Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Intellppm.sys file infected [Solved]

Started by Ccopeland89 , May 12 2010 01:00 PM

  • This topic is locked This topic is locked

#1
Ccopeland89
Posted 12 May 2010 - 01:00 PM

Ccopeland89

    Member

  • Member
  • PipPip
  • 42 posts
Avg says the file Intellppm.sys is infected with Win32/Patched.DP ran scan in safe mode with out internet here is the scan log

AVG 9.0 Anti-Virus command line scanner
Copyright © 1992 - 2009 AVG Technologies
Program version 9.0.782, engine 9.0.814
Virus Database: Version 271.1.1/2869 2010-05-12

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Administrator\ntuser.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\avg9\Log\a95449fa-eb00-45a4-a27b-e47fda33141e Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\MiniMessage\3 Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\config\DEFAULT Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SOFTWARE Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SYSTEM Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
C:\WINDOWS\system32\drivers\intelppm.sys Virus identified Win32/Patched.DP
D:\System Volume Information\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 354758
Found infections : 1
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------
  • 0

Advertisements

#2
Essexboy
Posted 12 May 2010 - 01:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets have a better look at it

Posted Image GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.
Posted Image
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Ccopeland89
Posted 12 May 2010 - 04:30 PM

Ccopeland89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Ahh I am in the middle of doing the above stated logs will be up at an hour max.
  • 0

#4
Ccopeland89
Posted 12 May 2010 - 05:33 PM

Ccopeland89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
GMER Log file

+
+++++++++++++++++
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-12 19:19:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwtoqaog.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\svchost.exe[1376] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 02B4000A
.text C:\Windows\System32\svchost.exe[1376] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 007A000A
.text C:\Windows\Explorer.EXE[548] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00A1000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00B3000A
.text C:\Windows\System32\svchost.exe[1376] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 007B000A
.text C:\Windows\Explorer.EXE[548] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00A7000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00B4000A
.text C:\Windows\System32\svchost.exe[1376] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 0079000C
.text C:\Windows\Explorer.EXE[548] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00A0000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00B2000C
.text C:\Windows\System32\svchost.exe[1376] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02B5000A

---- Devices - GMER 1.0.15 ----

Device -> \Driver\atapi \Device\Harddisk0\DR0 838C9EE4

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat B9DD7D20

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\Windows\System32\DRIVERS\intelppm.sys entry point in ".rsrc" section [0xF79F5494]

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF77CF87E]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF640A670]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF77CFBFE]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF640A720]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF640A7C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF640A860]

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification
File C:\Windows\System32\DRIVERS\intelppm.sys suspicious modification

---- EOF - GMER 1.0.15 ----



OTL LOG




++++++++++++++++++++++++++=
OTL logfile created on: 5/12/2010 7:21:05 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 353.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 23.33 Gb Free Space | 62.61% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 186.57 Gb Free Space | 80.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CPQ65643321346
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/12 19:20:11 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/05/11 16:52:18 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/11 16:52:17 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/05/11 16:52:15 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/05/11 16:52:09 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/05/11 16:51:14 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/05/11 16:51:07 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/05/11 16:50:42 | 001,038,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgupd.exe
PRC - [2010/05/11 16:50:02 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/05/11 16:49:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/05/11 16:49:22 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/05/11 16:49:21 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/05/11 15:44:39 | 001,291,544 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/03 10:13:50 | 000,236,040 | ---- | M] () -- C:\WINDOWS\system32\DeltaIITray.exe


========== Modules (SafeList) ==========

MOD - [2010/05/12 19:20:11 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NMSSvc) Intel®
SRV - [2010/05/11 16:51:07 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/05/11 16:49:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/11 16:49:21 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/05/11 15:44:39 | 001,291,544 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2001/12/18 15:49:00 | 001,953,868 | ---- | M] (Altiris, Inc.) [Disabled | Stopped] -- C:\COMPAQ\ACLIENT\ACLIENT.exe -- (AClient)


========== Driver Services (SafeList) ==========

DRV - [2010/05/11 16:53:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/05/11 16:53:53 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/11 16:50:09 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/05/11 16:50:09 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/05/11 16:50:08 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/05/11 16:49:25 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/05/11 16:49:24 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/05/11 16:49:24 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/05/11 16:48:44 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/05/11 16:48:44 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/14 15:04:08 | 000,075,912 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MADFU003.sys -- (MADFU003)
DRV - [2008/03/03 10:13:46 | 000,302,728 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\deltaII.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM)
DRV - [2007/12/12 02:11:00 | 000,021,720 | ---- | M] (KORG Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2007/11/14 16:20:08 | 000,020,168 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb11ldr.sys -- (USB11LDR)
DRV - [2007/11/14 16:20:04 | 000,031,752 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/03/04 10:35:42 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 07:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com...DT/0409/bl7.asp

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 22:37:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/05/11 16:48:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 14:02:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/01 09:55:33 | 000,000,000 | ---D | M]

[2009/03/23 14:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/01 10:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xkvp8lrj.default\extensions
[2010/05/12 14:47:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/18 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {4ee4478c-6bd7-4551-b48f-0f81f5d2505d} - C:\Windows\System32\hiresawo.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [DeltTray] File not found
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\DeltaIITray.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\Windows\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\bikawofu.dll) - C:\Windows\System32\bikawofu.dll File not found
O20 - AppInit_DLLs: (dkjqfv.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\) - C:\Windows\System32\ [2010/05/12 14:35:50 | 000,000,000 | ---D | M]
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\Windows\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: SSODL - - CLSID or File not found.
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 21:13:09 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f129c2e1-ee7c-11de-8ad4-0014d1555920}\Shell\AutoRun\command - "" = F:\3exi.exe -- File not found
O33 - MountPoints2\{f129c2e1-ee7c-11de-8ad4-0014d1555920}\Shell\open\Command - "" = F:\3exi.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/10/14 09:03:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/12 19:20:10 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/05/11 20:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/11 20:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/11 17:18:00 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/11 16:54:03 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/11 16:53:54 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/11 16:53:50 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/11 16:53:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/05/11 16:50:09 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/11 16:50:09 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSxx.sys
[2010/05/11 16:50:04 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/11 16:48:44 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgfwdx.dll
[2010/05/11 16:48:44 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwdx.sys
[2010/05/11 16:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/05/11 16:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/11 13:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/11 12:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/04 15:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Bun B - No Mixtape-2010-MIXFIEND
[2010/05/04 15:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Brotha Lynch Hung - Dinner And A Movie [``DaCiple``]
[2010/05/04 15:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Redman - Reggie - The Mixtape - Hosted By DJ Rake
[2010/05/03 21:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\W.E. Riley
[2010/04/24 23:16:53 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/04/24 23:12:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/24 23:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/21 23:33:45 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/04/19 23:10:42 | 000,000,000 | ---D | C] -- C:\Windows\SxsCaPendDel
[2010/04/18 01:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/04/18 01:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/03/26 23:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2010/03/26 22:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity
[2010/02/25 03:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/02/15 23:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\WR
[2010/02/14 10:08:03 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/02/14 10:06:26 | 000,000,000 | -H-D | C] -- C:\Windows\System32\GroupPolicy
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/12 19:21:17 | 000,587,107 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/05/12 19:21:16 | 059,913,848 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/12 19:20:11 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/05/12 18:28:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/05/12 14:38:49 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/05/12 14:36:34 | 000,001,158 | ---- | M] () -- C:\Windows\System32\wpa.dbl
[2010/05/12 14:35:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/12 14:35:17 | 000,002,048 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/12 14:34:10 | 005,865,472 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/05/12 14:34:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/12 14:34:06 | 000,510,352 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/05/11 20:00:24 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/05/11 16:54:07 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/05/11 16:54:06 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/11 16:53:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/11 16:53:53 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/11 16:53:49 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/05/11 16:50:09 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/11 16:50:09 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSxx.sys
[2010/05/11 16:50:08 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/11 16:48:44 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgfwdx.dll
[2010/05/11 16:48:44 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwdx.sys
[2010/05/11 13:07:57 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/05/11 12:42:29 | 000,000,636 | ---- | M] () -- C:\Windows\win.ini
[2010/05/11 12:42:29 | 000,000,253 | ---- | M] () -- C:\Windows\system.ini
[2010/05/04 21:48:48 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/04/24 23:12:40 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/21 23:33:45 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/04/12 21:37:36 | 000,027,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\side 2.jpeg
[2010/04/08 16:09:38 | 000,025,778 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\interior.jpeg
[2010/04/08 16:09:22 | 000,032,130 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\side.jpeg
[2010/04/08 16:08:57 | 000,030,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\back.jpeg
[2010/04/05 23:23:44 | 001,251,162 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\manual.pdf
[2010/03/28 03:04:36 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/19 10:10:35 | 000,081,418 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\22.pdf
[2010/03/19 10:07:09 | 000,081,420 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\21.pdf
[2010/03/19 10:02:42 | 000,081,427 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2.pdf
[2010/03/19 10:02:41 | 000,080,450 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1.pdf
[2010/03/14 19:30:38 | 000,404,336 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/14 19:30:38 | 000,061,992 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/14 19:30:37 | 000,473,498 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/10 23:06:12 | 001,732,608 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Project management database.accdb
[2010/02/28 15:26:57 | 000,000,020 | ---- | M] () -- C:\GINA.TEXT
[2010/02/28 15:26:43 | 000,000,041 | ---- | M] () -- C:\WLANCUGINA.TEXT
[2010/02/14 10:07:49 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/12 18:25:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/05/12 18:13:02 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/05/11 20:00:24 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/05/11 16:54:07 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/05/11 16:53:49 | 000,587,107 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/05/11 16:53:49 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/05/11 16:53:22 | 059,913,848 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/11 13:07:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/05/11 09:54:55 | 000,010,690 | ---- | C] () -- C:\Documents and Settings\Administrator\hs_err_pid704.log
[2010/05/10 08:44:16 | 005,865,472 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/04/24 23:41:38 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/04/24 23:12:40 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/18 01:43:31 | 000,012,493 | ---- | C] () -- C:\Documents and Settings\Administrator\hs_err_pid2528.log
[2010/04/12 21:37:36 | 000,027,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\side 2.jpeg
[2010/04/08 16:09:38 | 000,025,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\interior.jpeg
[2010/04/08 16:09:21 | 000,032,130 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\side.jpeg
[2010/04/08 16:08:56 | 000,030,928 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\back.jpeg
[2010/04/05 23:23:44 | 001,251,162 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\manual.pdf
[2010/03/19 10:10:35 | 000,081,418 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\22.pdf
[2010/03/19 10:07:09 | 000,081,420 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\21.pdf
[2010/03/19 10:02:42 | 000,081,427 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2.pdf
[2010/03/19 10:02:41 | 000,080,450 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1.pdf
[2010/02/14 10:07:37 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2009/03/16 17:27:58 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2008/10/14 09:21:38 | 000,000,567 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
[2008/10/14 09:21:15 | 000,000,042 | ---- | C] () -- C:\Windows\cpqhsc.ini
[2008/10/14 09:20:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\msssc.dll
[2008/10/14 09:02:30 | 000,000,061 | ---- | C] () -- C:\Windows\smscfg.ini
[2008/10/14 08:52:07 | 000,262,144 | ---- | C] () -- C:\Windows\System32\shpshftr.dll
[2008/10/14 08:50:55 | 000,040,960 | ---- | C] () -- C:\Windows\LoadDll.dll
[2002/02/06 08:04:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NMSInst.dll
[2002/01/21 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\PROInst.dll

========== LOP Check ==========

[2008/10/14 16:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2010/05/11 17:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2009/03/25 10:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PACE Anti-Piracy
[2010/03/26 23:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2008/10/14 14:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Waves Audio
[2008/10/14 16:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/11 16:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/08 22:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/01/27 10:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/24 23:12:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/12 14:38:49 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/10/14 16:20:16 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/14 17:08:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/14 16:20:16 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/10/14 17:08:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/10/14 16:20:16 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/14 17:08:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/14 16:20:16 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/10/14 17:08:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2001/08/17 13:51:56 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\$NtUninstallQ306583$\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2001/08/29 11:56:42 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=D921BE80C70C25CEFCD8AB79EA6FBAF2 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2001/09/17 02:34:04 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2001/09/17 02:34:04 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2001/09/17 02:34:04 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/11 16:48:44 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgfwdx.sys
[2010/05/11 16:50:09 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\AVGIDSxx.sys
[2010/05/11 16:53:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/05/11 16:53:53 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/05/11 16:50:09 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys
[2010/05/11 16:50:08 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/04/21 23:33:45 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 1276 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:NTCA2UJnMJQdwwt2Qtp
@Alternate Data Stream - 1182 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:8rGygxMDMOetkpgttHEfa59Q
@Alternate Data Stream - 1076 bytes -> C:\Program Files\Common Files\System:FUJoVe8yX30Hs8hnQ28SIUj08
< End of report >









Extras Log



+++++++++++++++++++++++++++++++++++==




OTL logfile created on: 5/12/2010 7:21:05 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 353.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 23.33 Gb Free Space | 62.61% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 186.57 Gb Free Space | 80.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CPQ65643321346
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/12 19:20:11 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/05/11 16:52:18 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/11 16:52:17 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/05/11 16:52:15 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/05/11 16:52:09 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/05/11 16:51:14 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/05/11 16:51:07 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/05/11 16:50:42 | 001,038,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgupd.exe
PRC - [2010/05/11 16:50:02 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/05/11 16:49:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/05/11 16:49:22 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/05/11 16:49:21 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/05/11 15:44:39 | 001,291,544 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/03 10:13:50 | 000,236,040 | ---- | M] () -- C:\WINDOWS\system32\DeltaIITray.exe


========== Modules (SafeList) ==========

MOD - [2010/05/12 19:20:11 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NMSSvc) Intel®
SRV - [2010/05/11 16:51:07 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/05/11 16:49:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/11 16:49:21 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/05/11 15:44:39 | 001,291,544 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2001/12/18 15:49:00 | 001,953,868 | ---- | M] (Altiris, Inc.) [Disabled | Stopped] -- C:\COMPAQ\ACLIENT\ACLIENT.exe -- (AClient)


========== Driver Services (SafeList) ==========

DRV - [2010/05/11 16:53:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/05/11 16:53:53 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/11 16:50:09 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/05/11 16:50:09 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/05/11 16:50:08 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/05/11 16:49:25 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/05/11 16:49:24 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/05/11 16:49:24 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/05/11 16:48:44 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/05/11 16:48:44 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/14 15:04:08 | 000,075,912 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MADFU003.sys -- (MADFU003)
DRV - [2008/03/03 10:13:46 | 000,302,728 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\deltaII.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM)
DRV - [2007/12/12 02:11:00 | 000,021,720 | ---- | M] (KORG Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2007/11/14 16:20:08 | 000,020,168 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb11ldr.sys -- (USB11LDR)
DRV - [2007/11/14 16:20:04 | 000,031,752 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/03/04 10:35:42 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 07:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com...DT/0409/bl7.asp

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 22:37:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/05/11 16:48:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 14:02:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/01 09:55:33 | 000,000,000 | ---D | M]

[2009/03/23 14:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/01 10:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xkvp8lrj.default\extensions
[2010/05/12 14:47:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/18 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {4ee4478c-6bd7-4551-b48f-0f81f5d2505d} - C:\Windows\System32\hiresawo.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [DeltTray] File not found
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\DeltaIITray.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\Windows\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\bikawofu.dll) - C:\Windows\System32\bikawofu.dll File not found
O20 - AppInit_DLLs: (dkjqfv.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\) - C:\Windows\System32\ [2010/05/12 14:35:50 | 000,000,000 | ---D | M]
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\Windows\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: SSODL - - CLSID or File not found.
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 21:13:09 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f129c2e1-ee7c-11de-8ad4-0014d1555920}\Shell\AutoRun\command - "" = F:\3exi.exe -- File not found
O33 - MountPoints2\{f129c2e1-ee7c-11de-8ad4-0014d1555920}\Shell\open\Command - "" = F:\3exi.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/10/14 09:03:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/12 19:20:10 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/05/11 20:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/11 20:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/11 17:18:00 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/11 16:54:03 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/11 16:53:54 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/11 16:53:50 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/11 16:53:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/05/11 16:50:09 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/11 16:50:09 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSxx.sys
[2010/05/11 16:50:04 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/11 16:48:44 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgfwdx.dll
[2010/05/11 16:48:44 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwdx.sys
[2010/05/11 16:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/05/11 16:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/11 13:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/11 12:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/04 15:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Bun B - No Mixtape-2010-MIXFIEND
[2010/05/04 15:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Brotha Lynch Hung - Dinner And A Movie [``DaCiple``]
[2010/05/04 15:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Redman - Reggie - The Mixtape - Hosted By DJ Rake
[2010/05/03 21:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\W.E. Riley
[2010/04/24 23:16:53 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/04/24 23:12:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/24 23:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/21 23:33:45 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/04/19 23:10:42 | 000,000,000 | ---D | C] -- C:\Windows\SxsCaPendDel
[2010/04/18 01:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/04/18 01:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/03/26 23:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2010/03/26 22:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity
[2010/02/25 03:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/02/15 23:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\WR
[2010/02/14 10:08:03 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/02/14 10:06:26 | 000,000,000 | -H-D | C] -- C:\Windows\System32\GroupPolicy
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/12 19:21:17 | 000,587,107 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/05/12 19:21:16 | 059,913,848 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/12 19:20:11 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/05/12 18:28:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/05/12 14:38:49 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/05/12 14:36:34 | 000,001,158 | ---- | M] () -- C:\Windows\System32\wpa.dbl
[2010/05/12 14:35:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/12 14:35:17 | 000,002,048 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/12 14:34:10 | 005,865,472 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/05/12 14:34:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/12 14:34:06 | 000,510,352 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/05/11 20:00:24 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/05/11 16:54:07 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/05/11 16:54:06 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/11 16:53:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/11 16:53:53 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/11 16:53:49 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/05/11 16:50:09 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/05/11 16:50:09 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSxx.sys
[2010/05/11 16:50:08 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/11 16:48:44 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgfwdx.dll
[2010/05/11 16:48:44 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwdx.sys
[2010/05/11 13:07:57 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/05/11 12:42:29 | 000,000,636 | ---- | M] () -- C:\Windows\win.ini
[2010/05/11 12:42:29 | 000,000,253 | ---- | M] () -- C:\Windows\system.ini
[2010/05/04 21:48:48 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/04/24 23:12:40 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/21 23:33:45 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/04/12 21:37:36 | 000,027,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\side 2.jpeg
[2010/04/08 16:09:38 | 000,025,778 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\interior.jpeg
[2010/04/08 16:09:22 | 000,032,130 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\side.jpeg
[2010/04/08 16:08:57 | 000,030,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\back.jpeg
[2010/04/05 23:23:44 | 001,251,162 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\manual.pdf
[2010/03/28 03:04:36 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/19 10:10:35 | 000,081,418 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\22.pdf
[2010/03/19 10:07:09 | 000,081,420 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\21.pdf
[2010/03/19 10:02:42 | 000,081,427 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2.pdf
[2010/03/19 10:02:41 | 000,080,450 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1.pdf
[2010/03/14 19:30:38 | 000,404,336 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/14 19:30:38 | 000,061,992 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/14 19:30:37 | 000,473,498 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/10 23:06:12 | 001,732,608 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Project management database.accdb
[2010/02/28 15:26:57 | 000,000,020 | ---- | M] () -- C:\GINA.TEXT
[2010/02/28 15:26:43 | 000,000,041 | ---- | M] () -- C:\WLANCUGINA.TEXT
[2010/02/14 10:07:49 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/12 18:25:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/05/12 18:13:02 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/05/11 20:00:24 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/05/11 16:54:07 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/05/11 16:53:49 | 000,587,107 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/05/11 16:53:49 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/05/11 16:53:22 | 059,913,848 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/11 13:07:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/05/11 09:54:55 | 000,010,690 | ---- | C] () -- C:\Documents and Settings\Administrator\hs_err_pid704.log
[2010/05/10 08:44:16 | 005,865,472 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/04/24 23:41:38 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/04/24 23:12:40 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/18 01:43:31 | 000,012,493 | ---- | C] () -- C:\Documents and Settings\Administrator\hs_err_pid2528.log
[2010/04/12 21:37:36 | 000,027,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\side 2.jpeg
[2010/04/08 16:09:38 | 000,025,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\interior.jpeg
[2010/04/08 16:09:21 | 000,032,130 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\side.jpeg
[2010/04/08 16:08:56 | 000,030,928 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\back.jpeg
[2010/04/05 23:23:44 | 001,251,162 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\manual.pdf
[2010/03/19 10:10:35 | 000,081,418 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\22.pdf
[2010/03/19 10:07:09 | 000,081,420 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\21.pdf
[2010/03/19 10:02:42 | 000,081,427 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2.pdf
[2010/03/19 10:02:41 | 000,080,450 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1.pdf
[2010/02/14 10:07:37 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2009/03/16 17:27:58 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2008/10/14 09:21:38 | 000,000,567 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
[2008/10/14 09:21:15 | 000,000,042 | ---- | C] () -- C:\Windows\cpqhsc.ini
[2008/10/14 09:20:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\msssc.dll
[2008/10/14 09:02:30 | 000,000,061 | ---- | C] () -- C:\Windows\smscfg.ini
[2008/10/14 08:52:07 | 000,262,144 | ---- | C] () -- C:\Windows\System32\shpshftr.dll
[2008/10/14 08:50:55 | 000,040,960 | ---- | C] () -- C:\Windows\LoadDll.dll
[2002/02/06 08:04:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NMSInst.dll
[2002/01/21 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\PROInst.dll

========== LOP Check ==========

[2008/10/14 16:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2010/05/11 17:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2009/03/25 10:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PACE Anti-Piracy
[2010/03/26 23:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2008/10/14 14:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Waves Audio
[2008/10/14 16:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/11 16:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/08 22:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/01/27 10:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/24 23:12:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/12 14:38:49 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/10/14 16:20:16 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/14 17:08:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/14 16:20:16 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/10/14 17:08:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/10/14 16:20:16 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/14 17:08:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/14 16:20:16 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/10/14 17:08:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2001/08/17 13:51:56 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\$NtUninstallQ306583$\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2001/08/29 11:56:42 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=D921BE80C70C25CEFCD8AB79EA6FBAF2 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2001/09/17 02:34:04 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2001/09/17 02:34:04 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2001/09/17 02:34:04 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/11 16:48:44 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgfwdx.sys
[2010/05/11 16:50:09 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\AVGIDSxx.sys
[2010/05/11 16:53:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/05/11 16:53:53 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/05/11 16:50:09 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys
[2010/05/11 16:50:08 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/04/21 23:33:45 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 1276 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:NTCA2UJnMJQdwwt2Qtp
@Alternate Data Stream - 1182 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:8rGygxMDMOetkpgttHEfa59Q
@Alternate Data Stream - 1076 bytes -> C:\Program Files\Common Files\System:FUJoVe8yX30Hs8hnQ28SIUj08
< End of report >
  • 0

#5
Essexboy
Posted 13 May 2010 - 11:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets do a bit of killing

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O2 - BHO: (no name) - {4ee4478c-6bd7-4551-b48f-0f81f5d2505d} - C:\Windows\System32\hiresawo.dll File not found
O20 - AppInit_DLLs: (C:\Windows\system32\bikawofu.dll) - C:\Windows\System32\bikawofu.dll File not found
O20 - AppInit_DLLs: (dkjqfv.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\) - C:\Windows\System32\ [2010/05/12 14:35:50 | 000,000,000 | ---D | M]
O21 - SSODL: SSODL - - CLSID or File not found.
O33 - MountPoints2\{f129c2e1-ee7c-11de-8ad4-0014d1555920}\Shell\AutoRun\command - "" = F:\3exi.exe -- File not found
O33 - MountPoints2\{f129c2e1-ee7c-11de-8ad4-0014d1555920}\Shell\open\Command - "" = F:\3exi.exe -- File not found
@Alternate Data Stream - 1276 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:NTCA2UJnMJQdwwt2Qtp
@Alternate Data Stream - 1182 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:8rGygxMDMOetkpgttHEfa59Q
@Alternate Data Stream - 1076 bytes -> C:\Program Files\Common Files\System:FUJoVe8yX30Hs8hnQ28SIUj08

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#6
Ccopeland89
Posted 13 May 2010 - 04:46 PM

Ccopeland89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
olt report


++++=======++++++++++++++++++++=

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ee4478c-6bd7-4551-b48f-0f81f5d2505d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ee4478c-6bd7-4551-b48f-0f81f5d2505d}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\system32\bikawofu.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:dkjqfv.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\ deleted successfully.
Item C:\Windows\System32\ is whitelisted and cannot be moved.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Invalid CLSID key:
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f129c2e1-ee7c-11de-8ad4-0014d1555920}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f129c2e1-ee7c-11de-8ad4-0014d1555920}\ not found.
File F:\3exi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f129c2e1-ee7c-11de-8ad4-0014d1555920}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f129c2e1-ee7c-11de-8ad4-0014d1555920}\ not found.
File F:\3exi.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:NTCA2UJnMJQdwwt2Qtp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:8rGygxMDMOetkpgttHEfa59Q deleted successfully.
ADS C:\Program Files\Common Files\System:FUJoVe8yX30Hs8hnQ28SIUj08 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 81900871 bytes
->Java cache emptied: 15542774 bytes
->FireFox cache emptied: 83116225 bytes
->Flash cache emptied: 101220 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 13448145 bytes
->Flash cache emptied: 11129 bytes

User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 650354 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138618 bytes
%systemroot%\System32 .tmp files removed: 2832913 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1618833 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 41403 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 191.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Guest

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: User

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05132010_165506

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N69CM18A\CAHTJZAK.php%3Fpage%3Dadvertisement moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N69CM18A\favicon[1].ico moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N69CM18A\showgp[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BIHPYBNA\094019_24Car_Drifting_modification_1[1].flv moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BIHPYBNA\page[1].htm moved successfully.
C:\Windows\temp\fla284.tmp moved successfully.
C:\Windows\temp\fla2A0.tmp moved successfully.
C:\Windows\temp\fla30E.tmp moved successfully.

Registry entries deleted on Reboot...


Combo fix log-
Also when running this i tried to close out of avg it would not let me saying access was denied went into safe mode exited out all avg process ran combofix and it still said avg was running tried to uninstall avg and said uninstall failed

++++++++++++++++++++++++++++++++++++++++++++++++++++=




ComboFix 10-05-13.02 - Administrator 05/13/2010 18:27:42.2.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.766 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-04-13 to 2010-05-13 )))))))))))))))))))))))))))))))
.

2010-05-13 22:07 . 2010-05-13 22:13 -------- d-----w- c:\windows\LastGood.Tmp
2010-05-13 21:00 . 2010-05-13 21:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG9
2010-05-13 20:55 . 2010-05-13 20:55 -------- d-----w- C:\_OTL
2010-05-12 22:25 . 2010-05-13 21:13 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
2010-05-12 00:00 . 2010-05-12 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-12 00:00 . 2010-05-12 00:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-11 21:18 . 2010-05-11 21:18 -------- d-----w- C:\$AVG
2010-05-11 20:54 . 2010-05-11 20:54 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-11 20:53 . 2010-05-11 20:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-11 20:53 . 2010-05-11 20:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-11 20:53 . 2010-05-13 22:23 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-11 20:50 . 2010-05-11 20:50 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-11 20:50 . 2010-05-11 20:50 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-05-11 20:50 . 2010-05-11 20:50 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-11 20:48 . 2010-05-11 20:48 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-05-11 20:48 . 2010-05-11 20:48 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-11 20:45 . 2010-05-11 20:45 -------- d-----w- c:\program files\AVG
2010-05-11 20:44 . 2010-05-11 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-11 17:31 . 2010-05-11 17:31 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-05-11 17:22 . 2010-05-11 17:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-25 03:41 . 2010-05-05 01:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-25 03:16 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-25 03:12 . 2010-04-25 03:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-25 03:12 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-25 03:12 . 2010-04-25 03:12 -------- d-----w- c:\program files\Lavasoft
2010-04-22 03:33 . 2010-04-22 03:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-20 03:10 . 2010-04-25 03:09 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-18 05:50 . 2010-04-18 05:50 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-18 05:50 . 2010-04-18 05:47 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-18 05:48 . 2010-04-20 03:10 -------- d-----w- c:\program files\DivX
2010-04-18 05:48 . 2010-04-20 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 21:48 . 2009-03-22 17:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2010-04-25 03:12 . 2008-12-23 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-27 03:04 . 2010-03-27 03:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Unity
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeltaIITaskbarApp"="c:\windows\system32\DeltaIITray.exe" [2008-03-03 236040]
"M-Audio Taskbar Icon"="c:\windows\System32\DeltaIITray.exe" [2008-03-03 236040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-11 20:54 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=KORGUMDD.DRV
"Midi2"=usbnp4x4.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-05-11 20:51 2064736 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5/11/2010 4:50 PM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/11/2010 4:50 PM 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/24/2010 11:16 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1291544]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/11/2010 4:53 PM 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/11/2010 4:50 PM 242896]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/11/2010 4:49 PM 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [5/11/2010 4:51 PM 2325816]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [5/11/2010 4:49 PM 5888008]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/11/2010 4:48 PM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/11/2010 4:48 PM 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5/11/2010 4:49 PM 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5/11/2010 4:49 PM 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5/11/2010 4:49 PM 26120]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaII.sys [3/23/2009 2:06 PM 302728]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/17/2009 12:30 AM 133104]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [12/12/2007 2:11 AM 21720]
S3 MADFU003;MADFU003;c:\windows\system32\drivers\MADFU003.sys [10/24/2008 11:25 AM 75912]
S3 USBNP4X4;M-Audio Audiophile USB Midi;c:\windows\system32\drivers\usbnp4x4.sys --> c:\windows\system32\drivers\usbnp4x4.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 19:44]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xkvp8lrj.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DeltTray - DeltTray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-13 18:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1976)
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-13 18:36:21
ComboFix-quarantined-files.txt 2010-05-13 22:36

Pre-Run: 24,920,014,848 bytes free
Post-Run: 24,882,417,664 bytes free

- - End Of File - - C1188CC7331E3D1F2B3F0F8F9C5A0AA
  • 0

#7
Essexboy
Posted 14 May 2010 - 11:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi to complete the fix you will need to install the recovery console, without that I cannot cure the main problem

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.




Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
  • 0

#8
Ccopeland89
Posted 14 May 2010 - 01:19 PM

Ccopeland89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I cannot for some reason disable my antivurs program i cannot uninstall it either im unsure of what the problem is
  • 0

#9
Essexboy
Posted 14 May 2010 - 01:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Leave it running then, we will work around it
  • 0

#10
Ccopeland89
Posted 14 May 2010 - 02:24 PM

Ccopeland89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
will all of the file remain on thecopmuter it is a computer we use production and have alot of files that are irreplaceable
  • 0

Advertisements

#11
Essexboy
Posted 14 May 2010 - 02:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It looks as though combofix may have lost the fight on that. So we will work outside of windows

OK this file is big about 276.7Mb, print these instruction out so that you know what you are doing

File details
Bytes - 290,236,416
MB - 276.7
MD5 - 3BD19DB0ADB880A39DD80C704CB907D0

Two programmes to download

First

ISOBurner this will allow you to burn OTLPE.iso to a CD and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions

Second

  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Drag and drop this attached scan.txt into the Custom scans and fixes box
    [attachment=41724:scan.txt]
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#12
Essexboy
Posted 14 May 2010 - 02:25 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes your files should be safe
  • 0

#13
Ccopeland89
Posted 14 May 2010 - 02:32 PM

Ccopeland89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Ok thank you phew. And how long until you can help me till i would like to try and have everything fixed today if possible. and there is still an estimated 20 minutes left on the .iso file
  • 0

#14
Essexboy
Posted 14 May 2010 - 02:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OTLPE will give you full access to all your files from an XP interface. If my feeling is correct I will need to replace one file to enable you to reboot
  • 0

#15
Ccopeland89
Posted 14 May 2010 - 02:37 PM

Ccopeland89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
alright i will let you know when the cd is burnt and everything i already made sure the boot order is correct
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP