00:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/11/18 18:07:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2008/06/15 12:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/06 17:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/15 20:54:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dan\Application Data
[2007/02/28 15:04:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Ahead
[2008/08/03 14:40:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Atari
[2008/08/07 12:06:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\AviDvdBurner
[2007/10/23 13:46:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\BitTorrent
[2008/08/05 09:57:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\DAEMON Tools
[2007/05/27 22:18:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Datalayer
[2008/12/22 21:39:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\DVDFab
[2009/05/19 21:28:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\GrabPro
[2009/01/28 15:41:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\IObit
[2008/08/03 14:34:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Leadertech
[2007/04/01 19:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Nokia
[2007/04/25 22:02:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Nokia Multimedia Player
[2009/09/15 16:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Opera
[2009/09/15 19:51:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Orbit
[2007/03/27 20:36:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\PC Suite
[2007/10/23 13:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Spyware Terminator
[2008/12/27 16:50:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Syntrillium
[2008/12/20 14:34:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Teleca
[2009/08/26 11:18:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\uTorrent
[2009/08/30 12:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Vso
[2009/09/15 16:33:20 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/09/12 21:05:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/09/15 20:40:10 | 00,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job
[2004/08/04 02:07:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/15 22:20:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/15 22:21:11 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2009/09/15 22:21:11 | 00,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpySE 2.job
[2009/09/15 14:29:24 | 00,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpySE.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\etc\Hosts:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05D195EC
< End of report >

OTL Extras logfile created on: 15/09/2009 22:28:32 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Dan\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.49 Mb Total Physical Memory | 270.99 Mb Available Physical Memory | 35.31% Memory free
2.86 Gb Paging File | 2.43 Gb Available in Paging File | 85.08% Paging File free
Paging file location(s): C:\pagefile.sys 2200 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 75.61 Gb Free Space | 50.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.92 Gb Total Space | 0.91 Gb Free Space | 47.17% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HIRST
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = YBrowser.HTML] -- C:\Program Files\Yahoo!\browser\ybrowser.exe (Yahoo!, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 (Yahoo!, Inc.)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 (Yahoo!, Inc.)
https [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 (Yahoo!, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Pando Networks\Pando\pando.exe" = C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:pando -- (Pando Networks)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Documents and Settings\Dan\Desktop\utorrent.exe" = C:\Documents and Settings\Dan\Desktop\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe" = C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition -- (SUPERAntiSpyware.com)
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware -- (Lavasoft AB)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000A4757-A5A0-4B41-8C78-702E1A4F49ED}" = GameShadow
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{0463B519-E4C8-4C16-84AA-4743D1ED91B5}" = Labtec WebCam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0FF1922C-B6C4-40BB-AF30-BEF75A482444}" = Nokia Connectivity Cable Driver
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B29A786-5803-4E9E-9B58-3014A5B4E519}" = Norton AntiSpam
"{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}" = Norton Personal Firewall
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe 1.4.42.1
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D8C8814-00DF-4F4B-BBC7-E817531416CC}" = Norton Spyware Scan
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.0.96
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{7ACCA59F-72AC-4046-A5D0-48F907CA4401}" = Samsung PC Studio
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FC46258-0843-4D79-B7F0-F2B82FE6173B}" = Apple Mobile Device Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AB2347E4-153B-4194-AA3B-97C0A662B369}" = PC Connectivity Solution
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}" = Pando
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB839F9F-375C-4913-B01E-2880C6C526C6}" = SymNet
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D89AC4DF-7A00-4D0B-BA99-D582C7974A09}" = Nokia PC Suite
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Personal Firewall
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F325CF11-27CE-4872-8022-6E9EB27DF24F}" = NAVShortcut
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FC66E05E-8D39-47A6-8D07-759F33727EB0}" = Opera 10.00
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Personal Firewall
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"3GP Converter_is1" = 3GP Converter 2007
"3GP Player_is1" = 3GP Player 2007
"3GP Video Converter 3" = 3GP Video Converter 3
"4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
"7-Zip" = 7-Zip 4.57
"AC3Filter" = AC3Filter (remove only)
"Acoustica MP3 CD Burner" = Acoustica MP3 CD Burner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AltoMP3 Gold" = AltoMP3 Gold 5.20
"Antares Autotune DX v4.12" = Antares Autotune DX v4.12
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"Applian FLV Player2.0.24" = Applian FLV Player
"Audacity_is1" = Audacity 1.2.6
"Audio Converter Pro" = Audio Converter Pro
"AVG8Uninstall" = AVG Free 8.5
"AVI DivX MPEG to DVD Converter & Burner Pro_is1" = AVI DivX MPEG to DVD Converter & Burner Pro 2.9
"AviSynth" = AviSynth 2.5
"Bonusprint Photoservice_is1" = Bonusprint Photoservice
"BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 3.1
"BT Home Hub" = BT Home Hub
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"BT Yahoo! Broadband" = BT Yahoo! Broadband Internet Connection Manager 4.2
"btbb.MCCInstall" = BT Broadband Desktop Help
"CCleaner" = CCleaner (remove only)
"CDRWIN" = CDRWIN
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Creative Media Lite" = Creative Media Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.0
"ERUNT_is1" = ERUNT 1.1j
"IL Download Manager" = IL Download Manager
"Image Merger .EXE_is1" = Image Merger .EXE 1.0.0.19
"ImTOO 3GP Video Converter" = ImTOO 3GP Video Converter
"ImTOO YouTube to iPod Converter" = ImTOO YouTube to iPod Converter
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"ISOpen_is1" = ISOpen V4.4.2
"LimeWire" = LimeWire 4.12.11
"Magic ISO Maker v5.5 (build 0273)" = Magic ISO Maker v5.5 (build 0273)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metacafe" = Metacafe
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Orbit_is1" = Orbit Downloader
"RealPlayer 6.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"VideoEgg" = VideoEgg Publisher
"VideoFab Converter_is1" = VideoFab Converter 1.0.1.0
"Videora Trial Version" = Videora Trial Version 2.15
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XoftSpySE" = XoftSpySE
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZENStoneUG" = Creative ZEN Stone User's Guide

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/08/2009 15:56:16 | Computer Name = HIRST | Source = Application Error | ID = 1000
Description = Faulting application bonusprint_photoservice.exe, version 2.4.2.0,
faulting module unknown, version 0.0.0.0, fault address 0x00fa7cbb.

Error - 19/08/2009 08:01:02 | Computer Name = HIRST | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x01ee985b.

Error - 25/08/2009 11:48:58 | Computer Name = HIRST | Source = Application Error | ID = 1000
Description = Faulting application nerostartsmart.exe, version 2.0.0.27, faulting
module nerostartsmart.exe, version 2.0.0.27, fault address 0x00105427.

Error - 13/09/2009 19:33:07 | Computer Name = HIRST | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module infow32.dll, version 1.0.0.1, fault address 0x0000bd27.

Error - 13/09/2009 19:42:18 | Computer Name = HIRST | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module infow32.dll, version 1.0.0.1, fault address 0x0000bd27.

Error - 14/09/2009 13:00:52 | Computer Name = HIRST | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module tranupx.dll, version 1.0.0.1, fault address 0x00001100.

Error - 14/09/2009 15:08:02 | Computer Name = HIRST | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module msvcp60.dll, version 6.2.3104.0, fault address 0x0000261d.

Error - 15/09/2009 10:45:46 | Computer Name = HIRST | Source = Application Error | ID = 1000
Description = Faulting application fl.exe, version 0.0.0.0, faulting module kernel32.dll,
version 5.1.2600.3119, fault address 0x00012a5b.

Error - 15/09/2009 11:31:16 | Computer Name = HIRST | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 15/09/2009 15:18:06 | Computer Name = HIRST | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module infow32.dll, version 1.0.0.1, fault address 0x0000bd27.

[ System Events ]
Error - 15/09/2009 17:22:06 | Computer Name = HIRST | Source = SAVRT | ID = 458772
Description = Unable to initialize the virus scanning engine database files.

Error - 15/09/2009 17:22:06 | Computer Name = HIRST | Source = Service Control Manager | ID = 7000
Description = The SAVRT service failed to start due to the following error: %%31

Error - 15/09/2009 17:22:07 | Computer Name = HIRST | Source = SAVRT | ID = 458772
Description = Unable to initialize the virus scanning engine database files.

Error - 15/09/2009 17:22:07 | Computer Name = HIRST | Source = Service Control Manager | ID = 7000
Description = The SAVRT service failed to start due to the following error: %%31

Error - 15/09/2009 17:22:09 | Computer Name = HIRST | Source = SAVRT | ID = 458772
Description = Unable to initialize the virus scanning engine database files.

Error - 15/09/2009 17:22:09 | Computer Name = HIRST | Source = Service Control Manager | ID = 7000
Description = The SAVRT service failed to start due to the following error: %%31

Error - 15/09/2009 17:22:10 | Computer Name = HIRST | Source = SAVRT | ID = 458772
Description = Unable to initialize the virus scanning engine database files.

Error - 15/09/2009 17:22:10 | Computer Name = HIRST | Source = Service Control Manager | ID = 7000
Description = The SAVRT service failed to start due to the following error: %%31

Error - 15/09/2009 17:22:11 | Computer Name = HIRST | Source = SAVRT | ID = 458772
Description = Unable to initialize the virus scanning engine database files.

Error - 15/09/2009 17:22:11 | Computer Name = HIRST | Source = Service Control Manager | ID = 7000
Description = The SAVRT service failed to start due to the following error: %%31


< End of report >
  • 0

#4
NeonFx
Posted 15 September 2009 - 04:59 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Thank you hirsty09 :) I will let you know once I go over this log and get my next response approved by my instructor.
  • 0

#5
hirsty09
Posted 15 September 2009 - 05:48 PM

hirsty09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ok thanks alot!!
  • 0

#6
NeonFx
Posted 16 September 2009 - 01:15 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Let's do the following now:

STEP 1

Looking over your log, it seems you have too many Anti-viruses running.

You should run only one anti-virus program at a time. Having more than one anti-virus program active in memory uses additional resources and results in program conflicts and false virus alerts.

I notice you have Norton and AVG running. If you are paying for the use of Norton go ahead and remove AVG by going to Start > Control Panel > Add/Remove programs. If your Norton license is going to expire soon you might consider uninstalling that and keeping AVG on your system seeing as it will run just as well as Norton and there is no real benefit to paying for anti-virus protection.

If you chose to uninstall AVG and keep Norton, after uninstalling it and restarting your computer, use the AVG removal tool to clear your system of any remnants of it.
If you chose to uninstall Norton and keep AVG, after uninstalling it and restarting your computer, use the Norton removal tool to clear your system of any remnants of it.

Then restart your computer again.

STEP 2

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

STEP 3

Leave your USB drive (G:, the one you had connected when you first ran the scan) connected during the next fix.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O33 - MountPoints2\{08788114-2544-11de-bbf5-000c760b536a}\Shell\AutoRun\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{08788114-2544-11de-bbf5-000c760b536a}\Shell\open\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{289d1b20-a107-11dc-ba9a-000c760b536a}\Shell\AutoRun\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{289d1b20-a107-11dc-ba9a-000c760b536a}\Shell\open\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{332b2839-bea7-11db-b7de-0090d049091d}\Shell\AutoRun\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{332b2839-bea7-11db-b7de-0090d049091d}\Shell\open\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{9014956e-81a1-11dd-bb50-000c760b536a}\Shell\AutoRun\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{9014956e-81a1-11dd-bb50-000c760b536a}\Shell\open\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{bb6a4df0-de20-11db-b85d-0090d049091d}\Shell\AutoRun\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{bb6a4df0-de20-11db-b85d-0090d049091d}\Shell\open\command - "" = G:\RECYCLER\recycld.exe -- [2009/04/27 18:50:24 | 00,059,392 | -H-- | M] (Microsoft Corporation)

:Services

:Reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{1A43B51D-2671-4bcc-89F0-9BC42DB29016}]
[-HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{1A43B51D-2671-4bcc-89F0-9BC42DB29016}]

:Files
@C:\WINDOWS\System32\drivers\etc\Hosts:SummaryInformation
C:\WINDOWS\System32\infow32.dll
G:\RECYCLER\recycld.exe

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • This will create a log in C:\_OTL\MovedFiles\<date>_<time>.txt where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste the contents of that file here.

STEP 4

Run OTL again and click on the Quick Scan button at the top. Copy and Paste the results of this scan in your next reply.


How's the computer running now? Are you still seeing symptoms?
  • 0

#7
hirsty09
Posted 16 September 2009 - 02:04 PM

hirsty09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
the symptoms seem to have gone away now , do you suggest i still do the steps you have just posted?

thanks
  • 0

#8
NeonFx
Posted 16 September 2009 - 02:06 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Yes please :) I'd like to make absolutely sure you're clean. Let me know if you want to end this here though.
  • 0

#9
hirsty09
Posted 16 September 2009 - 02:26 PM

hirsty09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
nope il do the scan now ,
  • 0

#10
hirsty09
Posted 16 September 2009 - 02:39 PM

hirsty09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08788114-2544-11de-bbf5-000c760b536a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08788114-2544-11de-bbf5-000c760b536a}\ not found.
File G:\RECYCLER\recycld.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08788114-2544-11de-bbf5-000c760b536a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08788114-2544-11de-bbf5-000c760b536a}\ not found.
File G:\RECYCLER\recycld.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{289d1b20-a107-11dc-ba9a-000c760b536a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289d1b20-a107-11dc-ba9a-000c760b536a}\ not found.
File G:\RECYCLER\recycld.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{289d1b20-a107-11dc-ba9a-000c760b536a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289d1b20-a107-11dc-ba9a-000c760b536a}\ not found.
File G:\RECYCLER\recycld.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{332b2839-bea7-11db-b7de-0090d049091d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{332b2839-bea7-11db-b7de-0090d049091d}\ not found.
File G:\RECYCLER\recycld.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{332b2839-bea7-11db-b7de-0090d049091d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{332b2839-bea7-11db-b7de-0090d049091d}\ not found.
File G:\RECYCLER\recycld.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9014956e-81a1-11dd-bb50-000c760b536a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9014956e-81a1-11dd-bb50-000c760b536a}\ not found.
File G:\RECYCLER\recycld.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9014956e-81a1-11dd-bb50-000c760b536a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9014956e-81a1-11dd-bb50-000c760b536a}\ not found.
File G:\RECYCLER\recycld.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb6a4df0-de20-11db-b85d-0090d049091d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb6a4df0-de20-11db-b85d-0090d049091d}\ not found.
File G:\RECYCLER\recycld.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb6a4df0-de20-11db-b85d-0090d049091d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb6a4df0-de20-11db-b85d-0090d049091d}\ not found.
File G:\RECYCLER\recycld.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{1A43B51D-2671-4bcc-89F0-9BC42DB29016}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A43B51D-2671-4bcc-89F0-9BC42DB29016}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{1A43B51D-2671-4bcc-89F0-9BC42DB29016}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A43B51D-2671-4bcc-89F0-9BC42DB29016}\ not found.
========== FILES ==========
ADS C:\WINDOWS\System32\drivers\etc\Hosts:SummaryInformation deleted successfully.
File\Folder C:\WINDOWS\System32\infow32.dll not found.
File\Folder G:\RECYCLER\recycld.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.HIRST
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Ash
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Dan
File delete failed. C:\Documents and Settings\Dan\Local Settings\Temp\etilqs_1DoXzhSAJm7cmwZgnOYd scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Temp\Perflib_Perfdata_ae4.dat scheduled to be deleted on reboot.
->Temp folder emptied: 196233096 bytes
File delete failed. C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 2302624 bytes
->Java cache emptied: 0 bytes
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\aatlx97k.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\aatlx97k.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\aatlx97k.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\aatlx97k.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\aatlx97k.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\aatlx97k.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 91071232 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gav
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Paul
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 68921850 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 14658 bytes

Total Files Cleaned = 342.03 mb


OTL by OldTimer - Version 3.0.14.0 log created on 09162009_212743


OTL logfile created on: 16/09/2009 21:37:32 - Run 2
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Dan\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.49 Mb Total Physical Memory | 312.16 Mb Available Physical Memory | 40.67% Memory free
2.86 Gb Paging File | 2.44 Gb Available in Paging File | 85.35% Paging File free
Paging file location(s): C:\pagefile.sys 2200 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 75.64 Gb Free Space | 50.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HIRST
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe (Nokia Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Dan\My Documents\Downloads\OTL(3).exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (CTDevice_Srv [Auto | Running]) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (helpsvc [On_Demand | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (NMIndexingService [Disabled | Stopped]) -- File not found
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (ServiceLayer [On_Demand | Running]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YPCService [On_Demand | Stopped]) -- C:\WINDOWS\system32\YPcservice.exe (Yahoo! Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://uk.yhs.search...2-tb-web_uk&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/09/15 21:04:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/09/15 21:04:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/15 17:40:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/15 17:40:28 | 00,000,000 | ---D | M]

[2008/12/27 16:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions
[2008/12/27 16:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/15 22:22:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\aatlx97k.default\extensions
[2009/01/28 15:41:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\aatlx97k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/15 17:40:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/15 17:40:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/15 17:40:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 21:17:45 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 21:17:45 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 21:17:45 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/24 20:10:36 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 20:10:36 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/15 21:11:10 | 00,001,498 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/08/24 20:10:36 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 20:10:36 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 20:10:36 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 20:10:36 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 20:10:36 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 20:10:36 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CInterceptor Object) - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll (Pando Networks)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (MS extension) - {E7C7AD3E-E0B2-4994-B338-F89D02AA316D} - File not found
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.co...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://express.foto....geUploader5.cab (Image Uploader Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yaho...mail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} http://webalbum.bonu...geUploader4.cab (Bonusprint Image Uploader Version 4.5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (secuload.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/16 14:16:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/16 21:01:20 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 14 Days ==========

[2009/09/16 21:27:43 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/16 21:01:20 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/09/16 11:36:46 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\inform.dat
[2009/09/16 00:46:19 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/09/15 22:45:11 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/09/15 22:40:01 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/09/15 22:27:00 | 00,216,064 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\Here is the scan from the syspro.doc
[2009/09/15 22:11:53 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzexnjq5.sys
[2009/09/15 22:08:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\avz4
[2009/09/15 22:07:00 | 05,125,238 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\avz4.zip
[2009/09/15 21:58:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\SysProt
[2009/09/15 21:57:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\WinZip
[2009/09/15 21:28:13 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/09/15 21:11:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\AVG Security Toolbar
[2009/09/15 21:05:41 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/09/15 21:05:41 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/09/15 21:05:39 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/09/15 21:05:29 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/15 21:04:55 | 41,210,483 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/15 21:04:52 | 00,105,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/15 21:04:50 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/15 21:04:46 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/09/15 21:04:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/09/15 21:04:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/09/15 21:04:26 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/15 21:04:22 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/09/15 21:04:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/09/15 20:54:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\AVG8
[2009/09/15 20:36:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\Tools
[2009/09/15 20:35:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/15 17:40:34 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/15 17:40:28 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/09/15 16:33:19 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/15 16:30:27 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/09/15 16:04:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Opera
[2009/09/15 16:04:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Opera
[2009/09/15 16:04:01 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/09/15 16:03:11 | 06,875,440 | ---- | C] (Opera Software ASA ) -- C:\Documents and Settings\Dan\Desktop\Opera_1000_en_Setup.exe
[2009/09/15 15:44:07 | 00,016,664 | ---- | C] () -- C:\Documents and Settings\Dan\My Documents\cc_20090915_154402.reg
[2009/09/15 15:42:05 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/09/15 15:15:35 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/09/15 15:10:55 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/09/15 15:10:55 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

========== Files - Modified Within 14 Days ==========

[2009/09/16 21:33:50 | 00,000,430 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2009/09/16 21:33:50 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/09/16 21:30:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/16 21:30:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/16 21:30:16 | 80,483,9424 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/16 21:27:45 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/09/16 20:40:06 | 00,000,384 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2009/09/16 17:33:40 | 00,105,279 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/16 17:33:38 | 41,210,483 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/16 12:21:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/09/16 12:21:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/09/16 11:44:03 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/16 11:36:46 | 00,059,904 | ---- | M] () -- C:\WINDOWS\System32\inform.dat
[2009/09/16 11:36:46 | 00,014,119 | ---- | M] () -- C:\WINDOWS\System32\xma
[2009/09/16 09:27:22 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/09/16 09:27:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/09/16 09:27:17 | 11,789,040 | -H-- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\IconCache.db
[2009/09/16 00:54:27 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/09/16 00:54:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/09/15 22:45:55 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/15 22:40:01 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/09/15 22:27:00 | 00,216,064 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\Here is the scan from the syspro.doc
[2009/09/15 22:18:46 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/09/15 22:18:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/09/15 22:11:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/09/15 22:11:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/09/15 22:11:53 | 00,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uzexnjq5.sys
[2009/09/15 22:07:48 | 05,125,238 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\avz4.zip
[2009/09/15 21:44:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/15 21:22:25 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/09/15 21:06:13 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/09/15 21:06:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/09/15 21:05:41 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/09/15 21:05:41 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/09/15 21:05:40 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/09/15 21:05:29 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/15 21:04:52 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/15 21:04:50 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/09/15 21:04:26 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/15 19:39:41 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/09/15 19:39:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/09/15 17:40:34 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/15 16:51:29 | 00,000,578 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\My Sharing Folders.lnk
[2009/09/15 16:04:01 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/09/15 16:03:19 | 06,875,440 | ---- | M] (Opera Software ASA ) -- C:\Documents and Settings\Dan\Desktop\Opera_1000_en_Setup.exe
[2009/09/15 15:44:10 | 00,016,664 | ---- | M] () -- C:\Documents and Settings\Dan\My Documents\cc_20090915_154402.reg
[2009/09/15 15:31:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/09/15 15:31:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/09/15 15:16:34 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/09/15 15:16:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/09/15 15:16:03 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/15 15:10:55 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/09/15 14:57:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/09/15 14:57:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/09/15 14:29:24 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2009/09/14 17:40:42 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/13 21:18:10 | 00,043,520 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/12 21:05:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/10 22:32:57 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/10 22:32:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/10 21:34:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/09/10 21:34:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/09/10 20:38:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/09/10 20:38:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/07 14:54:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/09/07 14:54:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/09/06 10:20:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/09/06 10:20:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/09/05 10:16:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/09/05 10:16:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/09/04 14:14:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/09/04 14:14:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/09/03 23:12:27 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/09/03 23:12:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/09/03 06:43:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/09/03 06:43:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm

========== LOP Check ==========

[2009/09/16 17:44:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/15 22:40:03 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2007/05/01 18:33:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/09/15 21:10:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2007/05/28 19:46:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/06/22 18:55:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/04/18 19:24:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metacafe
[2007/06/20 20:24:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2008/12/21 20:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/03/27 21:00:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/11/18 18:07:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2008/06/15 12:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/06 17:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/15 20:54:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dan\Application Data
[2007/02/28 15:04:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Ahead
[2008/08/03 14:40:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Atari
[2008/08/07 12:06:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\AviDvdBurner
[2007/10/23 13:46:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\BitTorrent
[2008/08/05 09:57:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\DAEMON Tools
[2007/05/27 22:18:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Datalayer
[2008/12/22 21:39:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\DVDFab
[2009/05/19 21:28:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\GrabPro
[2009/01/28 15:41:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\IObit
[2008/08/03 14:34:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Leadertech
[2007/04/01 19:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Nokia
[2007/04/25 22:02:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Nokia Multimedia Player
[2009/09/15 16:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Opera
[2009/09/15 19:51:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Orbit
[2007/03/27 20:36:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\PC Suite
[2007/10/23 13:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Spyware Terminator
[2008/12/27 16:50:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Syntrillium
[2008/12/20 14:34:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Teleca
[2009/08/26 11:18:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\uTorrent
[2009/08/30 12:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Vso
[2009/09/15 22:45:55 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/09/12 21:05:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/09/16 20:40:06 | 00,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job
[2004/08/04 02:07:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/16 21:30:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/16 21:33:50 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2009/09/16 21:33:50 | 00,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpySE 2.job
[2009/09/15 14:29:24 | 00,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpySE.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05D195EC
< End of report >
  • 0

Advertisements

#11
NeonFx
Posted 16 September 2009 - 02:52 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Alright, let's clean up.

STEP 1

Open AVZ by double clicking on AVZ.exe in the avz4 folder.
Click on the AVZPM menu button at the top and select Delete and Unload Extended Monitoring Driver (if it isn't clickable, don't worry, this means it's already disabled)
Click OK and close the AVZ program.


STEP 2
To clean up OldTimer's tools, along with a few others, do the following:

  • Run OTL.exe by double clicking on it
  • Click on the "CleanUp" button on the top.
  • You will be asked if you wish to reboot your system, select "Yes"


STEP 3

Remove any other tools or files we used by right-clicking on them or any folders they created, hold down the Shift key, and select "Delete" by clicking on it. This will delete the files without sending them to the RecycleBin.


All Clean

Congratulations!, Posted Image, your system is now clean. Now that your system is safe we would like you to keep it that way. Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.


Clean out your old Restore Points
Infected machines can oftentimes create backups of the infections. For instructions on deleting system restore backups, see HERE

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates


Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Download BlockList Pro's HOSTS Manager HERE

  • Double click the Installer on your desktop and let it Install the Hosts Manager
  • After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the other Hosts Switch icon from your desktop)
  • When the Hosts Manager comes up, click the small down arrows on the right side of the bar labeled Options and Tools,
  • Click Disable DNS Service. This is important
  • In the Left Pane, click Download
  • It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then click Save

You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.
If you have a separate party firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Install WinPatrol
Download it HERE
You can find information about how WinPatrol works HERE
Quick Summary: It will give you complete control over everything that happens in the background while Windows runs, giving you the option to approve or deny any changes to the registry.

Other Software Updates
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for Java and Adobe as these are subject to many security vulnerabilities.

Setting up Automatic Updates
So that it is not necessary to have to remember to update your computer regularly (something very important to securing your system), automatic updates should be configured on your computer. Microsoft has guides for XP and Vista on how to do this.

Read further information HERE on how to prevent Malware infections and keep yourself clean.
  • 0

#12
hirsty09
Posted 16 September 2009 - 03:02 PM

hirsty09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ok thanks alot, ive done the last OTL scan, il do thoses other steps now one problem it wont let me do windows updates
  • 0

#13
NeonFx
Posted 16 September 2009 - 03:14 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Let's do the following to try to fix that problem:

STEP 1

Your internet explorer is out of date. You need to update this to IE8, especially since Windows Updates will only work with Internet Explorer.

Go here HERE and click on the Download Now button to begin the process.

Reboot your computer when you are done.

STEP 2

After you do that, let's update your version of Windows to the latest version.

Since we cannot use Windows Update, go HERE and click on the Download button to download the installer. Double click on the download to begin the installation.

The installation will probably reboot your computer several times. Reboot your computer one more time when that's done.

STEP 3

Using Internet Explorer, go to http://update.microsoft.com and follow all the instructions for updating your computer.

Let me know if you receive an error and what that error is.
  • 0

#14
hirsty09
Posted 16 September 2009 - 03:39 PM

hirsty09

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ok thanks for the fast reply!! just downloading service pack 3 now will let you know how i get on soon
  • 0

#15
NeonFx
Posted 16 September 2009 - 08:52 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Alright :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP